Base[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Base.zip
Size

895KB
MD5

0fbbe73906a65cb1a6e9ff77f0f30290
SHA1

ffd30dea2744e20e8a98425fffcae7b756a15d13
SHA256

abc5ceef454be33030939833e3950ba071e5ab18754c3b65343004779b1f2867
SHA512

b468a968521a6baff78d7f92b037e4e51bacdeb9a99e56b622cb0c2de81d474dbca8a58a8515c3696df7929f223ade5c8b00cf34094fbec0c9cec2e0c047e7fd
SSDEEP

24576:z3yaz2cgPE5F7SK4n3RVEYgqzUOOPsksG1J/8ZZiX:TyasAlSPnBVhgqzUlnsWJ/8Zu

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BOD Virus Maker.exe
unpack001/BVC 1.0 by Hox.exe
unpack001/Batch Virus Maker Install.exe
unpack001/Chlorates.exe
unpack001/Malware.exe
unpack001/bootdata.exe

Files

Base.zip
.zip

Password: infected
BOD Virus Maker.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BVC 1.0 by Hox.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Batch Virus Maker Install.exe
.exe windows x86

Password: infected

2339ac77bf9371500ebbf86df3a10d43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
ExpandEnvironmentStringsA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
GetVersion
GetModuleHandleW
FreeResource
LockResource
LoadResource
SizeofResource
CloseHandle
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetCurrentDirectoryA
GetTempFileNameA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
ExitProcess
LoadLibraryExA
GetVersionExA
GetExitCodeProcess
GetProcAddress
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
FindResourceA
LoadLibraryA
FreeLibrary
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
WaitForSingleObject

gdi32

GetDeviceCaps

user32

SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CharPrevA
CharUpperA
CharNextA
ExitWindowsEx
EndDialog
GetDesktopWindow
LoadStringA
SetDlgItemTextA
MessageBeep
GetWindowRect
GetSystemMetrics

msvcrt

_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
__getmainargs
memcpy
memset
_vsnprintf

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Chlorates.exe
.exe windows x64

Password: infected

0d90f0a220fe667a4f08a904d51c45d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msimg32

AlphaBlend

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
GetModuleHandleW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetConsoleWindow
ExitProcess
RtlCaptureContext
CreateThread
CloseHandle
TerminateThread
Sleep
RtlLookupFunctionEntry
InitializeSListHead

user32

GetSystemMetrics
DrawIcon
ShowWindow
MessageBoxW
GetDC
GetWindowRect
ReleaseDC
InvalidateRect
LoadIconW
GetDesktopWindow
GetCursorInfo
GetWindowDC

gdi32

CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateFontA
SelectObject
CreateDIBSection
StretchBlt
PlgBlt
DeleteDC
SetTextColor
TextOutA
SetBkMode
SetStretchBltMode
DeleteObject

winmm

waveOutPrepareHeader
waveOutWrite
waveOutOpen
waveOutUnprepareHeader
waveOutClose

vcruntime140

memset
__current_exception
__C_specific_handler
__current_exception_context
memcpy

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_crt_atexit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_initterm
_exit
exit
_initialize_onexit_table
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

fmod
__setusermatherr
sqrt
sin
cos
fmodf

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware.exe
.exe windows x86

Password: infected

32351cf60239b33e61f3bb47f3c05274

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexW
ReadFile
GetFileSizeEx
SetThreadPriority
GetQueuedCompletionStatus
GetFileAttributesW
PostQueuedCompletionStatus
SetFileAttributesW
GetSystemInfo
SetFilePointerEx
MoveFileExW
CreateIoCompletionPort
FindFirstFileW
FindNextFileW
FindClose
GetDiskFreeSpaceW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetLocaleInfoA
GetCurrentThread
GetThreadContext
IsDebuggerPresent
GetComputerNameA
CheckRemoteDebuggerPresent
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetProcessHeap
HeapAlloc
CloseHandle
Process32FirstW
Process32NextW
GetLastError
GetTickCount64
Sleep
GetSystemWow64DirectoryW
CreateToolhelp32Snapshot
CopyFileW
CreateFileW
WaitForSingleObject
CreateMutexW
GetEnvironmentVariableW
GetModuleFileNameW
TerminateProcess
WriteFile
GetCurrentProcess
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
DecodePointer
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
OpenProcess
CreateProcessW
GetFileType
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
TlsSetValue
QueryDosDeviceW
GetLogicalDrives
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
LocalFree
InitializeCriticalSectionEx
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue

user32

GetSystemMetrics
SystemParametersInfoW

advapi32

QueryServiceStatusEx
CryptGenKey
CryptExportKey
CryptDuplicateKey
CryptSetKeyParam
CryptEncrypt
CryptGenRandom
CryptImportKey
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateShutdownW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
EnumDependentServicesW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
OpenServiceW
CryptAcquireContextW
CryptDestroyKey
CryptReleaseContext

shell32

ShellExecuteW
SHEmptyRecycleBinW

ole32

CoSetProxyBlanket
CoInitializeEx
CoGetApartmentType
CoGetObjectContext
CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeSecurity

oleaut32

SysStringByteLen
VariantInit
SysFreeString
SysAllocString
VariantClear
SysAllocStringByteLen

mpr

WNetGetConnectionW

netapi32

NetShareEnum
NetDfsEnum
NetApiBufferFree

iphlpapi

SendARP

ws2_32

getnameinfo
gethostname
inet_ntoa
htons
inet_addr
gethostbyname
WSAStartup
WSACleanup

rstrtmgr

RmStartSession
RmGetList
RmRegisterResources
RmShutdown
RmEndSession

crypt32

CryptStringToBinaryA

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootdata.exe
.exe windows x86

Password: infected

095c46b0acc0d625f3b3e194dfc98095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.MPRESS1
Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 242KB - Virtual size: 241KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 134KB - Virtual size: 134KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

Headers

File Characteristics

Sections

CODE Size: 329KB - Virtual size: 328KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 22KB - Virtual size: 22KB

Password: infected

2339ac77bf9371500ebbf86df3a10d43

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

version

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 8KB

.rsrc Size: 174KB - Virtual size: 176KB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

0d90f0a220fe667a4f08a904d51c45d2

Headers

DLL Characteristics

File Characteristics

Imports

msimg32

kernel32

user32

gdi32

winmm

vcruntime140

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 17KB

.pdata Size: 1024B - Virtual size: 660B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 48B

Password: infected

32351cf60239b33e61f3bb47f3c05274

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

.text
Size: 242KB - Virtual size: 241KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 134KB - Virtual size: 134KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 329KB - Virtual size: 328KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 8KB

.rsrc
Size: 174KB - Virtual size: 176KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 17KB

.pdata
Size: 1024B - Virtual size: 660B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 91KB - Virtual size: 95KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 11KB - Virtual size: 10KB

.MPRESS1
Size: 6KB - Virtual size: 28KB

.MPRESS2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B