2Take1MenuVIP[.]rar

Resubmissions

04/09/2023, 13:11

230904-qffl9agc2z 7

04/09/2023, 13:06

230904-qb8ggagf69 7

Sharing

Copy URL Twitter E-mail

General

Target

2Take1MenuVIP.rar
Size

5.5MB
MD5

5a7a7cf976cddfe2d3d41a1b17b39a79
SHA1

1703d96e5d21b904249f55912c43e68d25d2ee0e
SHA256

5e000899069287eed56dc42268beda5588e7caebe3d44070d341864d5bb5d54f
SHA512

075c1d0fa1463da5e54ef8592e34b7bb70eec9802a9278cd5c2f45678276666789f4019d6def21ec43352dab5a6087bfdfeece34aa5ff43653fadf4216e47524
SSDEEP

98304:xjU55BfLQxK/H1LJNagSJNDwlAXFrKDwzeDtfHSG0yR5NRaWjIvZuw3zAU:xj05B3v1LragSJj2wzeDtuK3h23MU

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Launcher.exe
unpack001/Updater.exe
unpack001/spel64.dll

Files

2Take1MenuVIP.rar
.rar
Launcher.dat
Launcher.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Updater.exe
.exe windows x64

91533cd0901a926548d904883f897c08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SleepEx
FreeLibrary
VerSetConditionMask
GetProcAddress
FormatMessageA
LoadLibraryA
UnhandledExceptionFilter
GetModuleHandleA
VerifyVersionInfoA
CreateDirectoryA
GetFileAttributesA
GetLastError
GetCurrentThreadId
SetLastError
ExpandEnvironmentStringsA
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
GetFileSizeEx
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
QueryPerformanceFrequency
RtlVirtualUnwind
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
CloseHandle
CreateProcessA
Sleep
GetSystemDirectoryA
SetConsoleTitleA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__std_terminate
memcpy
__C_specific_handler
memmove
memchr
strrchr
__std_exception_destroy
__current_exception
strchr
memcmp
strstr
memset
_CxxThrowException
_local_unwind
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_exit
_initialize_narrow_environment
_set_app_type
__p___argc
terminate
_beginthreadex
exit
__p___argv
_getpid
__sys_nerr
_get_initial_narrow_environment
_initterm
strerror
_configure_narrow_argv
_initterm_e
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_c_exit
_cexit
_errno

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_set_new_mode
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

fgetc
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fputc
_get_stream_buffer_pointers
fclose
fopen_s
fseek
ftell
rewind
__acrt_iob_func
__stdio_common_vfprintf_s
__stdio_common_vfwprintf_s
__stdio_common_vsprintf_s
ungetc
_close
_open
_write
_read
__p__commode
_set_fmode
_lseeki64
fgets
__stdio_common_vsscanf
fputs
fopen
__stdio_common_vsprintf
fread

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_unlink
_fstat64
_lock_file
_access
_stat64

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_gmtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoll

api-ms-win-crt-string-l1-1-0

strncmp
tolower
_strdup
_stricmp
isupper
strpbrk
strspn
strcspn
strcmp
strncpy

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsnbcpy
_mbsncmp
_mbspbrk

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CryptStringToBinaryA

ws2_32

recvfrom
sendto
freeaddrinfo
ioctlsocket
__WSAFDIsSet
select
bind
WSAIoctl
closesocket
getaddrinfo
WSASetLastError
htonl
getpeername
gethostname
ntohl
send
accept
setsockopt
getsockname
recv
socket
WSAStartup
WSACleanup
listen
htons
ntohs
getsockopt
connect
WSAGetLastError

wldap32

ord79
ord143
ord200
ord27
ord26
ord41
ord46
ord50
ord301
ord211
ord30
ord217
ord35
ord33
ord32
ord45
ord60
ord22

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
spel64.dll
.dll windows x64

2e7b0100a9237666ee729368d7009231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualFree
VirtualAlloc
GetProcessId
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
LoadLibraryA
CloseHandle
GetThreadContext
GetProcAddress
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
SetThreadContext
OpenThread
GetCurrentProcess
CreateRemoteThread
WaitForSingleObject
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
fputc
fwrite
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_cexit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_seh_filter_dll
_execute_onexit_table
_initterm_e
_initterm
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

free_library
free_library_ex
hijack_first_thread
hijack_thread
load_library
load_library_ex

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: 512B - Virtual size: 12B

91533cd0901a926548d904883f897c08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

ws2_32

wldap32

advapi32

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 15KB - Virtual size: 14KB

.rsrc Size: 363KB - Virtual size: 363KB

.reloc Size: - Virtual size: 1KB

.vlizer Size: 2.0MB - Virtual size: 2.0MB

2e7b0100a9237666ee729368d7009231

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 120B

.text
Size: 4.4MB - Virtual size: 4.4MB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: - Virtual size: 1KB

.vlizer
Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 120B