vpnclient[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

vpnclient.exe
Size

81.0MB
MD5

1caa1a7fb510416052a80d7afebf5cd0
SHA1

63cf2873621c6660dcbb928b76dc4e27ce54f2f0
SHA256

8098f15b9da2f24b86b4898783f1caab8ac10fca75baf450766d96ea7d3836cb
SHA512

1ad42c34bb7182355b3ad27232f85bf92df6635dad5c23aeccd49b4c9b3e4942ce7e31d02a958b16c9629dd98e3a829618da328062dfa074da5ee1fdae51db77
SSDEEP

1572864:EZO39hg+iKG6ZO39hgiiKoWGh5KJYwJwb19Uj6mxxpwJeE:Ek39hg+9G6k39hgi9oWG0VyIj64xpC

Score

1^/10

Malware Config

Signatures

Files

vpnclient.exe
.exe windows:6 windows x86

53a8aa3c77ded66ee0f427ea3cc39920

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:c5:ee:df:66:16:29:64:7c:df:24:cd:77:f1:85:76
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03-04-2023 00:00

Not After

02-04-2024 23:59

Subject

CN=SpiderSilk Limited,O=SpiderSilk Limited,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:0e:3e:d9:1e:16:9f:fd:cc:26:6f:5b:86:6a:c7:7c:9a:b4:03:e5:82:d7:fe:27:a3:9f:ad:33:0f:42:ca:e5
Signer

Actual PE Digest

f3:0e:3e:d9:1e:16:9f:fd:cc:26:6f:5b:86:6a:c7:7c:9a:b4:03:e5:82:d7:fe:27:a3:9f:ad:33:0f:42:ca:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetDefaultIMEWnd
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysAllocString
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdi32

ExtTextOutW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SetPixelFormat
ChoosePixelFormat
SetWorldTransform
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
SetTextAlign
GetDIBits
SetTextColor
GetTextFaceW
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetGlyphOutlineW
GetCharABCWidthsFloatW
CreateBitmap
GetCharABCWidthsW
SetGraphicsMode

uxtheme

IsAppThemed
GetCurrentThemeName
DrawThemeBackground
GetThemeSysFont
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
IsThemeActive
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
OpenThemeData
CloseThemeData
SetWindowTheme
DrawThemeTextEx
SetWindowThemeAttribute

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmDefWindowProc
DwmExtendFrameIntoClientArea

iphlpapi

ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

crypt32

CertGetCertificateChain
CertCreateCertificateContext
CertFreeCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext

user32

SetWindowLongW
WindowFromDC
UnregisterDeviceNotification
PostMessageW
DrawMenuBar
GetSystemMenu
RemoveMenu
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutW
CharUpperW
GetSystemMetrics
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
CallWindowProcW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
ReleaseCapture
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
RegisterDeviceNotificationW
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowPos
SetWindowsHookExW
KillTimer
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
PostThreadMessageW
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
RemovePropW
GetPropW
SetPropW
GetCapture
SetCapture

ws2_32

gethostname
WSAAsyncSelect
listen
WSACleanup
WSAStartup
WSASetLastError
send
recv
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
htonl
ntohl
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
bind
closesocket
getpeername
getsockname
htons
WSAIoctl

advapi32

RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
DuplicateToken
CopySid
AccessCheck
SystemFunction036
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetFileSecurityW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegNotifyChangeKeyValue
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
RegQueryInfoKeyW

mpr

WNetGetUniversalNameA

netapi32

NetShareEnum
NetApiBufferFree

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

CreateMutexW
ReleaseMutex
TryEnterCriticalSection
QueueUserWorkItem
GetTempPathA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
GetTempFileNameA
VerSetConditionMask
VerifyVersionInfoW
EncodePointer
DecodePointer
GetStringTypeW
RaiseException
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetUserGeoID
GetGeoInfoW
FindNextChangeNotification
FindFirstFileExW
SetFilePointerEx
GetFileInformationByHandleEx
TzSpecificLocalTimeToSystemTime
MoveFileExW
GetNumaHighestNodeNumber
GetLogicalDrives
GetFullPathNameW
GetFileAttributesW
WriteFileEx
SleepEx
CancelIoEx
PeekNamedPipe
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
LCMapStringW
CompareStringW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetTickCount64
QueryPerformanceFrequency
GetProcessId
GetExitCodeProcess
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
Sleep
DuplicateHandle
GetLocalTime
GetStartupInfoW
CompareStringEx
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
ReadConsoleW
ReadConsoleA
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
QueryPerformanceCounter
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetHandleInformation
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitNamedPipeW
DisconnectNamedPipe
CreateFileMappingW
VirtualProtect
GetTimeZoneInformation
ExitProcess
GetVolumeInformationW
GetUserDefaultLangID
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
lstrcmpW
WaitForMultipleObjects
GetSystemInfo
VirtualFree
VirtualAlloc
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetVersionExW
FileTimeToDosDateTime
GetSystemTimeAsFileTime
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
GetFileInformationByHandle
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
SetLastError
GetTempPathW
SetFileAttributesW
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
ExitThread
GetACP
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetCommandLineA
GetConsoleCP
SetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameA
CreateProcessA
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
FindFirstFileExA
FindNextFileA
WriteConsoleW
CopyFileW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
OpenEventW
SetFileTime
SetFilePointer
GetStdHandle
GetFileType
GetLargestConsoleWindowSize
SetConsoleScreenBufferSize
FreeConsole
AttachConsole
AllocConsole
SetConsoleMode
GetConsoleWindow
GetCommandLineW
CloseHandle
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
GetEnvironmentVariableW
GetCurrentProcess
IsWow64Process
OpenProcess
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
SetErrorMode
WaitForSingleObject
TerminateProcess
GetLastError
FileTimeToSystemTime
CreateFileW
DeviceIoControl
FlushFileBuffers
LockFile
UnlockFile
WriteFile
CompareFileTime
GetProcAddress
GetFileSize
ReadFile
SetEndOfFile
HeapSize

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHParseDisplayName
ord155
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHChangeNotify
SHGetFolderLocation
ShellExecuteExW
SHGetFolderPathW

ole32

CoGetMalloc
CoCreateGuid
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitializeEx
StringFromGUID2
ReleaseStgMedium
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

winmm

timeKillEvent
timeSetEvent

d3d9

D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9
D3DPERF_EndEvent
D3DPERF_BeginEvent

bcrypt

BCryptGenRandom

Exports

Exports

??0PlatformMethods@angle@@QAE@XZ
??4PlatformMethods@angle@@QAEAAU01@$$QAU01@@Z
??4PlatformMethods@angle@@QAEAAU01@ABU01@@Z
_ANGLEGetDisplayPlatform@20
_ANGLEResetDisplayPlatform@4

Sections

.text
Size: 14.2MB - Virtual size: 14.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53a8aa3c77ded66ee0f427ea3cc39920

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

0a:c5:ee:df:66:16:29:64:7c:df:24:cd:77:f1:85:76Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f3:0e:3e:d9:1e:16:9f:fd:cc:26:6f:5b:86:6a:c7:7c:9a:b4:03:e5:82:d7:fe:27:a3:9f:ad:33:0f:42:ca:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

wtsapi32

gdi32

uxtheme

dwmapi

iphlpapi

crypt32

user32

ws2_32

advapi32

mpr

netapi32

userenv

version

kernel32

shell32

ole32

winmm

d3d9

bcrypt

Exports

Exports

Sections

.text Size: 14.2MB - Virtual size: 14.2MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 228KB - Virtual size: 371KB

.qtmetad Size: 512B - Virtual size: 239B

.tls Size: 512B - Virtual size: 13B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 304B

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 555KB - Virtual size: 555KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

0a:c5:ee:df:66:16:29:64:7c:df:24:cd:77:f1:85:76
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f3:0e:3e:d9:1e:16:9f:fd:cc:26:6f:5b:86:6a:c7:7c:9a:b4:03:e5:82:d7:fe:27:a3:9f:ad:33:0f:42:ca:e5
Signer

.text
Size: 14.2MB - Virtual size: 14.2MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 228KB - Virtual size: 371KB

.qtmetad
Size: 512B - Virtual size: 239B

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 304B

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 555KB - Virtual size: 555KB