NEAS[.]7acfd8b8a6eeba2a47783cb349c607e0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.7acfd8b8a6eeba2a47783cb349c607e0.exe
Size

1.5MB
MD5

7acfd8b8a6eeba2a47783cb349c607e0
SHA1

65b0be1cda9a99e29b7d00406a966a81a7450595
SHA256

aff45d4c264e38672226b5be7d4c10e8bdb818d0b0ed40dfafdddb24d07a6e1e
SHA512

59e1e0da912804caef575c0b05cea7baf1d3e1afb3247140bafc197dd549020dd7ab2f2d4493d462ad78b1848fcfa547b1b61a873276c880d1814b78e2b7384c
SSDEEP

49152:xsKw6K4k7IigabQQ6GqFqqqqqJqqXhH6o3PM:xsoZigaF7rF6o3PM

Score

1^/10

Malware Config

Signatures

Files

NEAS.7acfd8b8a6eeba2a47783cb349c607e0.exe
.dll windows:4 windows x64

ffc6d84e7f2e3c1c24bf1ad9cc431eaf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/05/2023, 00:00

Not After

31/07/2026, 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:dd:d4:3a:af:48:8c:79:1a:9f:a2:08:98:6e:7d:f8:31:3e:46:ab:11:e1:e9:82:cf:dd:6c:55:0a:ed:33:72
Signer

Actual PE Digest

10:dd:d4:3a:af:48:8c:79:1a:9f:a2:08:98:6e:7d:f8:31:3e:46:ab:11:e1:e9:82:cf:dd:6c:55:0a:ed:33:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libintl-8

DllMain
libintl_gettext
libintl_sprintf

iconv

iconv
iconv_close
iconv_open

bcrypt

BCryptGenRandom

kernel32

CloseHandle
CreateEventA
CreateFileA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
EnumSystemLocalesA
FindClose
FindFirstFileA
GetACP
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
GetFileInformationByHandle
GetFileType
GetFinalPathNameByHandleA
GetHandleInformation
GetLastError
GetLocaleInfoA
GetSystemTimeAsFileTime
GetSystemTimePreciseAsFileTime
GetTempPathA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MoveFileExA
MultiByteToWideChar
PeekNamedPipe
SetEvent
SetFileTime
SetLastError
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argv
__iob_func
__setusermatherr
_access
_amsg_exit
_beginthreadex
_chmod
_close
_cwait
_dup2
_endthreadex
_environ
_errno
_fdopen
_findclose
_fileno
_findfirst64
_findnext64
_fullpath
_get_osfhandle
_getcwd
_getmaxstdio
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_open
_open_osfhandle
_pipe
_putenv
_read
_rmdir
_setmaxstdio
_setmode
_setmode
_spawnvpe
_stat64
_stricmp
_strdup
_unlink
_unlock
_wfopen
_wstat64
abort
calloc
exit
fclose
ferror
fflush
fgetpos
fopen
fputc
fputs
fread
free
fwrite
getc
getenv
isalnum
iscntrl
islower
isprint
isspace
isupper
iswctype
isxdigit
_write
localeconv
log10
malloc
memchr
memcmp
memcpy
memmove
memset
puts
raise
realloc
setlocale
setvbuf
signal
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strtol
strtoul
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcscat
wcslen

libwinpthread-1

clock_gettime

Exports

Exports

UTF8Toisolat1
__add_to_environ
__oldXMLWDcompatibility
__xargmatch_internal
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlGlobalInitMutexDestroy
__xmlGlobalInitMutexLock
__xmlGlobalInitMutexUnlock
__xmlIOErr
__xmlIndentTreeOutput
__xmlInitializeDict
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlLoaderErr
__xmlOutputBufferCreateFilename
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilename
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterCallbacks
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlStructuredErrorContext
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
_gl_convert_FILETIME_to_POSIX
_gl_fstat_by_handle
_gl_nothrow_get_osfhandle
_gl_raise_SIGPIPE
_gl_utimens_windows
_obstack_allocated_p
_obstack_begin
_obstack_begin_1
_obstack_free
_obstack_memory_used
_obstack_newchunk
acl_errno_valid
addext
areadlink
areadlink_with_size
argmatch
argmatch_die
argmatch_invalid
argmatch_to_argument
argmatch_valid
asnprintf
asyncsafe_spin_destroy
asyncsafe_spin_init
asyncsafe_spin_lock
asyncsafe_spin_unlock
at_fatal_signal
base_len
block_fatal_signals
c_isalnum
c_isalpha
c_isascii
c_isblank
c_iscntrl
c_isdigit
c_isgraph
c_islower
c_isprint
c_ispunct
c_isspace
c_isupper
c_isxdigit
c_strcasecmp
c_strcasestr
c_strncasecmp
c_strstr
c_tolower
c_toupper
canonicalize_file_name
canonicalize_filename_mode
careadlinkat
chmod_or_fchmod
cleanup_temp_dir
cleanup_temp_dir_contents
cleanup_temp_file
cleanup_temp_subdir
cleanup_temporary_file
clearenv
clone_quoting_options
close_stdout
close_supersede
close_temp
compile_csharp_class
compile_java_class
concatenated_filename
copy_file_preserving
copy_file_range
create_pipe_bidi
create_pipe_in
create_pipe_out
create_temp_dir
current_timespec
dir_len
dirfd
dup_cloexec
dup_safer
dup_safer_flag
error
error_at_line
error_with_progname
execute
execute_all_close_hooks
execute_all_ioctl_hooks
execute_close_hooks
execute_csharp_program
execute_ioctl_hooks
execute_java_class
exit_failure
explicit_bzero
fclose_supersede
fclose_temp
fcntl
fd_safer
fd_safer_flag
fdutimens
find_backup_file_name
find_in_path
fnmatch
fopen_supersede
fopen_temp
fread_file
free_permission_context
freea
fstrcmp_bounded
fstrcmp_free_resources
full_write
fwriteerror
fwriteerror_no_ebadf
fwriteerror_supersede
fwriteerror_temp
gcd
gen_register_open_temp
gen_tempname
gen_tempname_len
get_fatal_signal_set
get_fatal_signals
get_handler
get_permissions
get_quoting_style
get_stat_atime
get_stat_atime_ns
get_stat_birthtime
get_stat_birthtime_ns
get_stat_ctime
get_stat_ctime_ns
get_stat_mtime
get_stat_mtime_ns
get_version
getdelim
getdtablesize
getprogname
getrandom
gettime
gl_linked_list_implementation
gl_linkedhash_list_implementation
gl_list_add_after
gl_list_add_at
gl_list_add_before
gl_list_add_first
gl_list_add_last
gl_list_create
gl_list_create_empty
gl_list_free
gl_list_get_at
gl_list_get_first
gl_list_get_last
gl_list_indexof
gl_list_indexof_from
gl_list_indexof_from_to
gl_list_iterator
gl_list_iterator_free
gl_list_iterator_from_to
gl_list_iterator_next
gl_list_next_node
gl_list_node_nx_set_value
gl_list_node_set_value
gl_list_node_value
gl_list_nx_add_after
gl_list_nx_add_at
gl_list_nx_add_before
gl_list_nx_add_first
gl_list_nx_add_last
gl_list_nx_create
gl_list_nx_create_empty
gl_list_nx_set_at
gl_list_nx_set_first
gl_list_nx_set_last
gl_list_previous_node
gl_list_remove
gl_list_remove_at
gl_list_remove_first
gl_list_remove_last
gl_list_remove_node
gl_list_search
gl_list_search_from
gl_list_search_from_to
gl_list_set_at
gl_list_set_first
gl_list_set_last
gl_list_size
gl_locale_name
gl_locale_name_default
gl_locale_name_environ
gl_locale_name_posix
gl_locale_name_thread
gl_msvc_inval_ensure_handler
gl_posix_spawn_file_actions_realloc
gl_posix_spawn_internal
gl_sortedlist_add
gl_sortedlist_indexof
gl_sortedlist_indexof_from_to
gl_sortedlist_nx_add
gl_sortedlist_remove
gl_sortedlist_search
gl_sortedlist_search_from_to
glwthread_mutex_destroy
glwthread_mutex_init
glwthread_mutex_lock
glwthread_mutex_trylock
glwthread_mutex_unlock
glwthread_once
glwthread_recmutex_destroy
glwthread_recmutex_init
glwthread_recmutex_lock
glwthread_recmutex_trylock
glwthread_recmutex_unlock
glwthread_rwlock_destroy
glwthread_rwlock_init
glwthread_rwlock_rdlock
glwthread_rwlock_tryrdlock
glwthread_rwlock_trywrlock
glwthread_rwlock_unlock
glwthread_rwlock_wrlock
glwthread_spin_destroy
glwthread_spin_init
glwthread_spin_lock
glwthread_spin_trylock
glwthread_spin_unlock
glwthread_tls_get
glwthread_tls_key_create
glwthread_tls_key_delete
glwthread_tls_process_destructors
glwthread_tls_set
gnu_mbswidth
hard_locale
hash_clear
hash_delete
hash_destroy
hash_do_for_each
hash_find_entry
hash_free
hash_get_entries
hash_get_first
hash_get_max_bucket_length
hash_get_n_buckets
hash_get_n_buckets_used
hash_get_n_entries
hash_get_next
hash_init
hash_initialize
hash_insert
hash_insert_entry
hash_insert_if_absent
hash_iterate
hash_iterate_modify
hash_lookup
hash_pjw
hash_print_statistics
hash_rehash
hash_reset_tuning
hash_set_value
hash_table_ok
iconveh_close
iconveh_open
initGenericErrorDefaultFunc
inputPop
inputPush
is_basic
is_basic_table
isolat1ToUTF8
javaexec_version
last_component
libxml_domnode_binary_insertion_sort
libxml_domnode_tim_sort
locale_charset
lutimens
make_timespec
maybe_print_progname
mb_copy
mb_width_aux
mbiter_multi_copy
mbiter_multi_next
mbiter_multi_reloc
mbslen
mbsnwidth
mbsstr
mbuiter_multi_copy
mbuiter_multi_next
mbuiter_multi_reloc
mdir_name
mem_cd_iconv
mem_cd_iconveh
mem_iconveh
mem_iconveha
mkdtemp
mmalloca
multiline_error
multiline_warning
namePop
namePush
new_classpath
new_clixpath
new_monopath
next_prime
nodePop
nodePush
nonintr_close
nonintr_read
nonintr_write
obstack_alloc_failed_handler
oldXMLWDcompatibility
open_supersede
open_temp
openmp_init
path_search
pipe2
pipe2_safer
pipe_filter_ii_execute
pipe_safer
posix_spawn_file_actions_destroy
posix_spawn_file_actions_init
posix_spawnattr_destroy
posix_spawnattr_init
posix_spawnattr_setflags
posix_spawnattr_setsigmask
posix_spawnp
printf_fetchargs
printf_parse
program_name
proper_name
proper_name_utf8
qcopy_acl
qcopy_file_preserving
quote
quote_mem
quote_n
quote_n_mem
quote_quoting_options
quotearg
quotearg_alloc
quotearg_alloc_mem
quotearg_buffer
quotearg_char
quotearg_char_mem
quotearg_colon
quotearg_colon_mem
quotearg_custom
quotearg_custom_mem
quotearg_free
quotearg_mem
quotearg_n
quotearg_n_custom
quotearg_n_custom_mem
quotearg_n_mem
quotearg_n_style
quotearg_n_style_colon
quotearg_n_style_mem
quotearg_style
quotearg_style_mem
quoting_style_args
quoting_style_vals
rawmemchr
read_file
readlink
realpath
record_file
register_fd_hook
register_slave_subprocess
register_temp_file
register_temp_subdir
register_temporary_file
reset_classpath
reset_clixpath
reset_monopath
rotl16
rotl32
rotl64
rotl8
rotl_sz
rotr16
rotr32
rotr64
rotr8
rotr_sz
rpl_access
rpl_close
rpl_dup2
rpl_error_message_count
rpl_error_one_per_line
rpl_error_print_progname
rpl_fdopen
rpl_fopen
rpl_fprintf
rpl_fputc
rpl_fputs
rpl_fstat
rpl_fwrite
rpl_getline
rpl_gettimeofday
rpl_iswalnum
rpl_iswalpha
rpl_iswblank
rpl_iswcntrl
rpl_iswdigit
rpl_iswgraph
rpl_iswlower
rpl_iswprint
rpl_iswpunct
rpl_iswspace
rpl_iswupper
rpl_iswxdigit
rpl_localtime
rpl_lseek
rpl_malloc
rpl_mbrtowc
rpl_mbsinit
rpl_mkdir
rpl_open
rpl_posix_spawn_file_actions_addclose
rpl_posix_spawn_file_actions_adddup2
rpl_posix_spawn_file_actions_addopen
rpl_printf
rpl_putchar
rpl_puts
rpl_raise
rpl_read
rpl_realloc
rpl_rmdir
rpl_setlocale
rpl_signal
rpl_snprintf
rpl_stat
rpl_strerror
rpl_strstr
rpl_towlower
rpl_towupper
rpl_unlink
rpl_utime
rpl_vfprintf
rpl_vprintf
rpl_vsnprintf
rpl_write
safe_read
safe_write
secure_getenv
seen_file
set_binary_mode
set_char_quoting
set_classpath
set_clixpath
set_cloexec_flag
set_custom_quoting
set_monopath
set_permissions
set_program_name
set_quoting_flags
set_quoting_style
setenv
setlocale_null
setlocale_null_r
shell_quote
shell_quote_argv
shell_quote_copy
shell_quote_length
sigaction
sigaddset
sigdelset
sigemptyset
sigfillset
sigismember
sigpending

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffc6d84e7f2e3c1c24bf1ad9cc431eaf

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

10:dd:d4:3a:af:48:8c:79:1a:9f:a2:08:98:6e:7d:f8:31:3e:46:ab:11:e1:e9:82:cf:dd:6c:55:0a:ed:33:72Signer

Headers

DLL Characteristics

File Characteristics

Imports

libintl-8

iconv

bcrypt

kernel32

msvcrt

libwinpthread-1

Exports

Exports

Sections

.text Size: 652KB - Virtual size: 652KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 764KB - Virtual size: 763KB

.pdata Size: 27KB - Virtual size: 26KB

.xdata Size: 27KB - Virtual size: 26KB

.bss Size: - Virtual size: 11KB

.edata Size: 46KB - Virtual size: 46KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

/4 Size: 512B - Virtual size: 36B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

10:dd:d4:3a:af:48:8c:79:1a:9f:a2:08:98:6e:7d:f8:31:3e:46:ab:11:e1:e9:82:cf:dd:6c:55:0a:ed:33:72
Signer

.text
Size: 652KB - Virtual size: 652KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 764KB - Virtual size: 763KB

.pdata
Size: 27KB - Virtual size: 26KB

.xdata
Size: 27KB - Virtual size: 26KB

.bss
Size: - Virtual size: 11KB

.edata
Size: 46KB - Virtual size: 46KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB

/4
Size: 512B - Virtual size: 36B