NEAS[.]d4cf7f4ae5ecdc433e140653ad1eb340[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d4cf7f4ae5ecdc433e140653ad1eb340.exe
Size

6.8MB
MD5

d4cf7f4ae5ecdc433e140653ad1eb340
SHA1

9aed7a2676cfebafb932635f71b7904d133db7da
SHA256

144422238e5c8c127a33dfcb0838e69425572e6d5339b838256c60d40b024a3c
SHA512

8f8d322698be9b957a44d737c66b8a38d58dff2f688916678a3440771434a9435abf0d44930687983bb990127c3a7601d18500fb68ae28fbf22ea95c0ca7b9ac
SSDEEP

98304:3CaQ35CNPJEUd8vhvd8o0zpRDfMTEqWpnHYDr9q:33TbdauvMTE7pnH+pq

Score

1^/10

Malware Config

Signatures

Files

NEAS.d4cf7f4ae5ecdc433e140653ad1eb340.exe
.dll windows:6 windows x86

d708d1704f9e39c70c6f81f5639e82b8

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/07/2012, 20:50

Not After

26/10/2013, 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:da:0a:da:b1:cf:64:ea:57:44:3b:01:e0:2d:2c:63:b6:8b:80:ad
Signer

Actual PE Digest

2f:da:0a:da:b1:cf:64:ea:57:44:3b:01:e0:2d:2c:63:b6:8b:80:ad

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

RegDeleteValueA
QueryServiceStatus
IsTextUnicode
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
AddAccessAllowedAce
AddAccessDeniedAce
AddAce
CopySid
GetAce
GetAclInformation
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
LookupAccountNameW
ConvertSidToStringSidW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegGetValueW
EventWrite
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyValueW
RegEnumValueA
RegQueryInfoKeyA
EventRegister
EventUnregister
ChangeServiceConfigW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
AllocateAndInitializeSid
CreateWellKnownSid
EqualSid
FreeSid
LookupAccountSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
GetSecurityDescriptorDacl
CheckTokenMembership
RegSetKeyValueW
EventProviderEnabled
StartServiceW

kernel32

LCMapStringEx
GetLongPathNameW
GetShortPathNameW
IsDBCSLeadByte
GetShortPathNameA
TryEnterCriticalSection
GetSystemInfo
lstrcmpiA
WriteProcessMemory
VirtualProtect
TryAcquireSRWLockShared
QueryPerformanceFrequency
SetThreadPriority
CompareStringW
FindResourceA
WaitForMultipleObjects
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
lstrcmpW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
SetEnvironmentVariableW
OpenMutexW
SetWaitableTimer
GetComputerNameW
MulDiv
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
K32GetModuleFileNameExW
K32EnumProcessModules
K32EnumProcesses
GetPriorityClass
GetExitCodeProcess
VerifyVersionInfoW
GetVolumeInformationW
VerSetConditionMask
FindResourceW
GetFileSizeEx
GetFileAttributesW
CompareFileTime
GetTempFileNameW
GetNumberFormatW
GetVersion
lstrlenW
CreateFileW
SetEndOfFile
WriteConsoleW
CreateFileA
FlushFileBuffers
SetStdHandle
EnumSystemLocalesA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
InterlockedExchange
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
HeapSize
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
VirtualQuery
RtlUnwind
EncodePointer
GetCommandLineA
DecodePointer
RtlCaptureStackBackTrace
GetUserDefaultLangID
GetLocaleInfoW
RaiseException
IsValidLocale
GetACP
MapViewOfFile
CreateProcessA
WaitForMultipleObjectsEx
CreateFileMappingA
OpenMutexA
CreateEventA
CreateMutexA
UnmapViewOfFile
OpenProcess
CreateProcessW
TerminateProcess
DuplicateHandle
GetSystemDefaultLCID
GetUserDefaultUILanguage
InterlockedCompareExchange
GetProductInfo
GetNativeSystemInfo
GlobalMemoryStatusEx
ReadFile
GetFileSize
RaiseFailFastException
CopyFileW
GetTickCount64
GetLocalTime
GetSystemTimeAsFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetSystemTime
WriteFile
SetFilePointerEx
SetFileAttributesW
DeleteFileW
GetThreadUILanguage
GetProcessHeap
HeapFree
HeapAlloc
EnumTimeFormatsEx
EnumDateFormatsExEx
GetCalendarInfoEx
LCIDToLocaleName
GetDateFormatEx
EnumSystemLocalesEx
EnumCalendarInfoExEx
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
GetLocaleInfoEx
LocaleNameToLCID
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
GetTempPathW
LocalFree
LocalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateDirectoryW
GetDriveTypeW
GetDiskFreeSpaceExW
GetUserDefaultLCID
GetFileAttributesExW
GetVersionExW
GetTickCount
GetCurrentThread
CreateThread
Sleep
CreateEventExW
CreateMutexW
ReleaseMutex
SetEvent
CloseHandle
ExpandEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
SetErrorMode
FindFirstFileExW
FindClose
MultiByteToWideChar
FormatMessageW
GetModuleFileNameW
GetExitCodeThread
GetCurrentThreadId
WaitForSingleObjectEx
CompareStringEx
IsWow64Process
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
UnhandledExceptionFilter
GetUserGeoID
ResetEvent
LoadLibraryExA
ExpandEnvironmentStringsA
WaitForSingleObject
OpenEventW
GetTimeFormatEx
GetAtomNameW
InitializeCriticalSection
DeleteAtom
AddAtomW
FindAtomW
GetAtomNameA
GetStringTypeExW
GlobalDeleteAtom
GlobalAddAtomW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
CreateEventW
QueryDepthSList
GetCurrencyFormatW
VirtualAlloc
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetVersionExA
InitOnceExecuteOnce
GetSystemDefaultLangID
FindResourceExW
CompareStringOrdinal
OutputDebugStringW
SetWaitableTimerEx
CreateWaitableTimerW
ReleaseSemaphore
CreateSemaphoreExW

ole32

CoInitialize
CreateStreamOnHGlobal
OleUninitialize
CreateFileMoniker
RevokeDragDrop
CoDisconnectObject
CoTaskMemFree
StringFromIID
CoRegisterClassObject
CoCreateInstance
CoCreateGuid
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoLockObjectExternal
CLSIDFromString
OleDraw
CoRevokeClassObject

oleaut32

VarDecInt
VarDecRound
VarR8FromDec
SafeArrayCreateVector
SafeArrayAccessData
VarDecSu
SafeArrayGetDim
OleCreateFontIndirect
SysStringLen
VarDecFromR4
VarDecMul
VarCmp
SafeArrayGetUBound
SafeArrayUnaccessData
VarDecFromR8
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantChangeType
VariantTimeToSystemTime
VariantCopy
VariantChangeTypeEx
VarDecFromI4
VarDecDiv
VarDecAdd
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetLBound
VarDecCmp

wtsapi32

WTSUnRegisterSessionNotificationEx
WTSRegisterSessionNotificationEx

wer

WerReportCloseHandle
WerReportCreate
WerReportSetParameter
WerReportAddFile
WerReportSubmit

hid

HidD_GetHidGuid

gdi32

ResetDCW
DeleteColorSpace
CreateColorSpaceW
CreatePolygonRgn
ExtCreatePen
ExtCreateRegion
CreateRoundRectRgn
CreatePolyPolygonRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHatchBrush
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateDIBPatternBrushPt
CreateDIBitmap
CreateBrushIndirect
CreateBitmapIndirect
SetColorSpace
ColorCorrectPalette
EnumICMProfilesW
ColorMatchToTarget
SetDeviceGammaRamp
GetDeviceGammaRamp
SetICMProfileW
GetICMProfileW
GetLogColorSpaceW
CheckColorsInGamut
SetICMMode
UnrealizeObject
GetKerningPairsW
SetBitmapDimensionEx
Polygon
PolyTextOutW
ExtTextOutA
TextOutW
SelectClipPath
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
GetColorAdjustment
SetColorAdjustment
SetWorldTransform
GdiComment
UpdateColors
SetTextJustification
SetTextAlign
SetTextCharacterExtra
SetSystemPaletteUse
SetROP2
SetPolyFillMode
SetPaletteEntries
GetLayout
SetMapperFlags
SetDIBits
SetAbortProc
SetDCPenColor
SetDCBrushColor
SetMetaRgn
ResizePalette
RoundRect
Rectangle
RectInRegion
PtVisible
PtInRegion
PolyPolygon
PaintRgn
Pie
PlgBlt
MaskBlt
InvertRgn
GetWindowOrgEx
GetCharABCWidthsI
GetCharWidthI
GetTextExtentExPointI
GetTextExtentPointI
GetGlyphIndicesW
GetFontUnicodeRanges
GetCharacterPlacementW
GetFontLanguageInfo
GetTextCharset
GetTextExtentExPointW
GetTextExtentExPointA
GetTextExtentPoint32A
GetTextAlign
GetTextCharacterExtra
GetSystemPaletteUse
GetSystemPaletteEntries
GetStretchBltMode
GetRegionData
GetRandomRgn
GetPolyFillMode
GetPaletteEntries
GetOutlineTextMetricsW
GetNearestPaletteIndex
GetNearestColor
GetMapMode
GetGlyphOutlineW
GetMetaRgn
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidthFloatW
GetCharWidth32W
GetBoundsRect
GetBitmapDimensionEx
GetBkMode
GetDCPenColor
GetDCBrushColor
GetAspectRatioFilterEx
GetROP2
FrameRgn
FillRgn
ExtFloodFill
ExtEscape
Escape
EnumObjects
DrawEscape
Chord
CancelDC
AnimatePalette
GetObjectType
SetLayout
SetDIBitsToDevice
CreateFontW
GetTextExtentPoint32W
SetPixel
OffsetClipRgn
SetViewportOrgEx
GetViewportOrgEx
GetRgnBox
CreateRectRgnIndirect
GetTextFaceW
TranslateCharsetInfo
GetTextCharsetInfo
GetFontData
EnumFontFamiliesExW
RectVisible
GetDIBColorTable
GetDCOrgEx
GetStockObject
CreateDCW
GetTextColor
GetBkColor
CreateBitmap
PatBlt
GetWindowExtEx
GetViewportExtEx
Ellipse
MoveToEx
LineTo
CreatePen
ExtSelectClipRgn
SaveDC
RestoreDC
GetCurrentObject
GetClipRgn
ExcludeClipRect
SetBrushOrgEx
CreateHalftonePalette
SelectPalette
RealizePalette
GetDIBits
GetBrushOrgEx
CreatePatternBrush
SetRectRgn
OffsetRgn
EqualRgn
CreateRectRgn
CombineRgn
GetTextMetricsW
SetMapMode
CreateCompatibleBitmap
ExtTextOutW
StretchDIBits
SetBkColor
SetWindowOrgEx
SelectClipRgn
IntersectClipRect
GetClipBox
CreateSolidBrush
BitBlt
GetObjectW
StretchBlt
GetPixel
GetDeviceCaps
CreateFontIndirectW
SetDIBColorTable
CreateDIBSection
SetTextColor
SetStretchBltMode
SetBkMode
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectA
GdiFlush
CreateDCA
SetBoundsRect

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
NdrClientCall2

oleacc

ObjectFromLresult
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmAssociateContext

hlink

ord8

Exports

Exports

?AddRef@BaseValue@NetUI@@QAEXXZ
?AutomateDataSource@FlexUI@@YGXPAUIDataSource@1@@Z
?CreateAtom@FlexValue@FlexUI@@SG_NPB_WAAVFlexValueSP@2@@Z
?CreateBoolean@FlexValue@FlexUI@@SG_N_NAAVFlexValueSP@2@@Z
?CreateByte@FlexValue@FlexUI@@SG_NEAAVFlexValueSP@2@@Z
?CreateChar@FlexValue@FlexUI@@SG_NDAAVFlexValueSP@2@@Z
?CreateDataSource@FlexValue@FlexUI@@SG_NPAUIDataSource@2@AAVFlexValueSP@2@@Z
?CreateDataSourceProxy@FlexUI@@YGPAUIFlexUIDataSourceProxy@@PAUIDataSource@1@@Z
?CreateDecimal@FlexValue@FlexUI@@SG_NPBUtagDEC@@AAVFlexValueSP@2@@Z
?CreateDouble@FlexValue@FlexUI@@SG_NNAAVFlexValueSP@2@@Z
?CreateFlexEvent@FlexValue@FlexUI@@SG_NAAVFlexValueSP@2@@Z
?CreateFlexListProxy@FlexUI@@YGPAUIFlexListProxy@@PAUIFlexList@1@@Z
?CreateInt16@FlexValue@FlexUI@@SG_NFAAVFlexValueSP@2@@Z
?CreateInt32@FlexValue@FlexUI@@SG_NHAAVFlexValueSP@2@@Z
?CreateInt64@FlexValue@FlexUI@@SG_N_JAAVFlexValueSP@2@@Z
?CreateLength@FlexValue@FlexUI@@SG_NPBUtagDEC@@W4FlexLengthType@2@AAVFlexValueSP@2@@Z
?CreateSByte@FlexValue@FlexUI@@SG_NCAAVFlexValueSP@2@@Z
?CreateSingle@FlexValue@FlexUI@@SG_NMAAVFlexValueSP@2@@Z
?CreateString@FlexValue@FlexUI@@SG_NPB_WAAVFlexValueSP@2@@Z
?CreateUInt16@FlexValue@FlexUI@@SG_NGAAVFlexValueSP@2@@Z
?CreateUInt32@FlexValue@FlexUI@@SG_NIAAVFlexValueSP@2@@Z
?CreateUInt64@FlexValue@FlexUI@@SG_N_KAAVFlexValueSP@2@@Z
?EnsureDataSourceState@@YGXPAUIDataSource@FlexUI@@@Z
?GetAtom@FlexValue@FlexUI@@QBEGXZ
?GetBoolean@FlexValue@FlexUI@@QBE_NXZ
?GetByte@FlexValue@FlexUI@@QBEEXZ
?GetChar@FlexValue@FlexUI@@QBE_WXZ
?GetDataSource@FlexValue@FlexUI@@QBEPAUIDataSource@2@XZ
?GetDecimal@FlexValue@FlexUI@@QBE?AUtagDEC@@XZ
?GetDouble@FlexValue@FlexUI@@QBENXZ
?GetInt16@FlexValue@FlexUI@@QBEFXZ
?GetInt32@FlexValue@FlexUI@@QBEHXZ
?GetInt64@FlexValue@FlexUI@@QBE_JXZ
?GetLength@FlexValue@FlexUI@@QBE?AUFlexLength@2@XZ
?GetList@FlexValue@FlexUI@@QBEPAUIFlexList@2@XZ
?GetSByte@FlexValue@FlexUI@@QBECXZ
?GetSingle@FlexValue@FlexUI@@QBEMXZ
?GetString@FlexValue@FlexUI@@QBEPB_WXZ
?GetType@FlexValue@FlexUI@@QBE?AW4FlexValueType@2@XZ
?GetUInt16@FlexValue@FlexUI@@QBEGXZ
?GetUInt32@FlexValue@FlexUI@@QBEIXZ
?GetUInt64@FlexValue@FlexUI@@QBE_KXZ
?HAlloc@NetUI@@YGPAXK@Z
?HFree@NetUI@@YGXPAX@Z
?IsDataSourceSubclassOf@FlexUI@@YG_NPAUIDataSourceDescription@1@I@Z
?Release@BaseValue@NetUI@@QAEXXZ
?ReleaseDataSource@FlexUI@@YGXPAUIFlexUIDataSourceProxy@@@Z
?ReleaseFlexList@FlexUI@@YGXPAUIFlexListProxy@@@Z
RunDevSetup
RunSetup

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 325KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 9B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d708d1704f9e39c70c6f81f5639e82b8

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88Certificate

Extended Key Usages

Key Usages

61:02:8e:42:00:00:00:00:00:1fCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

2f:da:0a:da:b1:cf:64:ea:57:44:3b:01:e0:2d:2c:63:b6:8b:80:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

advapi32

kernel32

ole32

oleaut32

wtsapi32

wer

hid

gdi32

rpcrt4

oleacc

imm32

hlink

Exports

Exports

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.data Size: 325KB - Virtual size: 355KB

.tls Size: - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 227KB - Virtual size: 226KB

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

61:02:8e:42:00:00:00:00:00:1f
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

2f:da:0a:da:b1:cf:64:ea:57:44:3b:01:e0:2d:2c:63:b6:8b:80:ad
Signer

.text
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 325KB - Virtual size: 355KB

.tls
Size: - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 227KB - Virtual size: 226KB