1de7cddf7d1a301d9e01cf84b8bd3923

Sharing

Copy URL Twitter E-mail

General

Target

1de7cddf7d1a301d9e01cf84b8bd3923
Size

886KB
MD5

1de7cddf7d1a301d9e01cf84b8bd3923
SHA1

1d5ea99de4643c13186110cf5c557581e1456833
SHA256

57f1c1e8b67e5eef8cbcd7d2df72a5e30680677b0a0cca8321f1c6afeae1c5aa
SHA512

ee9e2017b48ae7ddb5d1c1c693aa6e999225771aec912fd70436c842cda846208f400492dcc2a46da57f526b9e8d0ae115b304a654b60842226a23234144fb5c
SSDEEP

24576:eWAC9R9BadLda3rOe6pbhN2QZsTPuXshRflCYg9qAsVT4:eWAMR9cd6rOe6pbhN2eRgflCYgwZ2

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/06AD38DB.DLL	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/06AD38DB.DLL

Files

1de7cddf7d1a301d9e01cf84b8bd3923
.zip
06AD38DB.DLL
.dll windows:4 windows x86 arch:x86

3d2585fc47851773a126f319d58304c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation
GetProcessMemoryInfo

dbghelp

SymGetLineFromAddr
SymGetSymFromAddr
SymGetModuleInfo
SymInitialize
StackWalk
SymFunctionTableAccess
SymLoadModule
MiniDumpWriteDump

ws2_32

__WSAFDIsSet
WSAGetLastError
socket
ioctlsocket
select
htons
inet_addr
send
connect
recv
WSACleanup
closesocket
shutdown
gethostbyaddr
gethostbyname
sendto
WSASend
WSAStartup

kernel32

ReadProcessMemory
VirtualProtectEx
DeleteCriticalSection
lstrcmpA
VirtualFree
VirtualAlloc
MapViewOfFileEx
OpenFileMappingA
lstrcpynA
CreateFileMappingW
SearchPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateEventA
CreateMutexA
SetEvent
GetThreadContext
GetCurrentThread
VirtualQueryEx
GetExitCodeThread
Sleep
OutputDebugStringA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcatA
lstrcpyA
SetLastError
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
GlobalAddAtomA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
VirtualAllocEx
GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
MoveFileA
DeleteFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileTime
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
ExitProcess
ExitThread
CreateThread
HeapAlloc
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
SetStdHandle
HeapDestroy
HeapCreate
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LoadLibraryW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
CreateFileW
WriteProcessMemory
ResumeThread
Thread32First
OpenThread
SuspendThread
Thread32Next
GetVersionExW
WaitForSingleObject
GetModuleFileNameW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
LoadLibraryExA
InterlockedExchange
lstrcmpiA
GetVersion
CompareStringW
GetLastError
lstrlenA
CompareStringA
CreateFileA
GetVersionExA
DeviceIoControl
CreateDirectoryA
TerminateProcess
OpenProcess
GetCurrentProcess
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
FormatMessageA
SetUnhandledExceptionFilter
GetCurrentDirectoryA
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetModuleFileNameA
IsBadStringPtrA
LockResource
SizeofResource
LoadResource
FindResourceA
MultiByteToWideChar
IsBadReadPtr
VirtualProtect
GetModuleHandleA
LoadLibraryA
GetProcAddress
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLocalTime
GetCurrentProcessId
GetTickCount
WideCharToMultiByte
FindNextFileA
FindFirstFileA
InterlockedCompareExchange
ReleaseMutex
FlushInstructionCache
CreateSemaphoreA
ReleaseSemaphore

user32

GetNextDlgTabItem
CreateDialogIndirectParamA
GetDesktopWindow
UnregisterClassA
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
ClientToScreen
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
BeginPaint
EndPaint
DestroyMenu
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
EndDialog
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetLastActivePopup
IsWindowEnabled
SetCursor
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
GetCursorPos
ValidateRect
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
GetKeyState
SetTimer
KillTimer
MessageBoxA
SetWindowsHookExA
EnumWindows
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageW
GetClassNameW
GetWindowTextW
SetWindowTextW
IsWindow
EnumChildWindows
CallNextHookEx
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterClassA
GetWindowLongA
GetWindowThreadProcessId
SetWindowLongA
SetForegroundWindow
FindWindowA
MessageBoxW
EnableWindow
IsWindowVisible
CharUpperA

gdi32

SetMapMode
SetWindowExtEx
ScaleWindowExtEx
RestoreDC
DeleteDC
GetStockObject
SaveDC
DeleteObject
GetObjectA
SetBkColor
SetTextColor
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetClipBox
CreateBitmap
SetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHFileOperationA

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

oleaut32

VariantInit
VariantChangeType
VariantClear

winmm

timeGetTime

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable

Exports

Exports

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VEffectivOnline_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserLogin_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserRegist_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VEffectivOnline_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserLogin_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserRegist_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d2585fc47851773a126f319d58304c7

Headers

File Characteristics

Imports

psapi

dbghelp

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

winmm

wininet

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 232KB - Virtual size: 230KB

.data Size: 44KB - Virtual size: 205KB

.rsrc Size: 16KB - Virtual size: 15KB

.vmp0 Size: 104KB - Virtual size: 101KB

.vmp1 Size: 124KB - Virtual size: 122KB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 232KB - Virtual size: 230KB

.data
Size: 44KB - Virtual size: 205KB

.rsrc
Size: 16KB - Virtual size: 15KB

.vmp0
Size: 104KB - Virtual size: 101KB

.vmp1
Size: 124KB - Virtual size: 122KB

.reloc
Size: 72KB - Virtual size: 70KB