3d1ed89ab93731ea86433d0c47cf6504[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3d1ed89ab93731ea86433d0c47cf6504.exe
Size

4.6MB
MD5

3d1ed89ab93731ea86433d0c47cf6504
SHA1

61815ac12db3a746756f44c39031a423e9177ec4
SHA256

8562b516f75166302b73e3c5733582ad9b5db0449b2b983b0ea7aebb4a977c54
SHA512

473c192f71a8901a3928e53f23d5f337095d4de4cd7d18ee0b1f83813794e8b5b291af3c370815153ab2711afd25f87fda9ae5cb24a74e6a81b17892a4a53157
SSDEEP

98304:QoJF/SsR9sRFdq9OcNwiegBN4xluDoWCPGMV8/G6:BJ8KCXdq9OYHegzIluDn06

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

3d1ed89ab93731ea86433d0c47cf6504.exe
.exe windows:6 windows x86 arch:x86

634b53c711215e62c238bd89eafece96

Code Sign

1d:07:9f:70:59:84:66:b6:4b:90:58:84:d5:a3:f7:5d
Certificate

Issuer

CN=◄⁂MZ⁂▶⬤◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶

Not Before

14/12/2023, 11:05

Not After

15/12/2033, 11:05

Subject

CN=◄⁂MZ⁂▶⬤◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶◄⁂MZ⁂▶

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:56:d3:44:1e:e4:b0:91:8c:4b:af:1a:ef:6c:ec:80:2d:00:50:55:0a:55:0d:b9:52:c5:9f:5d:aa:8b:a8:e1
Signer

Actual PE Digest

8c:56:d3:44:1e:e4:b0:91:8c:4b:af:1a:ef:6c:ec:80:2d:00:50:55:0a:55:0d:b9:52:c5:9f:5d:aa:8b:a8:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetDC

gdi32

BitBlt

Sections

Size: - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp®·
Size: - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp®·
Size: - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp®·
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp®·
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 138KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

634b53c711215e62c238bd89eafece96

Code Sign

1d:07:9f:70:59:84:66:b6:4b:90:58:84:d5:a3:f7:5dCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:56:d3:44:1e:e4:b0:91:8c:4b:af:1a:ef:6c:ec:80:2d:00:50:55:0a:55:0d:b9:52:c5:9f:5d:aa:8b:a8:e1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

Size: - Virtual size: 385KB

Size: - Virtual size: 13KB

Size: - Virtual size: 140KB

Size: - Virtual size: 76KB

.vmp®· Size: - Virtual size: 145KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.boot Size: - Virtual size: 2.0MB

.vmp®· Size: - Virtual size: 843KB

.vmp®· Size: 512B - Virtual size: 444B

.vmp®· Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 138KB - Virtual size: 145KB

1d:07:9f:70:59:84:66:b6:4b:90:58:84:d5:a3:f7:5d
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:56:d3:44:1e:e4:b0:91:8c:4b:af:1a:ef:6c:ec:80:2d:00:50:55:0a:55:0d:b9:52:c5:9f:5d:aa:8b:a8:e1
Signer

.vmp®·
Size: - Virtual size: 145KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: - Virtual size: 2.0MB

.vmp®·
Size: - Virtual size: 843KB

.vmp®·
Size: 512B - Virtual size: 444B

.vmp®·
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 138KB - Virtual size: 145KB