[bbs[.]keter[.]pub]otc4 20230910 - u2u[.]ink[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

[bbs.keter.pub]otc4 20230910 - u2u.ink.zip
Size

1.6MB
MD5

60987256ad6b4db8a203edc746b01bc3
SHA1

b7118290a267859a2f76c3730cfc552e0d5a5490
SHA256

03ee4ad26be043d788b114fc657c03c263548196527add4e4134a910a6171804
SHA512

a27c699f1d604d24666c02a0afc9f0fd157e195dd37d260eb922549579ac0afcd018eaf37eef9442b2ee6a0fc74bc2076a8e96918419f2465f60d5580926d13b
SSDEEP

49152:HhT9dzzclBpFyRmLBMN0T54RiwtN4jbWB+NI:B51cORmyY54pt1B6I

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/onetap v4/injector.exe
unpack001/onetap v4/onetap.dll

Files

[bbs.keter.pub]otc4 20230910 - u2u.ink.zip
.zip
onetap v4/injector.exe
.exe windows:6 windows x86 arch:x86

7f92caa5163ed08ccbe113a16149d174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Нужное\КСГО\Сурсы\load-lib-injector-master\Release\Injector.pdb

Imports

kernel32

Process32First
WriteProcessMemory
SetConsoleTitleA
Module32Next
GetFullPathNameA
OpenProcess
CreateToolhelp32Snapshot
Sleep
LoadLibraryA
Process32Next
CloseHandle
LoadLibraryW
GetProcAddress
VirtualAllocEx
CreateRemoteThread
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
UnhandledExceptionFilter

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memset
_CxxThrowException
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
_except_handler4_common
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

exit
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_exit
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn
_initterm_e
_c_exit
__p___argv
__p___argc
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_set_app_type
_seh_filter_exe
_crt_atexit
_initterm

api-ms-win-crt-stdio-l1-1-0

fopen
__p__commode
_set_fmode
fclose

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
onetap v4/login
onetap v4/onetap.dll
.dll windows:6 windows x86 arch:x86

5c2e7873ca2dc1c7b0b766587f10f4e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\die\Desktop\kill yourself\squaredhack.xyz-source-master\build\Win32\Release\cheat.pdb

Imports

ws2_32

WSACleanup
closesocket
getaddrinfo
WSAStartup
WSAGetLastError
socket
connect
recv
freeaddrinfo
send

kernel32

WriteFile
PeekNamedPipe
CreateFileW
GetLastError
CloseHandle
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
VirtualProtect
GetTickCount
GetWindowsDirectoryA
GetTickCount64
WriteProcessMemory
GetCurrentProcess
GetModuleHandleA
K32GetModuleInformation
CreateThread
AddVectoredExceptionHandler
GetProcAddress
WideCharToMultiByte
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
FindFirstFileExW
FindNextFileW
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
AreFileApisANSI
ResetEvent
SetEvent
DeleteCriticalSection
LocalFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FormatMessageA
LoadLibraryExA
ReadFile
InitializeSListHead
EnterCriticalSection
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeLibrary
FlushInstructionCache

user32

GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
ReleaseCapture
SetCapture
GetCapture
GetCursorPos
GetAsyncKeyState
GetClientRect
SetCursor
GetForegroundWindow
IsChild
ClientToScreen
ScreenToClient
CallWindowProcA
SetClipboardData
SetCursorPos
LoadCursorA
GetKeyState

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteA

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
_Mtx_unlock
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
_Thrd_sleep
_Query_perf_counter
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBE_JXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
?fail@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Xtime_get_ticks
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Mtx_current_owns
_Cnd_broadcast
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ

d3dx9_43

D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

xinput1_3

ord4
ord2

vcruntime140

__std_exception_copy
__CxxFrameHandler3
memmove
_purecall
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__current_exception_context
__current_exception
_setjmp3
longjmp
memchr
strrchr
memcpy
memcmp
memset
strchr
strstr
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fopen
__acrt_iob_func
tmpnam
fgets
tmpfile
_popen
_pclose
_ftelli64
clearerr
__stdio_common_vswprintf
fflush
fclose
__stdio_common_vfprintf
fgetc
fwrite
fgetpos
__stdio_common_vsprintf_s
__stdio_common_vsprintf
setvbuf
ungetc
fsetpos
getc
freopen
ferror
feof
fread
_fseeki64
_get_stream_buffer_pointers
fputc
ftell
fseek
_wfopen
__stdio_common_vsscanf

api-ms-win-crt-runtime-l1-1-0

strerror
exit
_errno
system
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
abort
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-time-l1-1-0

strftime
_mktime64
_localtime64
_gmtime64
_difftime64
_time64
clock

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
realloc

api-ms-win-crt-math-l1-1-0

_dsign
fminf
_libm_sse2_atan_precise
_fdclass
_dclass
roundf
fmaxf
_libm_sse2_pow_precise
llround
ldexp
ceil
_libm_sse2_tan_precise
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_exp_precise
_libm_sse2_cos_precise
frexp
floor
_CIatan2
_CIfmod
_libm_sse2_acos_precise
_libm_sse2_asin_precise

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-string-l1-1-0

strncpy
isblank
isspace
isalnum
toupper
strcpy_s
iscntrl
isgraph
strspn
ispunct
isxdigit
islower
isupper
tolower
strncmp
isalpha
strcoll
isdigit
strpbrk

api-ms-win-crt-filesystem-l1-1-0

rename
_lock_file
_unlock_file
remove

api-ms-win-crt-convert-l1-1-0

atoi
atof
strtoul
strtod
strtoll
strtoull
strtol

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale
___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 896KB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
onetap v4/version.txt
onetap v4/version2023 u2u.ink.txt

Sharing

General

Malware Config

Signatures

Files

7f92caa5163ed08ccbe113a16149d174

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 940B

5c2e7873ca2dc1c7b0b766587f10f4e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

msvcp140

d3dx9_43

imm32

xinput1_3

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 350KB - Virtual size: 349KB

.data Size: 896KB - Virtual size: 4.5MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 94KB - Virtual size: 94KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 350KB - Virtual size: 349KB

.data
Size: 896KB - Virtual size: 4.5MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 94KB - Virtual size: 94KB