vidar | 2024-02-13_78099f8ea2922ef05b9039577670fed5_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_78099f8ea2922ef05b9039577670fed5_magniber
Size

28.6MB
MD5

78099f8ea2922ef05b9039577670fed5
SHA1

67ec26498fcc4b65a8cbf70aa2d71fd7d821ed8f
SHA256

97defaf74ff7ea919a45e1384df0cadef7e4e4201081fc2313e814a8d3c075cf
SHA512

d806e075282d48963eaff475f12c0475275736e73156af26d7b22254287d8df1847bd8338ff541a0399c9bd09606fdf71826c409217ff44537fc75b85602b834
SSDEEP

786432:IvBjkKBm57+XhO92T0qMLl/WEYVJlghlj:IvB4KBmF+XhOgT0TpQe

Score

10^/10

vidar

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Vidar family
vidar

Files

2024-02-13_78099f8ea2922ef05b9039577670fed5_magniber
.exe windows:5 windows x86 arch:x86

8653511261474bf1b68e3710102c32b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/10/2016, 00:00

Not After

11/10/2019, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:ee:e6:c4:1d:17:9d:d2:f4:9c:23:5b:a3:cc:30:d5:5c:df:f7
Signer

Actual PE Digest

61:19:ee:e6:c4:1d:17:9d:d2:f4:9c:23:5b:a3:cc:30:d5:5c:df:f7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\130d140c79e7d97d\build.msvc\Win32\Client-Release\WindowsClient\RobloxPlayerBeta.pdb

Imports

sensapi

IsNetworkAlive

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

kernel32

GetUserGeoID
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
LocalFree
FileTimeToSystemTime
lstrcpynW
lstrcpyW
InterlockedExchange
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
InitializeCriticalSection
ReleaseSemaphore
DuplicateHandle
GetSystemInfo
lstrcmpiA
lstrlenW
CreateSemaphoreA
GetACP
GetLocalTime
SizeofResource
FindResourceW
FindResourceExW
DeleteFileA
MoveFileA
CompareFileTime
FindFirstFileA
FindNextFileA
ExitProcess
LoadLibraryExA
IsDBCSLeadByte
FormatMessageA
VirtualQuery
DecodePointer
GetShortPathNameW
QueryPerformanceCounter
QueryPerformanceFrequency
IsWow64Process
ReplaceFileW
GetModuleHandleExA
SearchPathW
OpenEventW
GetLocaleInfoW
WriteProfileStringW
VerSetConditionMask
TryEnterCriticalSection
GetFileSizeEx
GetStdHandle
ReadFile
SetFilePointer
SetFilePointerEx
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
CreateSemaphoreW
LoadLibraryW
GetModuleHandleW
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringW
CreateFileW
AttachConsole
WriteConsoleW
GlobalMemoryStatusEx
GetThreadContext
SetThreadContext
ResumeThread
GetTempPathA
FindFirstChangeNotificationA
InterlockedExchangeAdd
InterlockedCompareExchange
SleepEx
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerifyVersionInfoA
CreateFileMappingW
TlsFree
CreateWaitableTimerA
SetWaitableTimer
GetLogicalProcessorInformation
GlobalAlloc
DeviceIoControl
SetEndOfFile
FindClose
GetFileTime
SetFileTime
GetCurrentDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
HeapSize
GetGeoInfoA
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileW
CreateFileA
GetWindowsDirectoryW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
SetStdHandle
ExitThread
SetConsoleCtrlHandler
GetModuleHandleExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetVersionExW
LoadLibraryExW
DeleteFileW
SetCurrentDirectoryW
GetTempPathW
GetProfileStringA
FindResourceA
OutputDebugStringA
GetModuleFileNameW
CreateFileMappingA
CreateMutexA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
SystemTimeToFileTime
GetSystemTime
MulDiv
LoadResource
Sleep
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualProtect
GlobalFree
GlobalUnlock
CreateProcessA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
WriteFile
IsDebuggerPresent
WriteProcessMemory
SetErrorMode
GetLastError
GetCurrentThreadId
SetUnhandledExceptionFilter
RaiseException
TerminateProcess
GetCurrentProcess
GetFullPathNameW
GetFileAttributesW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CompareStringW
GetFileAttributesExW
CopyFileW
MoveFileExW
AreFileApisANSI
FlushInstructionCache
OpenThread
MultiByteToWideChar
GetVersionExA
HeapReAlloc
FindNextFileW
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
OpenProcess
CreateMutexW
GetLogicalDriveStringsW
VirtualFree
CreateEventW
GetNativeSystemInfo
GetStringTypeW
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
FlushFileBuffers
GetProcessAffinityMask
FreeConsole
Module32NextW
Module32FirstW
ProcessIdToSessionId
QueryDosDeviceW
VirtualAlloc
GetProcAddress
ResetEvent
SetEvent
GetCurrentProcessId
WaitForSingleObjectEx
CloseHandle
OpenEventA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GlobalHandle
WideCharToMultiByte
GlobalLock
WaitForMultipleObjectsEx
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
ShowWindowAsync
MoveWindow
SetWindowPos
CreateDialogIndirectParamA
GetDlgItem
CharNextA
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetClientRect
MessageBoxA
ClientToScreen
ScreenToClient
RegisterClassExA
FillRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetParent
GetClassNameA
GetWindow
LoadCursorA
LoadStringA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
GetWindowPlacement
GetSystemMetrics
GetWindowRect
MapWindowPoints
EnumDisplayDevicesA
GetWindowInfo
UnregisterClassA
CallWindowProcA
DefWindowProcW
DefWindowProcA
PostMessageA
SendMessageA
RegisterWindowMessageA
GetAsyncKeyState
GetSysColor
EnumWindows
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadCursorW
GetClassInfoExW
PostMessageW
SendMessageW
PeekMessageW
UnregisterClassW
SetRectEmpty
GetWindowThreadProcessId
LoadStringW
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
SetWindowPlacement
FindWindowA
MapDialogRect
LoadIconA
SetWindowContextHelpId
EndDialog
LoadIconW
UpdateWindow
SetTimer
CreateWindowExW
RegisterClassExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
RegisterRawInputDevices
GetRawInputData
SetRect
ClipCursor
GetCursorPos
SetCursor
MapVirtualKeyExA
MapVirtualKeyA
GetClipboardData
CloseClipboard
OpenClipboard
LoadKeyboardLayoutA
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SwapBuffers
ChoosePixelFormat
GetDIBits
GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetPixelFormat

advapi32

RegCreateKeyExA
CryptImportKey
CryptDestroyKey
CryptAcquireContextW
RegQueryInfoKeyA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegDeleteValueA
CryptVerifySignatureA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

shell32

SHGetFolderPathAndSubDirW
ShellExecuteA
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateGuid
PropVariantClear
CoTaskMemRealloc
CoFreeUnusedLibraries
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitializeEx
CoGetClassObject
CoUninitialize

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
acmStreamOpen
acmFormatSuggest

shlwapi

PathFindFileNameW
PathFindFileNameA
StrCmpW
PathAppendA
PathFileExistsA
PathRemoveFileSpecA
PathStripPathA
PathAddBackslashA

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

crypt32

CryptDecodeObject
CryptMsgClose
CertGetNameStringW
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CryptQueryObject
CertOpenStore
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryA
CryptMsgGetParam
CertGetCertificateContextProperty

wintrust

WinVerifyTrust

iphlpapi

IcmpCreateFile
GetAdaptersAddresses
IcmpSendEcho

wininet

InternetSetCookieA

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetProcessImageFileNameW

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutWrite
waveOutGetNumDevs
timeEndPeriod
waveOutGetPosition
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
timeBeginPeriod
timeGetDevCaps
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveOutReset
waveInReset
waveOutGetDevCapsW
timeGetTime
timeSetEvent

powrprof

CallNtPowerInformation

ws2_32

bind
ioctlsocket
getpeername
getsockname
getsockopt
ntohs
recv
select
setsockopt
gethostname
WSASetLastError
WSAIoctl
inet_addr
inet_ntoa
getnameinfo
recvfrom
accept
listen
shutdown
__WSAFDIsSet
gethostbyname
WSAStartup
WSACleanup
closesocket
connect
htons
send
sendto
socket
WSAGetLastError
getaddrinfo
freeaddrinfo
htonl

opengl32

wglDeleteContext
wglGetCurrentContext
wglCreateContext
glReadPixels
glTexSubImage2D
glTexParameteri
glTexParameterf
wglMakeCurrent
wglGetProcAddress
wglGetCurrentDC
glGetError
glGetIntegerv
glGetString
glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glClearStencil
glColorMask
glCopyTexSubImage2D
glCullFace
glTexImage2D
glPixelStorei
glDepthFunc
glDepthMask
glDisable
glEnable
glPolygonOffset
glReadBuffer
glStencilFunc
glStencilMask
glStencilOp
glViewport
glDrawArrays
glDrawElements
glDeleteTextures
glGenTextures
glGetTexImage

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

wtsapi32

WTSSendMessageW

Exports

Exports

?g_postStaticInitFn@@3P6AHXZA
?g_preStaticInitFn@@3P6AHXZA
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 943KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 868KB - Virtual size: 867KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8653511261474bf1b68e3710102c32b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

61:19:ee:e6:c4:1d:17:9d:d2:f4:9c:23:5b:a3:cc:30:d5:5c:df:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sensapi

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msacm32

shlwapi

dbghelp

version

crypt32

wintrust

iphlpapi

wininet

psapi

winmm

powrprof

ws2_32

opengl32

setupapi

wtsapi32

Exports

Exports

Sections

.text Size: 13.1MB - Virtual size: 13.1MB

.zero Size: 13KB - Virtual size: 12KB

.rdata Size: 5.8MB - Virtual size: 5.8MB

.data Size: 943KB - Virtual size: 3.3MB

.tls Size: 512B - Virtual size: 177B

.gfids Size: 4KB - Virtual size: 3KB

_RDATA Size: 35KB - Virtual size: 35KB

.vmp0 Size: 1.8MB - Virtual size: 1.8MB

.vmp1 Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 868KB - Virtual size: 867KB

.rsrc Size: 92KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

61:19:ee:e6:c4:1d:17:9d:d2:f4:9c:23:5b:a3:cc:30:d5:5c:df:f7
Signer

.text
Size: 13.1MB - Virtual size: 13.1MB

.zero
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5.8MB - Virtual size: 5.8MB

.data
Size: 943KB - Virtual size: 3.3MB

.tls
Size: 512B - Virtual size: 177B

.gfids
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 35KB - Virtual size: 35KB

.vmp0
Size: 1.8MB - Virtual size: 1.8MB

.vmp1
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 868KB - Virtual size: 867KB

.rsrc
Size: 92KB - Virtual size: 92KB