NemuLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NemuLauncher.exe
Size

25.4MB
MD5

fed5c72090799f4dfc6eafcaa5a0fb48
SHA1

6e86b68a97225e48a332fad09ebb73ee274b7552
SHA256

4f109be5365e938143781806969718738e5144c8a2c82307ab4756ee7812cf73
SHA512

fad3af309b6d5153f14bfc4b2b02d4301a633c7fc91c561de4fe616ce27ceb9f4e16d73b060f507a33cf6a2a396f95808fb3c0e2fb6b976d8d63486a16c78f69
SSDEEP

393216:0avYt2FqNoIK/3ATWqxdwn3cGJ2v6+EyQE0Z1ytZLUbXJsv6tWKFdu9C6Jw7kyMF:0avZfm8y3LlJw7Puf

Score

1^/10

Malware Config

Signatures

Files

NemuLauncher.exe
.exe windows:6 windows x64 arch:x64

98c7b5b4c296e5e5edb4932ea53e059f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/10/2021, 00:00

Not After

23/10/2024, 23:59

Subject

SERIALNUMBER=91330000788831167A,CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:7a:84:db:f9:ef:53:17:e4:c8:08:0f:79:c5:e3:06:fa:e4:27:21:7e:89:80:14:7e:20:f6:a0:c7:e6:86:58
Signer

Actual PE Digest

05:7a:84:db:f9:ef:53:17:e4:c8:08:0f:79:c5:e3:06:fa:e4:27:21:7e:89:80:14:7e:20:f6:a0:c7:e6:86:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Work\MuMu\Nemu\Proj\gitlab_launcherstandalone\build\NEMU_Static_Release_x64\NemuLauncher.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertOpenStore

kernel32

ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GlobalFree
SetHandleInformation
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
WTSGetActiveConsoleSessionId
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
SetLastError
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
RtlVirtualUnwind
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetDateFormatW
DecodePointer
ResetEvent
RegisterWaitForSingleObject
UnregisterWaitEx
GetProcAddress
CreateProcessW
GetExitCodeProcess
CreateNamedPipeW
ConnectNamedPipe
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
GetFileInformationByHandleEx
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
GetVolumePathNamesForVolumeNameW
GetTempPathW
RemoveDirectoryW
GetLongPathNameW
GetFullPathNameW
GetFileAttributesExW
FindFirstFileW
FindClose
DeleteFileW
SetCurrentDirectoryW
SetErrorMode
SetFilePointerEx
SetEndOfFile
GetVolumeInformationW
GetLogicalDrives
GetFileType
GetDriveTypeW
FlushFileBuffers
LocalAlloc
GetUserDefaultLangID
CreateSemaphoreW
OpenFileMappingW
VirtualQuery
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
WriteConsoleW
GetFileSizeEx
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetTickCount64
LCMapStringW
CompareStringW
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetConsoleOutputCP
SetFileAttributesW
SetStdHandle
ExitThread
GetCommandLineA
RtlUnwind
RtlUnwindEx
WaitForMultipleObjectsEx
SetProcessAffinityMask
VirtualProtect
ReleaseSemaphore
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
FreeLibrary
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetLocaleInfoEx
GetCPInfo
LCMapStringEx
EncodePointer
CreateSymbolicLinkW
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetStringTypeW
GetExitCodeThread
RtlCaptureStackBackTrace
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
RtlPcToFileHeader
FormatMessageA
GetVersionExW
GlobalMemoryStatusEx
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
GetPrivateProfileStringW
GetUserDefaultLocaleName
LoadLibraryA
FindNextFileW
FindFirstFileExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
GetModuleFileNameW
FormatMessageW
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
CreateThread
SwitchToThread
WaitForMultipleObjects
WaitForSingleObject
DuplicateHandle
GetCurrentProcessId
GetCommandLineW
CompareStringEx
FileTimeToSystemTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLocalTime
GetFileSize
GetFileInformationByHandle
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
WriteFile
SetFileTime
SetFilePointer
ReadFile
LocalFileTimeToFileTime
GetFileAttributesW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
K32GetModuleFileNameExW
K32EnumProcesses
OpenProcess
GetProcessId
CloseHandle
GetTickCount
GetUserDefaultUILanguage
TerminateProcess
GetCurrentProcess
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetLocaleInfoW
DeleteTimerQueueTimer
GetTimeFormatW
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
GetSystemTime
CreateEventW
WaitForSingleObjectEx
SetEvent
GetConsoleWindow
GetStartupInfoW
IsValidLocale
LocalFree

user32

GetWindowLongPtrW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SystemParametersInfoW
GetDC
ReleaseDC
GetSystemMenu
EnableMenuItem
GetSystemMetrics
GetSysColor
GetDoubleClickTime
DrawIconEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
AttachThreadInput
UnregisterClassW
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
KillTimer
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
SetWindowLongPtrW
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextExA
PostThreadMessageW
PostMessageW
MessageBoxW
SetWindowPos
SendMessageW
GetWindowTextW
GetDesktopWindow
wsprintfW
GetWindowThreadProcessId
GetWindowLongW
GetUserObjectInformationW
GetProcessWindowStation
SetWindowLongW
GetParent
SetParent
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetWindowPlacement
EnumWindows
IsChild
GetAncestor
GetKeyboardLayoutList
GetClassInfoW
RegisterClassExW
GetFocus
ChangeWindowMessageFilterEx
RealGetWindowClassW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
FindWindowA
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect

gdi32

SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetObjectW
GetBitmapBits
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat
CreateBitmap
SelectObject
DeleteDC
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
SelectClipRgn
OffsetRgn
DeleteObject
CreateRectRgn
CombineRgn
BitBlt
GetCharABCWidthsW
ExtTextOutW
SetBkColor
CreatePalette
SelectPalette
GetEnhMetaFilePaletteEntries
DeleteEnhMetaFile
GetDIBits
GetEnhMetaFileHeader
SetEnhMetaFileBits
PlayEnhMetaFile
RealizePalette
SetWinMetaFileBits
CreateDIBSection
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GdiFlush

advapi32

AccessCheck
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
GetTokenInformation
RegOpenKeyW
RegCreateKeyW
MapGenericMask
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegNotifyChangeKeyValue
SystemFunction036
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
RegCloseKey

shell32

SHGetStockIconInfo
SHGetFileInfoW
SHGetKnownFolderPath
ShellExecuteW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconW
Shell_NotifyIconGetRect
ShellExecuteExW
ord727
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoGetMalloc
ReleaseStgMedium
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
OleInitialize
CoSetProxyBlanket
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
StringFromGUID2
CoInitialize
CoUninitialize

oleaut32

VariantInit
SysFreeString
VariantChangeType
SetErrorInfo
VariantClear
GetErrorInfo
CreateErrorInfo
SysAllocString
SafeArrayCreateVector
SafeArrayPutElement

psapi

EnumProcesses
GetModuleFileNameExW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpSetOption
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpSendRequest
WinHttpReceiveResponse

rpcrt4

UuidToStringW
RpcStringFreeW

bcrypt

BCryptGenRandom

ws2_32

ioctlsocket
ntohs
WSASocketW
WSASendTo
WSASend
WSARecvFrom
accept
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
gethostbyname
getpeername
closesocket
bind
__WSAFDIsSet
connect
freeaddrinfo
getaddrinfo
WSAGetLastError
ntohl
getsockopt
htonl
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname
socket
shutdown
recv
send
getsockname
WSASetLastError
WSARecv
getnameinfo

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow

imm32

ImmGetContext
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetDefaultIMEWnd

opengl32

wglDeleteContext
wglCreateContext
glGetString
wglGetProcAddress
wglMakeCurrent

iphlpapi

GetAdaptersAddresses
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetAdaptersInfo
GetNetworkParams

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeSetEvent
timeKillEvent

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 16.8MB - Virtual size: 16.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 503KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 917KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 127B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98c7b5b4c296e5e5edb4932ea53e059f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:7a:84:db:f9:ef:53:17:e4:c8:08:0f:79:c5:e3:06:fa:e4:27:21:7e:89:80:14:7e:20:f6:a0:c7:e6:86:58Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

psapi

winhttp

rpcrt4

bcrypt

ws2_32

dwmapi

imm32

opengl32

iphlpapi

version

winmm

netapi32

userenv

wtsapi32

Sections

.text Size: 16.8MB - Virtual size: 16.8MB

.rdata Size: 6.9MB - Virtual size: 6.9MB

.data Size: 503KB - Virtual size: 632KB

.pdata Size: 917KB - Virtual size: 916KB

.qtmetad Size: 512B - Virtual size: 127B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 200KB - Virtual size: 199KB

.reloc Size: 105KB - Virtual size: 105KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:7a:84:db:f9:ef:53:17:e4:c8:08:0f:79:c5:e3:06:fa:e4:27:21:7e:89:80:14:7e:20:f6:a0:c7:e6:86:58
Signer

.text
Size: 16.8MB - Virtual size: 16.8MB

.rdata
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 503KB - Virtual size: 632KB

.pdata
Size: 917KB - Virtual size: 916KB

.qtmetad
Size: 512B - Virtual size: 127B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 200KB - Virtual size: 199KB

.reloc
Size: 105KB - Virtual size: 105KB