vidar | dd371200b85a0c2cd184162db7307b8b993deeb3afb59051a959cde3b4f379b4

Sharing

Copy URL Twitter E-mail

General

Target

dd371200b85a0c2cd184162db7307b8b993deeb3afb59051a959cde3b4f379b4
Size

29.2MB
MD5

c82911da5b04a74383bdd366780f7cc8
SHA1

fa5370c8df68deaeea30f6df1c9188c3575801cc
SHA256

dd371200b85a0c2cd184162db7307b8b993deeb3afb59051a959cde3b4f379b4
SHA512

c96d03934359673addd6dfa6a179054a114ea2b419d54584fbc2e6a941b25c9d17d6a1e837a71800626f4c40979160354da6e01812b3e31a94e3e4a7ac03ce2a
SSDEEP

786432:6JDcbe8Y4924QCXSi1d/jx1ar95IU0b3Z:6lcb5Yo24XXRj2r+3Z

Score

10^/10

vidar

Malware Config

Signatures

Vidar family
vidar

N/A. 1 IoCs

N/A.

dropper

resource	yara_rule
sample	dropper_html

Files

dd371200b85a0c2cd184162db7307b8b993deeb3afb59051a959cde3b4f379b4
.exe windows:5 windows x86 arch:x86

932e0387b48ada1613b68ab98cc0b195

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/10/2016, 00:00

Not After

11/10/2019, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9b:ae:a8:7d:61:8c:e8:a2:bf:11:bb:1a:f6:56:ae:4e:f2:19:39:3a
Signer

Actual PE Digest

9b:ae:a8:7d:61:8c:e8:a2:bf:11:bb:1a:f6:56:ae:4e:f2:19:39:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\130d140c79e7d97d\build.msvc\Win32\Client-Release\WindowsClient\RobloxPlayerBeta.pdb

Imports

sensapi

IsNetworkAlive

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

kernel32

GetUserGeoID
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
LocalFree
FileTimeToSystemTime
lstrcpynW
lstrcpyW
InterlockedExchange
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
InitializeCriticalSection
ReleaseSemaphore
DuplicateHandle
GetSystemInfo
lstrcmpiA
lstrlenW
CreateSemaphoreA
GetACP
GetLocalTime
SizeofResource
FindResourceW
FindResourceExW
DeleteFileA
MoveFileA
CompareFileTime
FindFirstFileA
FindNextFileA
ExitProcess
LoadLibraryExA
IsDBCSLeadByte
FormatMessageA
VirtualQuery
GetLongPathNameW
DecodePointer
GetShortPathNameW
QueryPerformanceCounter
QueryPerformanceFrequency
IsWow64Process
ReplaceFileW
GetModuleHandleExA
SearchPathW
OpenEventW
GetLocaleInfoW
WriteProfileStringW
VerSetConditionMask
TryEnterCriticalSection
GetFileSizeEx
GetStdHandle
ReadFile
SetFilePointer
SetFilePointerEx
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
CreateSemaphoreW
LoadLibraryW
GetModuleHandleW
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringW
CreateFileW
AttachConsole
WriteConsoleW
GlobalMemoryStatusEx
GetThreadContext
SetThreadContext
ResumeThread
GetTempPathA
FindFirstChangeNotificationA
InterlockedExchangeAdd
InterlockedCompareExchange
SleepEx
ExpandEnvironmentStringsA
GetSystemDirectoryA
VerifyVersionInfoA
CreateFileMappingW
TlsFree
CreateWaitableTimerA
SetWaitableTimer
GetLogicalProcessorInformation
GlobalAlloc
DeviceIoControl
SetEndOfFile
FindClose
GetFileTime
SetFileTime
GetCurrentDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
HeapSize
HeapReAlloc
HeapDestroy
GetGeoInfoA
HeapAlloc
GetProcessHeap
WideCharToMultiByte
CreateFileA
FindFirstFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
SetStdHandle
ExitThread
SetConsoleCtrlHandler
GetModuleHandleExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
DeleteFileW
SetCurrentDirectoryW
GetTempPathW
GetProfileStringA
FindResourceA
OutputDebugStringA
GetModuleFileNameW
CreateFileMappingA
CreateMutexA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
SystemTimeToFileTime
GetSystemTime
MulDiv
LoadResource
Sleep
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualProtect
GlobalFree
GlobalUnlock
CreateProcessA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
WriteFile
IsDebuggerPresent
WriteProcessMemory
SetErrorMode
GetLastError
GetCurrentThreadId
SetUnhandledExceptionFilter
RaiseException
TerminateProcess
GetCurrentProcess
RemoveDirectoryW
GetFullPathNameW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CreateEventW
GetNativeSystemInfo
GetFileAttributesW
GetFileAttributesExW
CopyFileW
MoveFileExW
AreFileApisANSI
FlushInstructionCache
OpenThread
SuspendThread
MultiByteToWideChar
GetVersionExA
HeapFree
FindNextFileW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CompareStringW
GetThreadLocale
ExpandEnvironmentStringsW
GetExitCodeThread
GetStringTypeW
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
FlushFileBuffers
GetProcessAffinityMask
FreeConsole
CreateMutexW
VirtualFree
VirtualAlloc
GetProcAddress
ResetEvent
SetEvent
GetCurrentProcessId
WaitForSingleObjectEx
CloseHandle
OpenEventA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GlobalHandle
GetWindowsDirectoryW
GlobalLock
WaitForMultipleObjectsEx
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetClassInfoExA
CreateWindowExA
IsWindow
IsChild
DestroyWindow
ShowWindowAsync
MoveWindow
SetWindowPos
CreateDialogIndirectParamA
GetDlgItem
CharNextA
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetClientRect
MessageBoxA
ClientToScreen
ScreenToClient
RegisterClassExA
FillRect
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetParent
GetClassNameA
GetWindow
LoadCursorA
LoadStringA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
GetWindowPlacement
GetSystemMetrics
GetWindowRect
EnumDisplayDevicesA
GetWindowInfo
EnumWindows
UnregisterClassA
CallWindowProcA
DefWindowProcW
DefWindowProcA
PostMessageA
SendMessageA
RegisterWindowMessageA
GetAsyncKeyState
GetSysColor
UnregisterDeviceNotification
RegisterDeviceNotificationW
LoadCursorW
GetClassInfoExW
PostMessageW
SendMessageW
PeekMessageW
UnregisterClassW
MapWindowPoints
SetRectEmpty
GetWindowThreadProcessId
LoadStringW
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
SetWindowPlacement
FindWindowA
MapDialogRect
LoadIconA
SetWindowContextHelpId
EndDialog
LoadIconW
UpdateWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
RegisterRawInputDevices
GetRawInputData
SetRect
ClipCursor
GetCursorPos
SetCursor
GetForegroundWindow
MapVirtualKeyExA
MapVirtualKeyA
GetClipboardData
CloseClipboard
OpenClipboard
LoadKeyboardLayoutA
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

SwapBuffers
ChoosePixelFormat
GetDIBits
GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetPixelFormat

advapi32

RegCreateKeyExA
CryptImportKey
CryptDestroyKey
CryptAcquireContextW
RegQueryInfoKeyA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegDeleteValueA
CryptVerifySignatureA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

shell32

SHGetFolderPathAndSubDirW
ShellExecuteA
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateGuid
PropVariantClear
CoTaskMemRealloc
CoFreeUnusedLibraries
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoInitializeEx
CoGetClassObject
CoUninitialize

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysStringLen
SysFreeString

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
acmStreamOpen
acmFormatSuggest

shlwapi

PathFindFileNameW
PathFindFileNameA
StrCmpW
PathAppendA
PathFileExistsA
PathRemoveFileSpecA
PathStripPathA
PathAddBackslashA

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

crypt32

CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CryptQueryObject
CertOpenStore
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryA
CertGetCertificateContextProperty
CertGetNameStringW
CryptMsgGetParam

wintrust

WinVerifyTrust

iphlpapi

IcmpCreateFile
GetAdaptersAddresses
IcmpSendEcho

wininet

InternetSetCookieA

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo

winmm

waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutWrite
waveOutGetNumDevs
timeEndPeriod
waveOutGetPosition
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
timeBeginPeriod
timeGetDevCaps
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveOutReset
waveInReset
waveOutGetDevCapsW
timeGetTime
timeSetEvent

powrprof

CallNtPowerInformation

ws2_32

bind
ioctlsocket
getpeername
getsockname
getsockopt
ntohs
recv
select
setsockopt
gethostname
WSASetLastError
WSAIoctl
inet_addr
inet_ntoa
getnameinfo
recvfrom
accept
listen
shutdown
__WSAFDIsSet
gethostbyname
WSAStartup
WSACleanup
closesocket
connect
htons
send
sendto
socket
WSAGetLastError
getaddrinfo
freeaddrinfo
htonl

opengl32

wglDeleteContext
wglMakeCurrent
wglCreateContext
glTexSubImage2D
glTexParameteri
glTexParameterf
glTexImage2D
wglGetCurrentDC
wglGetProcAddress
wglGetCurrentContext
glGetError
glGetIntegerv
glGetString
glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glClearStencil
glColorMask
glPixelStorei
glGetTexImage
glCopyTexSubImage2D
glCullFace
glDepthFunc
glDepthMask
glDisable
glEnable
glPolygonOffset
glReadBuffer
glStencilFunc
glStencilMask
glStencilOp
glViewport
glDrawArrays
glDrawElements
glDeleteTextures
glGenTextures

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

wtsapi32

WTSSendMessageW

Exports

Exports

?g_postStaticInitFn@@3P6AHXZA
?g_preStaticInitFn@@3P6AHXZA
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: 13KB - Virtual size: 12KB

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 950KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

932e0387b48ada1613b68ab98cc0b195

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

9b:ae:a8:7d:61:8c:e8:a2:bf:11:bb:1a:f6:56:ae:4e:f2:19:39:3aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sensapi

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msacm32

shlwapi

dbghelp

version

crypt32

wintrust

iphlpapi

wininet

psapi

winmm

powrprof

ws2_32

opengl32

setupapi

wtsapi32

Exports

Exports

Sections

.text Size: 13.2MB - Virtual size: 13.2MB

.zero Size: 13KB - Virtual size: 12KB

.rdata Size: 6.2MB - Virtual size: 6.2MB

.data Size: 950KB - Virtual size: 3.3MB

.tls Size: 512B - Virtual size: 177B

.gfids Size: 4KB - Virtual size: 3KB

_RDATA Size: 35KB - Virtual size: 35KB

.vmp0 Size: 1.8MB - Virtual size: 1.8MB

.vmp1 Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 882KB - Virtual size: 881KB

.rsrc Size: 92KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

9b:ae:a8:7d:61:8c:e8:a2:bf:11:bb:1a:f6:56:ae:4e:f2:19:39:3a
Signer

.text
Size: 13.2MB - Virtual size: 13.2MB

.zero
Size: 13KB - Virtual size: 12KB

.rdata
Size: 6.2MB - Virtual size: 6.2MB

.data
Size: 950KB - Virtual size: 3.3MB

.tls
Size: 512B - Virtual size: 177B

.gfids
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 35KB - Virtual size: 35KB

.vmp0
Size: 1.8MB - Virtual size: 1.8MB

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 882KB - Virtual size: 881KB

.rsrc
Size: 92KB - Virtual size: 92KB