vidar | 2024-03-29_e68b336568b33b64e5e81bc79c855f29_magniber

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-29_e68b336568b33b64e5e81bc79c855f29_magniber
Size

27.3MB
MD5

e68b336568b33b64e5e81bc79c855f29
SHA1

0e47f98802d5788b4224294518f168d48cf646a5
SHA256

b6dc3b41d6e04b086f9fb41904875316519db4c8800a59581d99611760feba4b
SHA512

1e2efaf7567639fb1817a95832d2b1e329ebb3397d974c9599589e74a4e3d297ae1f51976ad80ae9167e0697350b3956120e13c591cc59e0edc82d579fce305e
SSDEEP

786432:fZ3iCNQEMu/lDAiTEv3XO7f/WMuVtc0cW+:fZ3iCNQEMu/lDfTEW7fmLcW+

Score

10^/10

vidar

Malware Config

Signatures

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_VMProtect

Vidar family
vidar

Files

2024-03-29_e68b336568b33b64e5e81bc79c855f29_magniber
.exe windows:5 windows x86 arch:x86

a42f44c3fde9ca9039a17cc7ace2ffcc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/10/2016, 00:00

Not After

11/10/2019, 23:59

Subject

CN=Roblox Corporation,O=Roblox Corporation,L=San Mateo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:7e:84:04:05:cb:f6:c8:70:26:ec:2c:08:76:01:11:65:5f:42:9c
Signer

Actual PE Digest

d5:7e:84:04:05:cb:f6:c8:70:26:ec:2c:08:76:01:11:65:5f:42:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teamcity-agent\work\483c1ef771d73dc5\build.msvc\Win32\Client-Release\WindowsClient\RobloxPlayerBeta.pdb

Imports

sensapi

IsNetworkAlive

urlmon

UrlMkSetSessionOption

kernel32

GetCurrentProcess
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
SetErrorMode
InitializeCriticalSection
ReleaseSemaphore
DuplicateHandle
GetSystemInfo
lstrcmpiA
lstrlenW
CreateSemaphoreA
GetACP
GetLocalTime
SizeofResource
FindResourceW
FindResourceExW
DeleteFileA
MoveFileA
WriteProcessMemory
WriteFile
CompareFileTime
CreateFileA
FindFirstFileA
FindNextFileA
ExitProcess
IsDebuggerPresent
LoadLibraryExA
IsDBCSLeadByte
VirtualQuery
DecodePointer
GetShortPathNameW
QueryPerformanceCounter
QueryPerformanceFrequency
IsWow64Process
TryEnterCriticalSection
VirtualFree
VirtualAlloc
InterlockedExchange
lstrcpyW
lstrcpynW
FileTimeToSystemTime
LocalFree
LocalAlloc
ReplaceFileW
GetModuleHandleExA
SearchPathW
OpenEventW
Process32NextW
Process32FirstW
CreateFileMappingW
GetFileSizeEx
GetStdHandle
ReadFile
SetFilePointer
GetTickCount
GetSystemTimeAsFileTime
GetUserGeoID
GetGeoInfoA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
FindNextFileW
FindFirstFileW
DeleteFileW
SetCurrentDirectoryW
GetTempPathW
GetProfileStringA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
FindResourceA
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CompareStringW
CreateEventW
GetStringTypeW
GetNativeSystemInfo
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
FlushFileBuffers
InterlockedCompareExchange
InterlockedExchangeAdd
GetProcessAffinityMask
FreeConsole
CreateProcessA
TerminateProcess
GetWindowsDirectoryW
SetUnhandledExceptionFilter
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryA
CreateFileMappingA
CreateMutexA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
SystemTimeToFileTime
GetSystemTime
MulDiv
LoadResource
Sleep
WaitForMultipleObjects
WaitForSingleObject
ReleaseMutex
SetLastError
GetCurrentThreadId
VirtualProtect
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
Module32NextW
Module32FirstW
ProcessIdToSessionId
QueryDosDeviceW
GetLogicalDriveStringsW
CreateMutexW
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
SuspendThread
OpenThread
FlushInstructionCache
MoveFileExW
CopyFileW
GetFileAttributesExW
GetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
SetFilePointerEx
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
CreateSemaphoreW
LoadLibraryW
GetModuleHandleW
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringW
CreateFileW
AttachConsole
WriteConsoleW
GetThreadContext
SetThreadContext
ResumeThread
CreateDirectoryW
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetFileTime
GetFileTime
FindClose
SetEndOfFile
DeviceIoControl
GetLogicalProcessorInformation
SetWaitableTimer
CreateWaitableTimerA
TlsFree
HeapDestroy
ResetEvent
SetEvent
GetCurrentProcessId
WaitForSingleObjectEx
CloseHandle
OpenEventA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GetTempPathA
VerifyVersionInfoA
GetSystemDirectoryA
ExpandEnvironmentStringsA
SleepEx
FormatMessageA
GlobalMemoryStatusEx
FindFirstChangeNotificationA
VerSetConditionMask
WriteProfileStringW
GetLocaleInfoW
GetDateFormatW
WaitForMultipleObjectsEx
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
FreeLibrary
TerminateProcess
GetCurrentProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

IsWindow
GetWindowTextW
GetAsyncKeyState
CreateWindowExA
GetClassInfoExA
RegisterClassExA
CallWindowProcA
DefWindowProcW
DefWindowProcA
PostMessageA
SetFocus
GetFocus
SetCapture
SendMessageA
RegisterWindowMessageA
IsChild
DestroyWindow
ShowWindowAsync
MoveWindow
SetWindowPos
CreateDialogIndirectParamA
ReleaseCapture
CreateAcceleratorTableA
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
EnumDisplayDevicesA
GetWindowInfo
EnumWindows
UnregisterDeviceNotification
UnregisterClassA
GetDlgItem
CharNextA
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
SetWindowPlacement
FindWindowA
MapDialogRect
LoadIconA
SetWindowContextHelpId
EndDialog
LoadIconW
UpdateWindow
SetTimer
CreateWindowExW
RegisterClassExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
RegisterRawInputDevices
GetRawInputData
SetRect
ClipCursor
GetCursorPos
SetCursor
MapVirtualKeyExA
MapVirtualKeyA
GetClipboardData
CloseClipboard
OpenClipboard
LoadKeyboardLayoutA
LoadStringW
GetWindowThreadProcessId
SetRectEmpty
MapWindowPoints
GetWindowRect
GetSystemMetrics
GetWindowPlacement
ShowWindow
GetMonitorInfoA
MonitorFromWindow
LoadStringA
LoadCursorA
GetWindow
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
MessageBoxA
GetClientRect
UnregisterClassW
PeekMessageW
SendMessageW
PostMessageW
GetClassInfoExW
LoadCursorW
RegisterDeviceNotificationW
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDIBits
ChoosePixelFormat
SetPixelFormat
SwapBuffers

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
CheckTokenMembership
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptGenRandom
CryptImportKey
RegQueryInfoKeyW
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
FreeSid
AllocateAndInitializeSid
CryptVerifySignatureA
RegQueryInfoKeyA
CryptAcquireContextA

shell32

SHGetFolderPathAndSubDirW
ShellExecuteA
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CLSIDFromString
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoFreeUnusedLibraries
CoTaskMemRealloc
OleUninitialize
CoCreateInstance
CoCreateGuid
PropVariantClear
CoSetProxyBlanket
CoGetClassObject
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
GetErrorInfo

msacm32

acmStreamUnprepareHeader
acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
acmStreamOpen
acmFormatSuggest

shlwapi

PathAddBackslashA
PathStripPathA
StrCmpW
PathAppendA
PathFileExistsA
PathRemoveFileSpecA

dbghelp

MiniDumpWriteDump

version

GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CryptQueryObject
CertGetCertificateContextProperty
CertGetNameStringW
CryptDecodeObject

wintrust

WinVerifyTrust

iphlpapi

IcmpSendEcho
GetAdaptersAddresses
IcmpCreateFile

wininet

InternetSetCookieA

psapi

GetModuleInformation
GetProcessMemoryInfo
GetProcessImageFileNameW

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutReset
waveOutGetNumDevs
timeEndPeriod
timeBeginPeriod
waveInStart
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
timeGetDevCaps
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInReset
waveOutGetDevCapsW
waveOutGetPosition
timeGetTime
timeSetEvent

powrprof

CallNtPowerInformation

ws2_32

gethostbyname
WSAStartup
WSACleanup
closesocket
connect
htons
send
sendto
socket
WSAGetLastError
getaddrinfo
freeaddrinfo
__WSAFDIsSet
bind
ioctlsocket
getpeername
getsockname
getsockopt
shutdown
listen
accept
recvfrom
getnameinfo
inet_ntoa
inet_addr
WSAIoctl
WSASetLastError
gethostname
setsockopt
select
recv
ntohs
htonl

opengl32

glReadBuffer
glPolygonOffset
glStencilFunc
glStencilMask
glStencilOp
glViewport
glDrawArrays
glDrawElements
glGetError
glGetIntegerv
glGetString
glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glClearStencil
glColorMask
glDeleteTextures
glGenTextures
glGetTexImage
glPixelStorei
glCopyTexSubImage2D
glCullFace
glDepthFunc
glDepthMask
glDisable
glTexImage2D
glEnable
glTexParameterf
glTexParameteri
glTexSubImage2D
wglGetProcAddress
wglGetCurrentDC
wglMakeCurrent
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glReadPixels

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

wtsapi32

WTSSendMessageW

Exports

Exports

?g_postStaticInitFn@@3P6AHXZA
?g_preStaticInitFn@@3P6AHXZA
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 12.8MB - Virtual size: 12.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 939KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 851KB - Virtual size: 851KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a42f44c3fde9ca9039a17cc7ace2ffcc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6Certificate

Extended Key Usages

Key Usages

d5:7e:84:04:05:cb:f6:c8:70:26:ec:2c:08:76:01:11:65:5f:42:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

sensapi

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msacm32

shlwapi

dbghelp

version

crypt32

wintrust

iphlpapi

wininet

psapi

winmm

powrprof

ws2_32

opengl32

setupapi

wtsapi32

Exports

Exports

Sections

.text Size: 12.8MB - Virtual size: 12.8MB

.zero Size: 12KB - Virtual size: 12KB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 939KB - Virtual size: 3.3MB

.tls Size: 512B - Virtual size: 177B

.gfids Size: 4KB - Virtual size: 3KB

_RDATA Size: 35KB - Virtual size: 35KB

.vmp0 Size: 1.7MB - Virtual size: 1.7MB

.vmp1 Size: 5.9MB - Virtual size: 5.9MB

.reloc Size: 851KB - Virtual size: 851KB

.rsrc Size: 92KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:4e:21:5b:8d:f6:f1:77:f5:00:12:fe:bd:09:bd:a6
Certificate

d5:7e:84:04:05:cb:f6:c8:70:26:ec:2c:08:76:01:11:65:5f:42:9c
Signer

.text
Size: 12.8MB - Virtual size: 12.8MB

.zero
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 939KB - Virtual size: 3.3MB

.tls
Size: 512B - Virtual size: 177B

.gfids
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 35KB - Virtual size: 35KB

.vmp0
Size: 1.7MB - Virtual size: 1.7MB

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

.reloc
Size: 851KB - Virtual size: 851KB

.rsrc
Size: 92KB - Virtual size: 92KB