executor roblox[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

executor roblox.zip
Size

17.1MB
MD5

09fdfe373c52775914a9ea49804ddf24
SHA1

0b7bab068569999e8e20db960a58bc1f817da746
SHA256

b4942f8b089db237b2a879b8dbd254dc648471aa85b7bffa1ad59db45fa8feb8
SHA512

70a3ddf654fb152f18511c10e911d5b48c64de9a84f940f2f11fe3734f4e98a5e69df4e502319d61e105dd5291648852a18c37bb65cbf1335c49b64e05c3f059
SSDEEP

393216:E9nf0p98ALZes2Ecc/OzJ1ZvVgQ2OwhtE4bmrP98g5v:kf0pqALNOVnbEEumR8M

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Indicium Supra.dll	vmprotect
static1/unpack001/qdRFzx.exe	vmprotect

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EasyExploits.dll
unpack001/EasyExploitsDLL.dll
unpack001/FastColoredTextBox.dll
unpack001/Indicium Supra.dll
unpack001/executor roblox.exe
unpack001/exploit-main.dll
unpack001/qdRFzx.exe

Files

executor roblox.zip
.zip
EasyExploits.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Users\danie\OneDrive\ee api\EasyExploits\obj\Debug\EasyExploits.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyExploitsDLL.dll
.dll windows:6 windows x86 arch:x86

083b82cc7bb0bc1e354e181b13106507

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Users\danie\source\repos\Dll2\Release\Dll2.pdb

Imports

ws2_32

WSASetLastError
socket
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
ntohl
recv
select
send
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
closesocket

wldap32

ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord301
ord32
ord33
ord35
ord79
ord30
ord200
ord143

advapi32

CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext

kernel32

WideCharToMultiByte
UnhandledExceptionFilter
CreateFileA
FormatMessageA
SetLastError
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
MultiByteToWideChar
WaitForSingleObjectEx
CloseHandle
MoveFileExA
Sleep
GetTickCount
QueryPerformanceCounter
VerifyVersionInfoA
LoadLibraryA
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetFileSizeEx
WinExec
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress

crypt32

CertGetNameStringA
CertOpenStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertCloseStore
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

normaliz

IdnToAscii

vcruntime140

memcpy
strchr
memset
memmove
strstr
memchr
__std_type_info_destroy_list
strrchr
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

_lseeki64
fgets
__stdio_common_vsprintf
fputc
fflush
fclose
__acrt_iob_func
fopen
ftell
_read
_write
_close
_open
fread
fseek
feof
fwrite
__stdio_common_vsscanf
fputs

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_stat64
remove
_access
_unlink

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
malloc

api-ms-win-crt-string-l1-1-0

tolower
strncmp
strcspn
_strdup
isupper
strspn
strpbrk
strncpy

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_beginthreadex
strerror
_getpid
_errno
__sys_nerr
_initterm
_initterm_e
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoll

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FastColoredTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects_CSharp\FastColoredTextBox\FastColoredTextBox\obj\Debug\FastColoredTextBox.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Indicium Supra.dll
.dll windows:6 windows x86 arch:x86

d43bb1f2f1ed022c33b388f48e83afbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z

vcruntime140

__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-string-l1-1-0

strcat_s

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Scripts/BOOST A SLOW PCS FPS - ROBLOX SCRIPT.txt
Scripts/Da Hood ATOM II GUI.txt
Scripts/Ehub V4 - THE BEST PHANTOM FORCES GUI.txt
Scripts/Funky Friday.txt
.js
Scripts/MM2_RobloxScripts.txt
Scripts/Ninja_Legend_OMGScripts.txt
Scripts/aimbot da hood.txt
Scripts/crash da hood server.txt
Scripts/da hood script.txt
Scripts/dark hub.txt
Scripts/heternal hub.txt
Scripts/invidia script da hood.txt
Scripts/script mm2 xenyy.txt
Scripts/script per arsenal dark hub.txt
Scripts/script per brookhaven admin.txt
Scripts/script per kat roblox.txt
executor roblox.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\gabri\Desktop\executor\executor roblox\obj\Debug\executor roblox.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor roblox.exe.config
executor roblox.pdb
exploit-main.dll
.dll windows:6 windows x86 arch:x86

4325aa18cf5285c9f66501e82b90526d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup

crypt32

CertFreeCertificateContext

wldap32

ord45

normaliz

IdnToAscii

kernel32

AreFileApisANSI
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OpenClipboard
CharUpperBuffW

advapi32

CryptGetHashParam

shell32

ShellExecuteA

msvcp140

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

imm32

ImmReleaseContext

d3dcompiler_47

D3DCompile

dbghelp

SymCleanup

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

isalpha

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-stdio-l1-1-0

fsetpos

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

modf

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

_lock_file

Sections

.text
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rah0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rah1
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rah2
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
favicon.ico
qdRFzx.exe
.exe windows:6 windows x86 arch:x86

2756ea169b5b5fea0801b89114ba788d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcp140

?_Xlength_error@std@@YAXPBD@Z

shlwapi

PathAddBackslashA

vcruntime140

__current_exception

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

083b82cc7bb0bc1e354e181b13106507

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

advapi32

kernel32

crypt32

normaliz

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 13KB - Virtual size: 13KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

d43bb1f2f1ed022c33b388f48e83afbb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 32KB

.rdata Size: - Virtual size: 9KB

.data Size: - Virtual size: 2KB

.vmp0 Size: - Virtual size: 3.1MB

.vmp1 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 233B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

.text
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 32KB

.rdata
Size: - Virtual size: 9KB

.data
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 3.1MB

.vmp1
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 233B

.text
Size: 144KB - Virtual size: 144KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 1.3MB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 1.5MB

.rah0
Size: - Virtual size: 3.3MB

.rah1
Size: 8KB - Virtual size: 7KB

.rah2
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 16KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 1KB

.vmp0
Size: - Virtual size: 3.2MB

.vmp1
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B