bdcap64[.]dll | Triage

Resubmissions

17-04-2024 17:27

240417-v1xtgsgf63 6

Sharing

Copy URL

Twitter E-mail

General

Target

bdcap64.dll
Size

20.7MB
MD5

a64393d6f8285b78e94952553a8e7e10
SHA1

fcf63bb37843b18203a5d220f37719ecd78362cc
SHA256

8ffce3b8233b255b287768d92516278f44e2409a6abb92f46d8e2a99cc77be92
SHA512

14cdc6818dcc24d9e99e7c27c2896bd22bfe6f648e631fc8f178632b9dc2e5dc7da91bbb67f77c7fc4afe32f1dd50cc42ec2321c76fdc2c464aeba6c25a74e2d
SSDEEP

196608:CdclfqMOQuhfX1+f1k91Ue9QFervvvvvvJLO28tEgUGfXbrag/bIcRE765:Xq1+tdp+6HLNH6o

Score

1^/10

Malware Config

Signatures

Files

bdcap64.dll
.dll windows:6 windows x64 arch:x64

ed1438965cf0bae303c64388d6f9f09c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:ee:6b:b1:7d:06:13:6b:a5:92:d6:aa:c7:fc:a6:20
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19-12-2023 00:00

Not After

07-03-2027 23:59

Subject

CN=Bandicam Company Corp.,O=Bandicam Company Corp.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:ee:6b:b1:7d:06:13:6b:a5:92:d6:aa:c7:fc:a6:20
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19-12-2023 00:00

Not After

07-03-2027 23:59

Subject

CN=Bandicam Company Corp.,O=Bandicam Company Corp.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:d1:68:ac:e5:34:68:c1:d4:23:c4:3f:c2:a4:6d:7a:0f:c3:fc:5b:f4:ca:66:3f:b6:a2:f6:7d:44:2e:21:2f
Signer

Actual PE Digest

f7:d1:68:ac:e5:34:68:c1:d4:23:c4:3f:c2:a4:6d:7a:0f:c3:fc:5b:f4:ca:66:3f:b6:a2:f6:7d:44:2e:21:2f

Digest Algorithm

sha256

PE Digest Matches

true

69:4e:60:1c:09:52:af:8e:fd:bd:15:5f:5c:e4:2e:a5:ca:e8:cf:75
Signer

Actual PE Digest

69:4e:60:1c:09:52:af:8e:fd:bd:15:5f:5c:e4:2e:a5:ca:e8:cf:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

dsound

ord7
ord6

kernel32

WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetSystemInfo
GlobalMemoryStatusEx
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount64
QueryPerformanceFrequency
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
WriteFile
CreateMutexA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
InitializeCriticalSectionEx
RaiseException
DecodePointer
Sleep
ReleaseSemaphore
CreateSemaphoreA
SetThreadPriority
WaitForMultipleObjects
MulDiv
DisableThreadLibraryCalls
GetSystemTime
GetDiskFreeSpaceExA
DeleteFileW
GetThreadPriority
VirtualProtect
WaitForSingleObjectEx
CreateThread
WaitForMultipleObjectsEx
GlobalLock
GlobalUnlock
FlushFileBuffers
GetFileAttributesExA
TryEnterCriticalSection
SwitchToThread
CreateEventW
LoadLibraryExW
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetModuleFileNameW
SetErrorMode
GetModuleHandleExW
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
HeapQueryInformation
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
FindFirstFileExW
FreeLibraryAndExitThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
GetFileSize
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
GlobalFree
GlobalAlloc
GetCurrentProcess
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetVolumeInformationA
SetLastError
FindClose
GetTimeZoneInformation
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
CreateFileA
lstrlenA
CloseHandle
GetLastError
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
HeapAlloc
RtlUnwindEx
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EqualRect
ScreenToClient
ClientToScreen
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetDesktopWindow
GetForegroundWindow
GetDC
ReleaseDC
RegisterWindowMessageA
GetIconInfo
DrawIconEx
IntersectRect
SetRect
SetRectEmpty
UnionRect
GetSystemMetrics
GetClientRect
OffsetRect
CopyRect
GetWindowRect
IsRectEmpty
GetCursorInfo
MsgWaitForMultipleObjects
WindowFromDC
FillRect
DispatchMessageW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
CloseDesktop
SetThreadDesktop
OpenInputDesktop
PtInRect
GetCursorPos
GetAsyncKeyState
EnumDisplayDevicesA
CharUpperBuffW

gdi32

CreateSolidBrush
GetDIBits
CreateCompatibleBitmap
CreateDCA
SetBkMode
TextOutW
GetTextExtentPoint32W
SetTextCharacterExtra
CreateFontW
AbortPath
GetPath
EndPath
CloseFigure
BeginPath
StretchBlt
SetStretchBltMode
DeleteDC
SelectObject
CreateCompatibleDC
CreateDIBSection
DeleteObject
SetBkColor
GetObjectA

advapi32

RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHGetFolderPathW

ole32

CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

pdh

PdhGetFormattedCounterValue
PdhCollectQueryData
PdhAddCounterA
PdhOpenQueryA
PdhRemoveCounter

vcomp140

omp_get_thread_num
omp_unset_lock
omp_set_lock
omp_init_lock
omp_set_dynamic
omp_get_num_threads
omp_destroy_lock
omp_get_max_threads
_vcomp_for_static_end
_vcomp_for_static_simple_init
_vcomp_fork
_vcomp_master_begin
_vcomp_master_end
_vcomp_reduction_i4
_vcomp_set_num_threads

winmm

PlaySoundW
timeBeginPeriod
mixerGetControlDetailsA
mixerClose
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetDevCapsA
mixerSetControlDetails
mixerGetID
waveInMessage
waveInGetErrorTextA
waveInReset
waveInStop
waveInClose
waveInUnprepareHeader
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
waveInGetNumDevs
waveInAddBuffer
mixerOpen
mmioCreateChunk
mmioClose
mmioSeek
mmioAscend
mmioOpenW
mmioWrite

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9

Exports

Exports

CreateBandiCapture
CreateCoreInterface
CreateDrawEffect

Sections

.text
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BANDI0
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BANDI1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BANDI2
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ed1438965cf0bae303c64388d6f9f09c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:ee:6b:b1:7d:06:13:6b:a5:92:d6:aa:c7:fc:a6:20Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:ee:6b:b1:7d:06:13:6b:a5:92:d6:aa:c7:fc:a6:20Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f7:d1:68:ac:e5:34:68:c1:d4:23:c4:3f:c2:a4:6d:7a:0f:c3:fc:5b:f4:ca:66:3f:b6:a2:f6:7d:44:2e:21:2fSigner

69:4e:60:1c:09:52:af:8e:fd:bd:15:5f:5c:e4:2e:a5:ca:e8:cf:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

version

pdh

vcomp140

winmm

d3d9

dxva2

Exports

Exports

Sections

.text Size: 10.2MB - Virtual size: 10.2MB

IPPCODE Size: 2.8MB - Virtual size: 2.8MB

.rodata Size: 3KB - Virtual size: 2KB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 468KB - Virtual size: 578KB

.pdata Size: 259KB - Virtual size: 259KB

IPPDATA Size: 63KB - Virtual size: 62KB

_RDATA Size: 49KB - Virtual size: 49KB

.BANDI0 Size: 2.7MB - Virtual size: 2.7MB

.BANDI1 Size: 4KB - Virtual size: 4KB

.BANDI2 Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 20KB - Virtual size: 20KB

.rsrc Size: 16KB - Virtual size: 16KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:ee:6b:b1:7d:06:13:6b:a5:92:d6:aa:c7:fc:a6:20
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:ee:6b:b1:7d:06:13:6b:a5:92:d6:aa:c7:fc:a6:20
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f7:d1:68:ac:e5:34:68:c1:d4:23:c4:3f:c2:a4:6d:7a:0f:c3:fc:5b:f4:ca:66:3f:b6:a2:f6:7d:44:2e:21:2f
Signer

69:4e:60:1c:09:52:af:8e:fd:bd:15:5f:5c:e4:2e:a5:ca:e8:cf:75
Signer

.text
Size: 10.2MB - Virtual size: 10.2MB

IPPCODE
Size: 2.8MB - Virtual size: 2.8MB

.rodata
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 468KB - Virtual size: 578KB

.pdata
Size: 259KB - Virtual size: 259KB

IPPDATA
Size: 63KB - Virtual size: 62KB

_RDATA
Size: 49KB - Virtual size: 49KB

.BANDI0
Size: 2.7MB - Virtual size: 2.7MB

.BANDI1
Size: 4KB - Virtual size: 4KB

.BANDI2
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 16KB - Virtual size: 16KB