Passcap rest[.]iso

Sharing

Copy URL

Twitter E-mail

General

Target

Passcap rest.iso
Size

327.8MB
MD5

ed792ec239148c43400ca1882f1e3d4d
SHA1

b6a752a49564f5c4b28940b5337423e589beb542
SHA256

673d25a6503ed4fdf0d77949ca471c4f4fc10b55b8dc4184db63682a4f352a4f
SHA512

3b57360834ef61f98466a12e1326c8be5bf9bca2a90127f9283cfed15f728e0c72c5178c0660a32f6c0091957cb68e4632aae7f9fdf0395ae67e94f85ff67cd4
SSDEEP

6291456:veuk5U1RkeB0z7fTknWrLZA+z+u1gYpO2ntheKFkJQ:veugUXkzzQWnZA+6TlmhDuQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/boot/memtest.exe

Files

Passcap rest.iso
.iso
out.iso
.iso
EFI/Boot/bootx64.efi
.dll windows:0 windows x64 arch:x64

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:b9:25:81:69:4c:8e:05:3d:6a:17:5a:6c:b3:f6:9c:83:bc:30:02:ce:60:d8:a7:59:de:a8:e5:60:9d:11:53
Signer

Actual PE Digest

68:b9:25:81:69:4c:8e:05:3d:6a:17:5a:6c:b3:f6:9c:83:bc:30:02:ce:60:d8:a7:59:de:a8:e5:60:9d:11:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

bootx64.pdb

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGER32R
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EFI/Microsoft/Boot/BCD
EFI/Microsoft/Boot/Resources/bootres.dll
.dll windows:6 windows x64 arch:x64

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67
Signer

Actual PE Digest

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EFI/Microsoft/Boot/fonts/wgl4_boot.ttf
EFI/Microsoft/Boot/memtest.efi
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:a2:93:8a:f8:7e:08:e8:e5:1d:67:7c:43:e2:dd:96:07:7c:53:e1:21:e3:38:fe:06:7e:33:2e:19:2d:05:8c
Signer

Actual PE Digest

37:a2:93:8a:f8:7e:08:e8:e5:1d:67:7c:43:e2:dd:96:07:7c:53:e1:21:e3:38:fe:06:7e:33:2e:19:2d:05:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

memtest.pdb

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGER32R
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autorun.inf
boot/BCD
boot/Resources/bootres.dll
.dll windows:6 windows x64 arch:x64

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67
Signer

Actual PE Digest

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
boot/boot.sdi
boot/bootfix.bak
boot/fonts/wgl4_boot.ttf
boot/memtest.exe
.exe windows:0 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

memtest.pdb

Sections

.text
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGER32C
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGER32R
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootmgr
bootmgr.efi
.exe windows:0 windows x64 arch:x64

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-06-2013 21:43

Not After

17-09-2014 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:b4:b1:95:ed:5c:1a:b3:a3:5d:42:be:81:95:8b:17:4e:44:95:2a:87:7b:c6:ee:91:7a:62:0b:6b:71:a5:82
Signer

Actual PE Digest

90:b4:b1:95:ed:5c:1a:b3:a3:5d:42:be:81:95:8b:17:4e:44:95:2a:87:7b:c6:ee:91:7a:62:0b:6b:71:a5:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bootmgr.pdb

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
license.key
license.txt
rwp.chm
.chm
rwp.ico
rwp_fr.chm
.chm
rwp_ru.chm
.chm
sources/boot.wim

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

68:b9:25:81:69:4c:8e:05:3d:6a:17:5a:6c:b3:f6:9c:83:bc:30:02:ce:60:d8:a7:59:de:a8:e5:60:9d:11:53Signer

Headers

File Characteristics

PDB Paths

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

PAGER32C Size: 15KB - Virtual size: 15KB

PAGE Size: 5KB - Virtual size: 5KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 18KB - Virtual size: 428KB

.pdata Size: 41KB - Virtual size: 41KB

PAGER32R Size: 512B - Virtual size: 256B

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 8KB - Virtual size: 8KB

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67Signer

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 9KB - Virtual size: 8KB

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

37:a2:93:8a:f8:7e:08:e8:e5:1d:67:7c:43:e2:dd:96:07:7c:53:e1:21:e3:38:fe:06:7e:33:2e:19:2d:05:8cSigner

Headers

File Characteristics

PDB Paths

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

PAGER32C Size: 15KB - Virtual size: 15KB

PAGE Size: 6KB - Virtual size: 5KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 22KB - Virtual size: 507KB

.pdata Size: 38KB - Virtual size: 38KB

PAGER32R Size: 512B - Virtual size: 256B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 9KB - Virtual size: 9KB

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67Signer

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 9KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 972KB - Virtual size: 971KB

PAGER32C Size: 18KB - Virtual size: 17KB

PAGE Size: 5KB - Virtual size: 4KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 17KB - Virtual size: 405KB

PAGER32R Size: 512B - Virtual size: 256B

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 30KB - Virtual size: 30KB

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

68:b9:25:81:69:4c:8e:05:3d:6a:17:5a:6c:b3:f6:9c:83:bc:30:02:ce:60:d8:a7:59:de:a8:e5:60:9d:11:53
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

PAGER32C
Size: 15KB - Virtual size: 15KB

PAGE
Size: 5KB - Virtual size: 5KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 18KB - Virtual size: 428KB

.pdata
Size: 41KB - Virtual size: 41KB

PAGER32R
Size: 512B - Virtual size: 256B

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 8KB - Virtual size: 8KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67
Signer

.rsrc
Size: 9KB - Virtual size: 8KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

37:a2:93:8a:f8:7e:08:e8:e5:1d:67:7c:43:e2:dd:96:07:7c:53:e1:21:e3:38:fe:06:7e:33:2e:19:2d:05:8c
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

PAGER32C
Size: 15KB - Virtual size: 15KB

PAGE
Size: 6KB - Virtual size: 5KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 22KB - Virtual size: 507KB

.pdata
Size: 38KB - Virtual size: 38KB

PAGER32R
Size: 512B - Virtual size: 256B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 9KB - Virtual size: 9KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4d:68:3e:25:0a:8a:b5:25:ed:3e:5b:b4:72:c8:bb:d5:be:d7:31:a1:82:28:b2:79:8d:02:41:fc:b0:bb:93:67
Signer

.rsrc
Size: 9KB - Virtual size: 8KB

.text
Size: 972KB - Virtual size: 971KB

PAGER32C
Size: 18KB - Virtual size: 17KB

PAGE
Size: 5KB - Virtual size: 4KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 17KB - Virtual size: 405KB

PAGER32R
Size: 512B - Virtual size: 256B

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 30KB - Virtual size: 30KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

90:b4:b1:95:ed:5c:1a:b3:a3:5d:42:be:81:95:8b:17:4e:44:95:2a:87:7b:c6:ee:91:7a:62:0b:6b:71:a5:82
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 18KB - Virtual size: 426KB

.pdata
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 8KB - Virtual size: 8KB