8bf403152d79ac75f5e3388be1fcddbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8bf403152d79ac75f5e3388be1fcddbd_JaffaCakes118
Size

1.8MB
MD5

8bf403152d79ac75f5e3388be1fcddbd
SHA1

db50d8b2f01919c591cc61ee57a437ea7a352508
SHA256

7595c1888f316cc1a12ff50a0b6e74a15ba4fb4772c567d005722d0d0e00d5fa
SHA512

18f6814df2a4d9e12e035b835147cb9e22282512fe5a37e605227e840dd565978ac006457f5f5d5e99384bdb6722ff4f3be500a756095aa58005b15f7e34f318
SSDEEP

49152:gwKkhgxIUNXH3OCd8wPc24TaidQTkMUE0:gwKkhydMV

Score

1^/10

Malware Config

Signatures

Files

8bf403152d79ac75f5e3388be1fcddbd_JaffaCakes118
.dll regsvr32 windows:5 windows x64 arch:x64

91e520d770d97bc950eca0d411f7bc2c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2018, 00:00

Not After

01/02/2020, 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/09/2018, 00:00

Not After

01/02/2020, 23:59

Subject

CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

62:75:88:5c:63:26:b0:a8:89:b7:a9:68:69:bb:82:4e:b7:f0:4f:3d:f8:5f:c7:a6:e5:77:ea:e9:c0:43:7b:0b
Signer

Actual PE Digest

62:75:88:5c:63:26:b0:a8:89:b7:a9:68:69:bb:82:4e:b7:f0:4f:3d:f8:5f:c7:a6:e5:77:ea:e9:c0:43:7b:0b

Digest Algorithm

sha256

PE Digest Matches

true

ab:35:61:6b:62:4b:cf:9e:35:6b:ab:98:3f:d2:d6:9f:c0:22:c3:92
Signer

Actual PE Digest

ab:35:61:6b:62:4b:cf:9e:35:6b:ab:98:3f:d2:d6:9f:c0:22:c3:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\378635\out\Release\safemon64.pdb

Imports

kernel32

FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
LoadLibraryExA
GetCommandLineW
GetComputerNameW
GetTempPathW
CreateDirectoryA
SetEndOfFile
VirtualQuery
IsDebuggerPresent
GetSystemDirectoryA
lstrcpyA
GetModuleFileNameW
GetProcessId
GetThreadId
GetThreadContext
MapViewOfFile
UnmapViewOfFile
QueryFullProcessImageNameA
DuplicateHandle
IsBadStringPtrW
LoadLibraryW
VirtualQueryEx
QueryDosDeviceW
GetFileSizeEx
GetPrivateProfileSectionA
CreateEventA
SetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
lstrcpynW
lstrcmpA
FreeResource
GlobalAlloc
GlobalLock
LockResource
GlobalUnlock
MulDiv
lstrcmpW
ResetEvent
OpenFileMappingA
GetProcessHeap
HeapFree
HeapAlloc
GlobalSize
CreateEventW
CreateFileW
GetTickCount
SetLastError
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrcmpiW
CreateThread
RaiseException
lstrcmpiA
WriteFile
GetFileSize
ReadFile
CreateFileA
GetPrivateProfileIntA
GetLastError
Thread32First
SetThreadContext
GetVersionExW
GetPrivateProfileIntW
IsBadWritePtr
ResumeThread
SuspendThread
GetThreadPriority
VirtualProtectEx
SetThreadPriority
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
HeapSetInformation
GetStdHandle
ExitProcess
HeapSize
FlsAlloc
GetCurrentThread
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwindEx
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ReleaseMutex
HeapWalk
HeapLock
GetStartupInfoW
VirtualProtect
WaitForSingleObject
CreateRemoteThread
OutputDebugStringW
GetModuleFileNameA
ReadProcessMemory
OpenProcess
GetSystemInfo
GetPrivateProfileStringA
SetFilePointer
GetVersionExA
LocalAlloc
LoadLibraryA
FreeLibrary
Sleep
GetSystemDirectoryW
LocalFree
GetLongPathNameW
CreateToolhelp32Snapshot
SearchPathW
CloseHandle
GetCurrentProcessId
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenW
lstrcpynA
OutputDebugStringA
DebugBreak
GetModuleHandleA
IsBadReadPtr
GetModuleHandleW
TlsGetValue
TlsFree
InitializeCriticalSection
TlsAlloc
TlsSetValue
GetProcAddress
MultiByteToWideChar
lstrlenA
EnterCriticalSection
LeaveCriticalSection
OpenThread
HeapUnlock
CreateMutexW
GetSystemTime
FormatMessageW
SetFilePointerEx
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetModuleHandleExW
DeviceIoControl
InterlockedPopEntrySList
InterlockedPushEntrySList
DeleteCriticalSection
Thread32Next

user32

GetWindowLongA
InvalidateRect
SetTimer
IsWindowEnabled
RegisterClassExA
DestroyWindow
ShowWindow
KillTimer
SetWindowPos
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
RegisterClassA
CreateWindowExA
MoveWindow
GetClientRect
GetParent
LoadStringA
CallWindowProcA
GetClassNameW
FindWindowA
EnumChildWindows
IsWindow
SetWindowLongPtrA
GetWindowRect
SetRect
LoadBitmapA
UnhookWinEvent
GetWindowLongPtrA
EndPaint
BeginPaint
LoadCursorA
SetWinEventHook
GetClassNameA
GetWindowTextA
CharNextA
GetClassInfoExA
SendMessageA
CreateWindowExW
RegisterClassW
PostQuitMessage
FindWindowW
RegisterWindowMessageA
GetWindowTextLengthA
SetWindowTextA
GetFocus
SetFocus
GetDlgItem
GetSysColor
RedrawWindow
CreateAcceleratorTableA
ClientToScreen
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
SendMessageTimeoutW
GetWindow
IsRectEmpty
IsWindowVisible
GetDesktopWindow
SetCursor
PtInRect
ScreenToClient
DrawTextW
InflateRect
SetWindowRgn
IsChild
EndDialog
DialogBoxParamA
PeekMessageA
UnregisterClassA
GetCursorPos
GetSystemMetrics
GetWindowTextW
FindWindowExW
PostMessageA
SendMessageTimeoutA
LoadImageA
wsprintfW
wsprintfA
ReleaseDC
GetDC

gdi32

CombineRgn
CreatePolygonRgn
CreateRectRgn
CreateFontIndirectA
LineTo
MoveToEx
SetTextColor
GetStockObject
CreateDIBSection
SetStretchBltMode
CreatePen
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
SetViewportOrgEx
ExtTextOutA
SetBkColor
StretchBlt
SetBkMode
DeleteDC
GetObjectA
SelectObject
CreateCompatibleDC
DeleteObject
CreateSolidBrush

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidA
LookupAccountNameW
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegOpenKeyW
OpenProcessToken
RegEnumKeyExW
GetTokenInformation
ConvertSidToStringSidW

shell32

SHGetSpecialFolderPathA
ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

CoCreateInstance
StringFromCLSID
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
GetHGlobalFromStream
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemRealloc
OleRun

oleaut32

GetErrorInfo
VariantClear
VariantInit
SysFreeString
DispCallFunc
SysStringLen
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocString
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
OleCreateFontIndirect
SysAllocStringLen

shlwapi

SHGetValueW
StrCmpNIA
PathFindFileNameA
PathRemoveFileSpecA
StrChrA
UrlGetPartA
PathGetArgsW
PathFindExtensionW
PathMatchSpecW
PathAppendA
StrCmpNW
PathUnquoteSpacesA
StrStrW
StrToIntExW
SHSetValueW
UrlGetPartW
SHSetValueA
SHDeleteKeyA
UrlUnescapeA
PathRemoveExtensionA
PathRemoveExtensionW
wnsprintfW
StrDupA
StrDupW
StrChrW
StrCmpW
PathFileExistsA
PathFileExistsW
PathAppendW
PathCombineW
StrStrIA
StrStrIW
StrCpyNW
StrCmpNIW
StrCmpIW
PathFindFileNameW
PathCombineA
StrTrimA
SHGetValueA

oleacc

AccessibleObjectFromPoint
AccessibleObjectFromEvent

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

getpeername
ntohl
WSAGetLastError

imagehlp

ImageNtHeader
ImageDirectoryEntryToDataEx
ImageDirectoryEntryToData

psapi

GetModuleInformation

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IsTraystupidRealRunning
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_Version
cJSON_free
cJSON_malloc
safemon_115
safemoninit

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.share
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91e520d770d97bc950eca0d411f7bc2c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:daCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

62:75:88:5c:63:26:b0:a8:89:b7:a9:68:69:bb:82:4e:b7:f0:4f:3d:f8:5f:c7:a6:e5:77:ea:e9:c0:43:7b:0bSigner

ab:35:61:6b:62:4b:cf:9e:35:6b:ab:98:3f:d2:d6:9f:c0:22:c3:92Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

oleacc

version

ws2_32

imagehlp

psapi

netapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 329KB - Virtual size: 329KB

.data Size: 216KB - Virtual size: 268KB

.pdata Size: 55KB - Virtual size: 55KB

.share Size: 1024B - Virtual size: 576B

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

62:75:88:5c:63:26:b0:a8:89:b7:a9:68:69:bb:82:4e:b7:f0:4f:3d:f8:5f:c7:a6:e5:77:ea:e9:c0:43:7b:0b
Signer

ab:35:61:6b:62:4b:cf:9e:35:6b:ab:98:3f:d2:d6:9f:c0:22:c3:92
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 329KB - Virtual size: 329KB

.data
Size: 216KB - Virtual size: 268KB

.pdata
Size: 55KB - Virtual size: 55KB

.share
Size: 1024B - Virtual size: 576B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 12KB - Virtual size: 11KB