2024-06-15_e0162ae7ea2e692b12b2954fa0532096_mafia_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_e0162ae7ea2e692b12b2954fa0532096_mafia_revil
Size

3.2MB
MD5

e0162ae7ea2e692b12b2954fa0532096
SHA1

087ba992c09a9d96ffa6a451ae65fc560f17e4a2
SHA256

1b9b77ad03fb876432f46bb17c4daf6879ab9aa7587ecb39ac31fd1cf6f7858e
SHA512

6f829cc418a249f6f7d144fe8396e3a85724efa8ae389f6b8b00dffeeb690e1b6ded1d0709e1098bb657ae513addcee73e8d2c7be893d71e40c83232d96488be
SSDEEP

49152:SdSpyD8nky/eVurEAVxkpPOJbTRUd3yrT3fGMUU/Za4Jvrpt5E/shz7+0E:ppyBy/lrEAVxkpPOJbrrDGMUsrv/5E08

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_e0162ae7ea2e692b12b2954fa0532096_mafia_revil
.exe windows:5 windows x86 arch:x86

6d6236c9d9de38ea9990810725e8cb3c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/01/2023, 06:40

Not After

06/01/2026, 06:40

Subject

CN=Shenzhen Aidapu Network Technology Co.\,Ltd.,O=Shenzhen Aidapu Network Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/01/2023, 06:40

Not After

06/01/2026, 06:40

Subject

CN=Shenzhen Aidapu Network Technology Co.\,Ltd.,O=Shenzhen Aidapu Network Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:59:39:d5:9c:2d:de:c3:1d:d3:7e:91:30:e2:24:9f:a9:55:c2:9b:17:e9:97:45:a9:f8:d9:6b:05:13:db:6b
Signer

Actual PE Digest

e4:59:39:d5:9c:2d:de:c3:1d:d3:7e:91:30:e2:24:9f:a9:55:c2:9b:17:e9:97:45:a9:f8:d9:6b:05:13:db:6b

Digest Algorithm

sha256

PE Digest Matches

true

94:3b:8c:40:74:b6:9b:44:f3:1a:ba:06:b5:51:f4:6c:d3:f1:d1:79
Signer

Actual PE Digest

94:3b:8c:40:74:b6:9b:44:f3:1a:ba:06:b5:51:f4:6c:d3:f1:d1:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

CompareFileTime
SleepEx
ReadFile
PeekNamedPipe
WaitForMultipleObjects
MoveFileExA
GetACP
GetCurrentDirectoryW
lstrlenW
GlobalUnlock
GlobalLock
MulDiv
GlobalAlloc
LocalFree
SetFilePointer
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesW
SetFileTime
InterlockedIncrement
InterlockedDecrement
lstrcpyW
lstrcmpiW
lstrcpynW
GetLocalTime
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetFullPathNameA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
InitializeCriticalSection
GetOEMCP
HeapSize
FlushFileBuffers
GetConsoleCP
VerSetConditionMask
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapDestroy
HeapCreate
GetLocaleInfoW
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetFileInformationByHandle
CreateFileA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetStartupInfoW
HeapSetInformation
GetCommandLineA
CreateThread
ResumeThread
ExitThread
HeapReAlloc
HeapAlloc
CreateDirectoryA
RaiseException
RtlUnwind
HeapFree
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
FindClose
FindFirstFileW
FindNextFileW
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
LoadLibraryW
LoadLibraryA
FreeLibrary
ConvertThreadToFiber
VerifyVersionInfoW
QueryPerformanceFrequency
GetSystemDirectoryA
ConvertFiberToThread
QueryPerformanceCounter
GetCurrentProcessId
CreateFiber
SwitchToFiber
DeleteFiber
GetStdHandle
GetFileType
WriteFile
GetVersion
GetModuleHandleW
GetModuleHandleExW
FormatMessageW
InterlockedExchangeAdd
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedCompareExchange
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
CreateMutexW
GetEnvironmentVariableA
MoveFileW
CreateEventW
WaitForSingleObject
GetBinaryTypeW
CreateProcessW
GetEnvironmentVariableW
CreateDirectoryW
FreeResource
GetModuleFileNameW
CreateFileW
GetFileSize
CloseHandle
DeleteFileW
MoveFileExW
GetSystemTimeAsFileTime
GetModuleHandleA
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
DeleteFileA
GetLastError
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
GetTickCount
Sleep
ExitProcess
GetFileAttributesA
IsValidLocale
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
GetSystemTime
IsValidCodePage

user32

MapVirtualKeyExW
GetKeyboardLayout
wsprintfA
InvalidateRgn
GetGUIThreadInfo
CreateAcceleratorTableW
SetWindowTextW
SetForegroundWindow
KillTimer
SetTimer
ShowWindow
PostMessageW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
EqualRect
UpdateWindow
DrawTextA
GetKeyNameTextW
GetCaretBlinkTime
CreatePopupMenu
AppendMenuW
EnableMenuItem
TrackPopupMenu
DestroyMenu
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
IsWindowEnabled
MoveWindow
UpdateLayeredWindow
GetWindowRgn
DrawTextW
SetRect
CharPrevW
FillRect
OffsetRect
InflateRect
UnionRect
SetCursor
LoadCursorW
wsprintfW
DefWindowProcW
SetWindowLongW
IsWindow
DispatchMessageW
TranslateMessage
SetFocus
GetMessageW
EnableWindow
GetWindow
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
GetParent
GetWindowRect
SendMessageW
LoadImageW
GetSystemMetrics
CallWindowProcW
GetWindowLongW
GetPropW
SetPropW
GetClientRect
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsIconic
IsZoomed
ScreenToClient
SetWindowRgn
GetKeyState
InvalidateRect
SetCapture
ReleaseCapture
PtInRect
ReleaseDC
GetDC
GetCursorPos
CharNextW
DestroyWindow
GetFocus
MapWindowPoints
GetActiveWindow
BeginPaint
EndPaint
GetUpdateRect
GetSysColor
IntersectRect
IsWindowVisible
IsRectEmpty

gdi32

GetTextMetricsW
CreateRoundRectRgn
DeleteObject
GetTextExtentPoint32W
GetCharABCWidthsW
SetBkColor
SetTextColor
SetBkMode
SelectObject
GdiFlush
PtInRegion
CreateRectRgn
GetBitmapBits
SetBitmapBits
GetTextExtentPointA
CreatePatternBrush
CreateFontIndirectW
GetObjectW
GetStockObject
DeleteDC
PlayEnhMetaFile
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GetEnhMetaFileHeader
CreateDIBitmap
CreatePen
AddFontMemResourceEx
RemoveFontMemResourceEx
SetWindowOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
Rectangle
BitBlt
SaveDC
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
CombineRgn
StretchBlt
CreateDIBSection
SetStretchBltMode
CreateSolidBrush
LineTo
MoveToEx
CreatePenIndirect
GetObjectA
RestoreDC
TextOutW

shell32

SHGetFolderPathW
DragQueryFileW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleLockRunning
OleDuplicateData
DoDragDrop
CoCreateInstance
CoInitialize
CoUninitialize
ReleaseStgMedium

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

advapi32

CryptGenRandom
ReportEventW
RegisterEventSourceW
CryptEnumProvidersW
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextW
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptAcquireContextA
DeregisterEventSource
CryptDecrypt

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipCloneImage
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipImageGetFrameCount
GdipMeasureString
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHDC
ord1
GdipAddPathLine
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetPenMode
GdipCreateSolidFill
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipCreateFontFromDC

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ws2_32

ioctlsocket
getsockname
socket
connect
setsockopt
bind
listen
closesocket
accept
recv
WSASetLastError
send
WSACreateEvent
WSAResetEvent
WSAEnumNetworkEvents
WSACleanup
WSAEventSelect
WSACloseEvent
htons
htonl
WSAIoctl
getpeername
sendto
recvfrom
select
__WSAFDIsSet
gethostname
getaddrinfo
ntohs
freeaddrinfo
WSAStartup
gethostbyname
getsockopt
WSAWaitForMultipleEvents
WSAGetLastError

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d6236c9d9de38ea9990810725e8cb3c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31Certificate

Extended Key Usages

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e4:59:39:d5:9c:2d:de:c3:1d:d3:7e:91:30:e2:24:9f:a9:55:c2:9b:17:e9:97:45:a9:f8:d9:6b:05:13:db:6bSigner

94:3b:8c:40:74:b6:9b:44:f3:1a:ba:06:b5:51:f4:6c:d3:f1:d1:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

comctl32

gdiplus

imm32

ws2_32

crypt32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 582KB - Virtual size: 581KB

.data Size: 29KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 202KB - Virtual size: 201KB

.reloc Size: 123KB - Virtual size: 123KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

55:62:2a:dd:81:47:77:b2:1b:1a:1d:31
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e4:59:39:d5:9c:2d:de:c3:1d:d3:7e:91:30:e2:24:9f:a9:55:c2:9b:17:e9:97:45:a9:f8:d9:6b:05:13:db:6b
Signer

94:3b:8c:40:74:b6:9b:44:f3:1a:ba:06:b5:51:f4:6c:d3:f1:d1:79
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 582KB - Virtual size: 581KB

.data
Size: 29KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 202KB - Virtual size: 201KB

.reloc
Size: 123KB - Virtual size: 123KB