2024-06-15_bebb0968a89888efa1c5c00ec70ee3e1_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-15_bebb0968a89888efa1c5c00ec70ee3e1_ryuk
Size

2.9MB
MD5

bebb0968a89888efa1c5c00ec70ee3e1
SHA1

3d2216b342e799de108a051de5b31dfd67c50077
SHA256

d27516ac7c6e5c1266ca16badfacd58cf639e49f8660fe9c7d11123525df52d6
SHA512

92b4f92b68788bf9c96e514865213a9e700b4ea7ac6334f9f17fc8bc6d119d452eec8c4739b1c6c86330d9a2a828633959b527e3aca7fa8bf30e2393df597768
SSDEEP

49152:fXglk8MdcKmBFvXxHC7j3+lRoVZuIKRJ9d:nm3lQNKnX

Score

1^/10

Malware Config

Signatures

Files

2024-06-15_bebb0968a89888efa1c5c00ec70ee3e1_ryuk
.exe windows:5 windows x64 arch:x64

47bf94f2342e8fad5dc89765c725cd16

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2022, 13:01

Not After

17/06/2025, 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2022, 13:01

Not After

17/06/2025, 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:b8:c4:8d:87:4d:90:94:7e:bf:a9:4b:6a:56:cd:bc:47:7b:6b:e3:f4:dd:6a:af:03:ec:00:2b:46:bd:24:e6
Signer

Actual PE Digest

e6:b8:c4:8d:87:4d:90:94:7e:bf:a9:4b:6a:56:cd:bc:47:7b:6b:e3:f4:dd:6a:af:03:ec:00:2b:46:bd:24:e6

Digest Algorithm

sha256

PE Digest Matches

true

be:3c:dc:0b:e4:10:2d:91:76:51:db:be:4d:1f:75:f6:64:78:64:b6
Signer

Actual PE Digest

be:3c:dc:0b:e4:10:2d:91:76:51:db:be:4d:1f:75:f6:64:78:64:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\nsmsrc\nsm\1402\1402\nsmgateway\x64\Release\NSConnSvrUI.pdb

Imports

shfolder

SHGetFolderPathW

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSendRequest

kernel32

GetCommandLineW
FindResourceW
GetVersion
GetShortPathNameW
TerminateProcess
CreateProcessW
GetTempPathW
ExpandEnvironmentStringsW
ExitProcess
CompareStringW
LockResource
GetProcessTimes
GetSystemTimeAsFileTime
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapAlloc
HeapFree
GetProcessHeap
GetFileSize
WriteFile
ReadFile
CreateFileW
PulseEvent
GetSystemDirectoryW
GetVolumeInformationW
VirtualQueryEx
OpenThread
SetThreadPriority
GetExitCodeThread
GetThreadContext
SuspendThread
ResumeThread
WinExec
Beep
GetSystemInfo
FormatMessageW
FindResourceExW
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
GetProfileStringW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
DeleteFileW
IsBadReadPtr
GetDateFormatW
GetSystemDefaultLangID
LoadLibraryA
ExpandEnvironmentStringsA
LoadLibraryExW
VirtualQuery
LoadLibraryExA
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetStdHandle
GetOEMCP
IsValidCodePage
GetCPInfo
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
HeapReAlloc
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeFormatW
GetTimeZoneInformation
GetStringTypeW
GetCurrentThread
GetStdHandle
GetModuleFileNameA
GetACP
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
OpenMutexW
CreateMutexW
lstrcmpiW
SizeofResource
LoadResource
SetUnhandledExceptionFilter
DecodePointer
EnumDateFormatsExEx
GetDateFormatEx
GetTimeFormatEx
OutputDebugStringW
GetModuleHandleW
lstrlenW
lstrlenA
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetLocalTime
InitializeCriticalSectionAndSpinCount
DebugBreak
RaiseException
GetComputerNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FindNextFileW
FindFirstFileW
FindClose
GetVersionExW
LoadLibraryW
OpenFileMappingW
CreateFileMappingW
OpenEventW
CreateEventW
UnmapViewOfFile
MapViewOfFile
GetTickCount
Sleep
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
SetEvent
SetLastError
GetLastError
GetCurrentThreadId
CreateThread
GetCurrentProcess
LocalFree
LocalAlloc
GetProcAddress
FreeLibrary
GetUserDefaultLangID
GetUserDefaultUILanguage
GetModuleFileNameW
CloseHandle
GetCurrentProcessId
OpenProcess
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringA
FlushFileBuffers
WriteConsoleW
VirtualProtect
SetEndOfFile

user32

GetIconInfo
DestroyIcon
SetRect
MessageBeep
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
GetMenuInfo
DeleteMenu
GetMenuItemCount
GetMenuItemID
CreatePopupMenu
GetMenuStringW
GetKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SendDlgItemMessageW
ReleaseDC
GetDC
GetGuiResources
WinHelpW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetDlgItemTextW
CreateDialogParamW
GetClassInfoW
RegisterClassW
SystemParametersInfoW
PeekMessageW
wsprintfW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetSystemMetrics
GetWindowRect
GetWindowLongW
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId
SendMessageW
PostMessageW
PostThreadMessageW
IsWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
LoadStringW
LoadImageW
LoadIconW
LoadBitmapW
SetWindowLongPtrW
SetWindowLongW
GetSysColorBrush
GetSysColor
ScreenToClient
ClientToScreen
GetCursorPos
MessageBoxW
GetWindowTextW
DefWindowProcW
SetWindowTextW
SetPropW
GetScrollPos
SetScrollPos
InvalidateRect
SetForegroundWindow
FindWindowW
ShowWindow
SetWindowPos
EndDialog
GetDlgItem
SetDlgItemTextW
GetClientRect
SetMenuDefaultItem
TrackPopupMenu
RemoveMenu
GetSubMenu
EnableMenuItem
DestroyMenu
DrawMenuBar
GetMenu
LoadMenuW
EnableWindow
KillTimer
SetTimer
GetActiveWindow
CharNextW
DialogBoxParamW
BringWindowToTop
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
UnregisterClassW
PostQuitMessage
RegisterWindowMessageW
wvsprintfW
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
MapWindowPoints
MessageBoxIndirectW

gdi32

CreatePalette
DeleteDC
GetDeviceCaps
GetDIBits
GetSystemPaletteEntries
RealizePalette
SelectObject
SelectPalette
CreateBitmap
CreateDIBitmap
CreateFontIndirectW
CreatePen
GetTextExtentPoint32W
LineTo
SetPixel
StretchBlt
CreateDIBSection
MoveToEx
ExtTextOutW
CreateCompatibleBitmap
GetObjectW
BitBlt
GetStockObject
SetTextColor
SetBkMode
SetBkColor
CreateDCW
DeleteObject
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
RevertToSelf
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
FreeSid
RegQueryValueExW
IsTextUnicode
RegEnumValueW
GetTokenInformation
EqualSid
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
LookupAccountSidW
ImpersonateLoggedOnUser
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

shell32

ExtractIconExW
SHParseDisplayName
SHBindToParent
Shell_NotifyIconW
ShellExecuteExW

ole32

CoUninitialize
CoRevokeClassObject
GetRunningObjectTable
CreateBindCtx
MkParseDisplayName
CoResumeClassObjects
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeSecurity
CoInitialize
CoRegisterClassObject

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
GetErrorInfo
VariantChangeType
SysFreeString
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
VariantClear
VariantCopy

shlwapi

PathFileExistsW

comctl32

ImageList_GetImageCount
InitCommonControlsEx
ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon

winmm

timeGetTime
PlaySoundW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

GetRawWMIStringW
GetWMIStringW
IsAcerA

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47bf94f2342e8fad5dc89765c725cd16

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

e6:b8:c4:8d:87:4d:90:94:7e:bf:a9:4b:6a:56:cd:bc:47:7b:6b:e3:f4:dd:6a:af:03:ec:00:2b:46:bd:24:e6Signer

be:3c:dc:0b:e4:10:2d:91:76:51:db:be:4d:1f:75:f6:64:78:64:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shfolder

winhttp

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

winmm

version

Exports

Exports

Sections

.text Size: 716KB - Virtual size: 716KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 14KB - Virtual size: 30KB

.pdata Size: 44KB - Virtual size: 44KB

.gfids Size: 512B - Virtual size: 488B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 4KB - Virtual size: 3KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

e6:b8:c4:8d:87:4d:90:94:7e:bf:a9:4b:6a:56:cd:bc:47:7b:6b:e3:f4:dd:6a:af:03:ec:00:2b:46:bd:24:e6
Signer

be:3c:dc:0b:e4:10:2d:91:76:51:db:be:4d:1f:75:f6:64:78:64:b6
Signer

.text
Size: 716KB - Virtual size: 716KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 14KB - Virtual size: 30KB

.pdata
Size: 44KB - Virtual size: 44KB

.gfids
Size: 512B - Virtual size: 488B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 4KB - Virtual size: 3KB