2024-07-24_773c0cf4f71bfa7c3120e62527301a20_cobalt-strike_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-24_773c0cf4f71bfa7c3120e62527301a20_cobalt-strike_ryuk
Size

22.5MB
MD5

773c0cf4f71bfa7c3120e62527301a20
SHA1

fff50e0c36f166196904fc7f9d910c6c322619cf
SHA256

1c44bc2dd8b00feae57da90617ba99c870cd5030d4faaf0f76c15b6cb4ce24e2
SHA512

7acc3d962e41439e68725176a1843c1b74455e1f92613071978cfb0df794cf0f0d5be67e7a8e82726b610b0cb4707f261ea7f9a18c3a83982c2af4548d73d375
SSDEEP

393216:YfUP9fvwB4rlWmB9u852kgmoHEJUgJdPS7Nt9TJsv6tWKFdu9CxQKon/1gFG:YcDbME+QQBBXa6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-24_773c0cf4f71bfa7c3120e62527301a20_cobalt-strike_ryuk

Files

2024-07-24_773c0cf4f71bfa7c3120e62527301a20_cobalt-strike_ryuk
.exe windows:6 windows x64 arch:x64

03447defed18216e152e0c644a775fe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
ActivateActCtx
CheckRemoteDebuggerPresent
CloseHandle
CompareStringEx
CompareStringW
ContinueDebugEvent
CopyFileW
CreateActCtxW
CreateDirectoryW
CreateEventW
CreateFileMappingW
CreateFileW
CreateMutexW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeactivateActCtx
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindActCtxSectionStringW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FindResourceExW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProfileIntW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadPriority
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersionExW
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapQueryInformation
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockFile
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
QueryActCtxW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SearchPathW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyW

user32

AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
ChangeClipboardChain
ChangeWindowMessageFilterEx
CharNextExA
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CloseTouchInputHandle
CopyAcceleratorTableW
CopyIcon
CopyImage
CopyRect
CreateAcceleratorTableW
CreateCaret
CreateCursor
CreateDialogIndirectParamW
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyAcceleratorTable
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateW
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumWindows
EqualRect
FillRect
FindWindowA
FindWindowExW
FindWindowW
FlashWindowEx
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoExW
GetClassInfoW
GetClassLongPtrW
GetClassNameA
GetClassNameW
GetClientRect
GetClipboardFormatNameW
GetComboBoxInfo
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuCheckMarkDimensions
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetNextDlgGroupItem
GetNextDlgTabItem
GetParent
GetPropW
GetQueueStatus
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetTouchInputInfo
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GrayStringW
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvertRect
IsCharLowerW
IsChild
IsClipboardFormatAvailable
IsDialogMessageW
IsHungAppWindow
IsIconic
IsMenu
IsRectEmpty
IsTouchWindow
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LockWindowUpdate
MapDialogRect
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RealChildWindowFromPoint
RealGetWindowClassW
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterTouchWindow
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ReuseDDElParam
ScreenToClient
ScrollWindow
SendDlgItemMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongPtrW
SetClipboardData
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoW
TabbedTextOutW
ToAscii
ToUnicode
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnpackDDElParam
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UnregisterTouchWindow
UpdateLayeredWindow
UpdateLayeredWindowIndirect
UpdateWindow
ValidateRect
WaitMessage
WinHelpW
WindowFromPoint

advapi32

AccessCheck
AllocateAndInitializeSid
BuildTrusteeWithSidW
CloseServiceHandle
CopySid
CreateProcessAsUserW
CreateWellKnownSid
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptHashData
CryptReleaseContext
DuplicateToken
EnumServicesStatusExW
FreeSid
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountSidW
MapGenericMask
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
StartServiceW
SystemFunction036

ole32

CoCreateGuid
CoCreateInstance
CoDisconnectObject
CoGetMalloc
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
DoDragDrop
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleDuplicateData
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleLockRunning
OleSetClipboard
OleTranslateAccelerator
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2

oleaut32

LoadTypeLi
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
VariantChangeType
VariantClear
VariantCopy
VariantInit
VariantTimeToSystemTime

ntdll

DbgUiSetThreadDebugObject
NtClose
NtDuplicateObject
NtQueryInformationProcess
NtRemoveProcessDebug
RtlAllocateHeap
RtlFreeHeap
__C_specific_handler
_wtoi
_wtol
abs
atan
atoi
bsearch
ceil
cos
floor
isdigit
islower
isspace
isupper
iswctype
isxdigit
labs
log
longjmp
memchr
memcmp
memcpy
memmove
memset
pow
qsort
sin
sqrt
strchr
strcmp
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
tan
toupper
towupper
wcschr
wcscmp
wcscspn
wcsncmp
wcspbrk
wcsrchr
wcsstr

shell32

CommandLineToArgvW
DragFinish
DragQueryFileW
SHAppBarMessage
SHBrowseForFolderW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetFileInfoW
ord727
SHGetKnownFolderIDList
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetStockIconInfo
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW

rpcrt4

NdrAsyncClientCall
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcRaiseException
RpcStringBindingComposeW
RpcStringFreeW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

uxtheme

CloseThemeData
DrawThemeBackground
ord47
DrawThemeParentBackground
DrawThemeText
GetCurrentThemeName
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeEnumValue
GetThemeInt
GetThemeMargins
GetThemePartSize
GetThemePropertyOrigin
GetThemeSysColor
GetThemeTransitionDuration
GetWindowTheme
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
OpenThemeData
SetWindowTheme

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

winmm

PlaySoundW
timeKillEvent
timeSetEvent

ws2_32

WSAAsyncSelect

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CopyMetaFileW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectW
CreateHatchBrush
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
DescribePixelFormat
Ellipse
EnumFontFamiliesExW
EnumFontFamiliesW
Escape
ExcludeClipRect
ExtFloodFill
ExtSelectClipRgn
ExtTextOutW
FillRgn
FrameRgn
GdiFlush
GetBitmapBits
GetBkColor
GetBoundsRect
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetClipBox
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetLayout
GetNearestPaletteIndex
GetObjectType
GetObjectW
GetOutlineTextMetricsW
GetPaletteEntries
GetPixel
GetPixelFormat
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextCharsetInfo
GetTextColor
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MoveToEx
OffsetRgn
OffsetViewportOrgEx
OffsetWindowOrgEx
PatBlt
Polygon
Polyline
PtInRegion
PtVisible
RealizePalette
RectVisible
Rectangle
RemoveFontMemResourceEx
RemoveFontResourceExW
RestoreDC
RoundRect
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetDIBColorTable
SetGraphicsMode
SetLayout
SetMapMode
SetPaletteEntries
SetPixel
SetPixelFormat
SetPixelV
SetPolyFillMode
SetROP2
SetRectRgn
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetWorldTransform
StretchBlt
SwapBuffers
TextOutW

gdiplus

GdipAlloc
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipDrawImageI
GdipDrawImageRectI
GdipFree
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipSetInterpolationMode
GdiplusShutdown
GdiplusStartup

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

imm32

ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathRemoveFileSpecW
PathStripToRootW
StrFormatKBSizeW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 212B

.tls
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03447defed18216e152e0c644a775fe8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ntdll

shell32

rpcrt4

version

uxtheme

netapi32

userenv

winmm

ws2_32

gdi32

gdiplus

dwmapi

wtsapi32

imm32

shlwapi

winspool.drv

oleacc

msimg32

Sections

.text Size: 10.7MB - Virtual size: 10.7MB

.rdata Size: 8.5MB - Virtual size: 8.5MB

.data Size: 2.3MB - Virtual size: 2.4MB

.pdata Size: 523KB - Virtual size: 523KB

.gxfg Size: 12KB - Virtual size: 12KB

.qtmetad Size: 1KB - Virtual size: 1KB

.qtmimed Size: 315KB - Virtual size: 315KB

.retplne Size: 512B - Virtual size: 212B

.tls Size: 512B - Virtual size: 10B

.reloc Size: 105KB - Virtual size: 104KB

.text
Size: 10.7MB - Virtual size: 10.7MB

.rdata
Size: 8.5MB - Virtual size: 8.5MB

.data
Size: 2.3MB - Virtual size: 2.4MB

.pdata
Size: 523KB - Virtual size: 523KB

.gxfg
Size: 12KB - Virtual size: 12KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.retplne
Size: 512B - Virtual size: 212B

.tls
Size: 512B - Virtual size: 10B

.reloc
Size: 105KB - Virtual size: 104KB