2024-07-26_70800a020281c2b00e4b0169ec8cebf2_ryuk

Sharing

Copy URL Twitter E-mail

General

Target

2024-07-26_70800a020281c2b00e4b0169ec8cebf2_ryuk
Size

25.8MB
MD5

70800a020281c2b00e4b0169ec8cebf2
SHA1

3499a2f4d725781811bccaa44e6085356e907246
SHA256

3eb670865b040775e4d7f7ad833fd4b284155b7116fce7581e6e3b5d676c49bd
SHA512

3c31a6212aa198cd17c4ac4c1d2f6aca68e937dae27b53683dfbe9c1d275e7029947021dce51b879bfdb529e3ac961d04f431ac287197c6b6abfc12e6042ebe2
SSDEEP

393216:hX/h5DlfCZ4hVhjCx52efVK9MfnFBzuLx1kdpHeHMqbAq2F99DI+CIwPq3iDNVN+:hX0yPq3i5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-07-26_70800a020281c2b00e4b0169ec8cebf2_ryuk

Files

2024-07-26_70800a020281c2b00e4b0169ec8cebf2_ryuk
.exe windows:5 windows x64 arch:x64

aaf0a1ee8a16eb59c6d6fa58811c70f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlCaptureContext
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GlobalFlags
LoadLibraryExA
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
SetEnvironmentVariableW
SetEnvironmentVariableA
HeapQueryInformation
GetCommandLineW
GetCommandLineA
VirtualQuery
ExitThread
RtlUnwindEx
RtlPcToFileHeader
VirtualFree
VirtualAlloc
UnregisterWaitEx
ReleaseSemaphore
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
UnregisterWait
RegisterWaitForSingleObject
SetErrorMode
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
FreeLibraryAndExitThread
GetThreadTimes
RtlLookupFunctionEntry
VerSetConditionMask
SleepEx
WaitForMultipleObjects
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetSystemDirectoryA
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReadConsoleA
GetEnvironmentVariableW
FindNextFileA
FindFirstFileA
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleA
GetFileType
GetModuleHandleExA
SetConsoleMode
ReadConsoleW
RtlCompareMemory
SetFileValidData
MoveFileExW
WriteConsoleW
GetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
CreateThread
GetLocaleInfoA
GetCPInfo
SetFilePointerEx
FindFirstFileExW
GetStringTypeW
ExpandEnvironmentStringsA
SystemTimeToTzSpecificLocalTime
SetFileTime
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
UnhandledExceptionFilter
RtlVirtualUnwind
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
VerifyVersionInfoW
IsDebuggerPresent
GetPrivateProfileIntW
GetCurrentThread
SetThreadPriority
lstrcmpA
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
EncodePointer
GetThreadLocale
LoadLibraryExW
GetVolumeInformationW
GlobalSize
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
GetACP
EnumSystemLocalesW
IsValidLocale
GetDateFormatW
GetTimeFormatW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetVersion
SetDllDirectoryW
RaiseException
DecodePointer
TryEnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
SystemTimeToFileTime
GetSystemTime
FlushFileBuffers
FormatMessageA
FormatMessageW
LocalFree
FileTimeToSystemTime
GetSystemDirectoryW
LockResource
DeviceIoControl
SetFilePointer
GetVersionExW
QueryDosDeviceW
GetDriveTypeW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetNativeSystemInfo
DuplicateHandle
GetLogicalDrives
GetExitCodeThread
GetCurrentDirectoryW
GetModuleFileNameW
CreateMutexW
ExitProcess
GetUserDefaultLCID
SetLocaleInfoW
GetLocaleInfoW
QueryPerformanceFrequency
SetThreadLocale
GetWindowsDirectoryW
lstrlenW
GetProcessHeap
HeapFree
HeapAlloc
CreateEventW
ResetEvent
SetEvent
FreeResource
lstrcmpW
MulDiv
WriteFile
GlobalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
WideCharToMultiByte
GetFileSize
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetConsoleTextAttribute
GetUserDefaultLangID
QueryPerformanceCounter
GetModuleHandleW
LoadLibraryW
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
GetStdHandle
ReadProcessMemory
TerminateThread
OpenThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
MultiByteToWideChar
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
CreateFileW
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
FindResourceW
CreateProcessW
PeekNamedPipe
CreatePipe
CloseHandle
FindClose
ReadFile
SizeofResource
LoadResource
Sleep
WaitForSingleObject
GetLastError
SetThreadAffinityMask

user32

GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetMessageTime
CallWindowProcW
GetClassInfoExW
IsMenu
SetMenuItemBitmaps
IntersectRect
GetWindowDC
UnhookWindowsHookEx
CharUpperW
GetMenuStringW
SendDlgItemMessageA
DrawIcon
RegisterClassW
SetCursorPos
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetShellWindow
MessageBoxW
GetKeyState
IsChild
GetDlgCtrlID
GetMenu
SetMenu
TrackPopupMenu
ValidateRect
ScrollWindow
SetScrollPos
MsgWaitForMultipleObjects
GetKeyboardLayout
GetForegroundWindow
SetForegroundWindow
AllowSetForegroundWindow
GetWindowRect
GetDesktopWindow
FindWindowW
EnumWindows
OpenClipboard
CloseClipboard
SetClipboardData
GetClassNameW
GetWindowThreadProcessId
GetWindow
SystemParametersInfoW
GetParent
GetCapture
SetCapture
ReleaseCapture
EnableWindow
GetSystemMetrics
DrawStateW
InvalidateRect
ShowScrollBar
GetClientRect
LoadCursorW
DrawIconEx
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
EqualRect
GetPropW
RemovePropW
AdjustWindowRectEx
MapWindowPoints
GetClipboardData
EmptyClipboard
SendMessageW
PostMessageW
AttachThreadInput
IsWindow
ShowWindow
SetWindowPos
IsWindowVisible
IsIconic
GetKeyboardState
keybd_event
SetActiveWindow
GetUserObjectInformationW
GetProcessWindowStation
SystemParametersInfoA
GetTopWindow
GetLastActivePopup
WinHelpW
MonitorFromWindow
GetMonitorInfoW
MoveWindow
IsWindowUnicode
AppendMenuA
GetUpdateRgn
CreateCaret
GetCaretBlinkTime
IsDialogMessageW
CharNextW
DestroyMenu
CreateDialogIndirectParamW
GetNextDlgTabItem
IsZoomed
SetWindowContextHelpId
GetSysColorBrush
RealChildWindowFromPoint
CopyAcceleratorTableW
InvalidateRgn
FrameRect
MessageBoxA
DrawTextA
SetCursor
GetSysColor
CopyRect
PtInRect
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetDlgItemTextW
SetWindowTextW
GetWindowTextW
DestroyCaret
GetWindowTextLengthW
GetWindowLongPtrW
SetWindowLongPtrW
RegisterClipboardFormatW
CreateAcceleratorTableW
TranslateAcceleratorW
CreatePopupMenu
CheckMenuItem
EnableMenuItem
InsertMenuW
ClientToScreen
GetDoubleClickTime
IsClipboardFormatAvailable
GetDC
ReleaseDC
InflateRect
LoadImageW
DrawFocusRect
FillRect
GetCursorPos
WindowFromPoint
RedrawWindow
UpdateWindow
ScreenToClient
DrawEdge
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
ModifyMenuW
SetRect
OffsetRect
LoadBitmapW
DestroyIcon
CreateIconIndirect
GetIconInfo
SetTimer
KillTimer
DestroyWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetMessagePos
DefWindowProcW
UnregisterClassW
GetClassInfoW
RegisterClassExW
CreateWindowExW
BeginPaint
EndPaint
GetScrollPos
SetScrollInfo
GetScrollInfo
GetActiveWindow
IsWindowEnabled
GetDCEx
LockWindowUpdate
GetClassLongPtrW
SetPropW
HideCaret
ShowCaret
SetCaretPos
ChildWindowFromPointEx
SetRectEmpty
IsRectEmpty
SetWindowLongW
DestroyCursor
GetWindowLongW
LoadIconW
GetFocus
ChangeWindowMessageFilter
GetSystemMenu
GetNextDlgGroupItem
PostThreadMessageW
SetWindowRgn
LockSetForegroundWindow
RegisterWindowMessageW
SetFocus
LoadAcceleratorsW
MapDialogRect
MessageBeep
SetParent
CallNextHookEx
SetWindowsHookExW
DestroyAcceleratorTable

gdi32

DeleteObject
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
PatBlt
BitBlt
GetCharWidthW
StretchDIBits
GetRgnBox
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
Escape
PtVisible
RectVisible
TextOutW
ExtTextOutW
CreateFontIndirectW
GetTextExtentPoint32W
SelectObject
SetPixel
StretchBlt
DeleteDC
CreateDIBSection
CreateFontW
GetDeviceCaps
GetBkColor
GetCurrentObject
GetTextColor
CreateSolidBrush
EnumFontsW
GetStockObject
CreateRectRgnIndirect
Polygon
CreateBitmap
GetDIBits
CreateRectRgn
CombineRgn
CreateRoundRectRgn
FillRgn
FrameRgn
OffsetRgn
GetTextMetricsW
CreatePolygonRgn
CreatePen
LineTo
SetBkColor
SetBkMode
SetTextColor
MoveToEx
Rectangle
RoundRect
RealizePalette
SelectPalette
GetPixel
CreateDCW
SetDIBColorTable
GetMapMode
GetViewportExtEx
GetWindowExtEx
DPtoLP
CreatePatternBrush
ExcludeClipRect
GetClipBox
IntersectClipRect
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SetMapMode
SetLayout
CreateFontIndirectA
GetNearestColor
GetTextExtentPoint32A
GetTextExtentExPointA
GetTextExtentExPointW
ExtTextOutA
GetLayout
SetTextAlign
SetRectRgn

msimg32

TransparentBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

CryptHashData
CryptDestroyHash
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptAcquireContextA
LookupPrivilegeValueA
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
IsTextUnicode
RegQueryValueW
RegQueryInfoKeyW
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptEncrypt
RegDeleteKeyW
CryptDecrypt
CryptDuplicateHash
RegEnumKeyW
RegEnumValueW
RegCreateKeyExW

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ExtractIconExW
Shell_NotifyIconW
CommandLineToArgvW

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Add
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_Replace
ord410
ord412
ord413
InitCommonControlsEx
ImageList_GetIcon
ImageList_GetIconSize

shlwapi

ord12
PathCompactPathExW
StrFormatByteSizeW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW

uxtheme

IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsAppThemed
GetThemePartSize

ole32

CLSIDFromString
CoCreateGuid
OleIsCurrentClipboard
RegisterDragDrop
RevokeDragDrop
DoDragDrop
OleFlushClipboard
CLSIDFromProgID
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
StgCreateDocfile
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysAllocString
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
VariantChangeType
VarDateFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

oledlg

OleUIBusyW

urlmon

IsValidURL

gdiplus

GdipDrawImageRectI
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromStreamICM
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdiplusStartup
GdipDrawImageRectRect
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreatePath
GdipDeletePath
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawPath
GdipFillPath
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGetImageGraphicsContext
GdipGetImageThumbnail
GdipAddPathString
GdipCreateBitmapFromStream

wininet

FindFirstUrlCacheEntryW
InternetCrackUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW

ws2_32

getpeername
FreeAddrInfoW
freeaddrinfo
connect
closesocket
bind
accept
ntohs
htons
inet_addr
getsockname
listen
recv
send
GetAddrInfoW
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
gethostname
gethostbyname
socket
WSAIoctl
inet_pton
inet_ntop
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
setsockopt
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError
__WSAFDIsSet
getnameinfo
WSASend
shutdown
sendto
select
recvfrom
htonl
getsockopt
ioctlsocket
ntohl

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionFontA
ImmNotifyIME
ImmSetCompositionWindow
ImmReleaseContext

iphlpapi

GetTcpTable

crypt32

CryptUnprotectData
CertCloseStore
CertGetIssuerCertificateFromStore
CertFreeCertificateContext
CertNameToStrW
CertOpenSystemStoreW
CertGetCertificateChain
CertFreeCertificateChain
CertFindChainInStore
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertOpenSystemStoreA
CertGetIntendedKeyUsage

ntdll

NtQuerySystemInformation
NtReadVirtualMemory
NtOpenProcess
NtQueryDirectoryObject
CsrGetProcessId
NtQueryVirtualMemory
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString

secur32

FreeContextBuffer
QuerySecurityPackageInfoW

wldap32

ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217
ord46
ord143

oleacc

CreateStdAccessibleObject
LresultFromObject

bcrypt

BCryptGenRandom

Sections

.text
Size: 19.7MB - Virtual size: 19.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.poi
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaf0a1ee8a16eb59c6d6fa58811c70f9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

gdiplus

wininet

ws2_32

psapi

version

imm32

iphlpapi

crypt32

ntdll

secur32

wldap32

oleacc

bcrypt

Sections

.text Size: 19.7MB - Virtual size: 19.7MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 206KB - Virtual size: 318KB

.pdata Size: 619KB - Virtual size: 618KB

.gfids Size: 12KB - Virtual size: 12KB

.giats Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 13B

.poi Size: 512B - Virtual size: 66B

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 82KB - Virtual size: 82KB

.text
Size: 19.7MB - Virtual size: 19.7MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 206KB - Virtual size: 318KB

.pdata
Size: 619KB - Virtual size: 618KB

.gfids
Size: 12KB - Virtual size: 12KB

.giats
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 13B

.poi
Size: 512B - Virtual size: 66B

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 82KB - Virtual size: 82KB