d53e4ef6febb068a3be6795be138eee0a6384c26c6dfe704ca206ed8ea994b76

Sharing

Copy URL Twitter E-mail

General

Target

d53e4ef6febb068a3be6795be138eee0a6384c26c6dfe704ca206ed8ea994b76
Size

3.6MB
MD5

bd986251addbe36b410d4af60c023b5e
SHA1

82b029958b9f6433f81b252e223735ff69026577
SHA256

d53e4ef6febb068a3be6795be138eee0a6384c26c6dfe704ca206ed8ea994b76
SHA512

3a8f44cabf464f95e5becf758630ab50fbf50d14590bd8ced82de8239663cce4747b338994f7754b4ac48df8e20a39741bdd756ef6558ce73ecb596ca28dafd0
SSDEEP

98304:5ImoH6A6aVlpEhjEYTXqp1qurJt0/os/cjQ:5po3HVlJYTA1XrJtwVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/flair90/bin/x64win/dumpsig.exe
unpack001/flair90/bin/x64win/pcf.exe
unpack001/flair90/bin/x64win/pelf.exe
unpack001/flair90/bin/x64win/plb.exe
unpack001/flair90/bin/x64win/pmacho.exe
unpack001/flair90/bin/x64win/ppsx.exe
unpack001/flair90/bin/x64win/ptmobj.exe
unpack001/flair90/bin/x64win/sigmake.exe
unpack001/flair90/bin/x64win/zipsig.exe

Files

d53e4ef6febb068a3be6795be138eee0a6384c26c6dfe704ca206ed8ea994b76
.zip
flair90/bin/armmac/dumpsig
.macho macos arch:arm64
flair90/bin/armmac/pcf
.macho macos arch:arm64
flair90/bin/armmac/pelf
.macho macos arch:arm64
flair90/bin/armmac/pelf.rtb
flair90/bin/armmac/plb
.macho macos arch:arm64
flair90/bin/armmac/pmacho
.macho macos arch:arm64
flair90/bin/armmac/ppsx
.macho macos arch:arm64
flair90/bin/armmac/ptmobj
.macho macos arch:arm64
flair90/bin/armmac/sigmake
.macho macos arch:arm64
flair90/bin/armmac/zipsig
.macho macos arch:arm64
flair90/bin/x64linux/dumpsig
.elf linux x64
flair90/bin/x64linux/pcf
.elf linux x64
flair90/bin/x64linux/pelf
.elf linux x64
flair90/bin/x64linux/pelf.rtb
flair90/bin/x64linux/plb
.elf linux x64
flair90/bin/x64linux/pmacho
.elf linux x64
flair90/bin/x64linux/ppsx
.elf linux x64
flair90/bin/x64linux/ptmobj
.elf linux x64
flair90/bin/x64linux/sigmake
.elf linux x64
flair90/bin/x64linux/zipsig
.elf linux x64
flair90/bin/x64mac/dumpsig
.macho macos arch:x64
flair90/bin/x64mac/pcf
.macho macos arch:x64
flair90/bin/x64mac/pelf
.macho macos arch:x64
flair90/bin/x64mac/pelf.rtb
flair90/bin/x64mac/plb
.macho macos arch:x64
flair90/bin/x64mac/pmacho
.macho macos arch:x64
flair90/bin/x64mac/ppsx
.macho macos arch:x64
flair90/bin/x64mac/ptmobj
.macho macos arch:x64
flair90/bin/x64mac/sigmake
.macho macos arch:x64
flair90/bin/x64mac/zipsig
.macho macos arch:x64
flair90/bin/x64win/dumpsig.exe
.exe windows:6 windows x64 arch:x64

09eb8a961ca6f029bef3f2f5ce8e3f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dumpsig.pdb

Imports

kernel32

GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
MultiByteToWideChar
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

__std_terminate
memmove
__std_exception_copy
__std_exception_destroy
strchr
strstr
_CxxThrowException
memcpy
memset
_purecall
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_initterm_e
_exit
__p___argc
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_get_initial_narrow_environment
exit
__p___argv
_errno

api-ms-win-crt-stdio-l1-1-0

fclose
feof
fread
__acrt_iob_func
__stdio_common_vfprintf
_set_fmode
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
_wfsopen
fputc
_fseeki64
_ftelli64
__p__commode

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
realloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/pcf.exe
.exe windows:6 windows x64 arch:x64

41c070c198a46860654482dc697ee257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcf.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetModuleHandleW
RtlVirtualUnwind
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strrchr
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_errno
exit
abort
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_get_initial_narrow_environment
_initterm
_initterm_e
terminate
_c_exit
_exit
__p___argc
__p___argv
_cexit

api-ms-win-crt-convert-l1-1-0

_atoi64
atol
atoi

api-ms-win-crt-stdio-l1-1-0

_fseeki64
feof
fclose
__stdio_common_vsprintf
fflush
__p__commode
fgets
_fileno
fputc
_set_fmode
_wfsopen
fread
_dup
_close
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
_ftelli64

api-ms-win-crt-string-l1-1-0

isspace
isprint
tolower
strncmp
strcmp
isdigit
isalpha
toupper
_strnicmp
_stricmp

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
_set_new_mode
free
malloc
calloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_wfindnext64
_wfindfirst64
_wunlink
_findclose

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/pelf.exe
.exe windows:6 windows x64 arch:x64

bf058be82cb0ad510a9198fc521b4b46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pelf.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetModuleHandleW
RtlVirtualUnwind
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
LoadLibraryA
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strrchr
strstr
_CxxThrowException
memcpy
memmove
memset
memcmp
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
_errno
exit
_initialize_onexit_table
_initialize_narrow_environment
__p___argc
_configure_narrow_argv
_seh_filter_exe
_set_app_type
_cexit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
terminate

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
atol

api-ms-win-crt-stdio-l1-1-0

fread
_fseeki64
_ftelli64
_wfsopen
_set_fmode
__stdio_common_vsprintf
fflush
fgets
_fileno
fputc
fclose
__stdio_common_vfprintf
_dup
_close
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
feof
__p__commode

api-ms-win-crt-string-l1-1-0

_stricmp
isprint
strspn
strcmp
tolower
toupper
strpbrk
_strnicmp
isdigit
isalpha
isspace
strncmp

api-ms-win-crt-heap-l1-1-0

free
realloc
_set_new_mode
_callnewh
calloc
malloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindnext64
_wfindfirst64
_wmkdir
_wunlink

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/pelf.rtb
flair90/bin/x64win/plb.exe
.exe windows:6 windows x64 arch:x64

e66909bd1d462018e367ace4fe60ed06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

plb.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetCurrentProcess
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
GetCurrentThreadId
GetProcAddress
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strrchr
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_errno
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
atol

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
fflush
fgets
_fileno
_ftelli64
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
_set_fmode
_fseeki64
fread
feof
fclose
_wfsopen
_close
_dup
fputc

api-ms-win-crt-string-l1-1-0

toupper
_strnicmp
tolower
isspace
strncmp
isprint
isdigit
_stricmp

api-ms-win-crt-heap-l1-1-0

calloc
realloc
_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindnext64
_wfindfirst64
_wunlink

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/pmacho.exe
.exe windows:6 windows x64 arch:x64

041417c6cbc660b5cf374c4373aba093

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pmacho.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

kernel32

GetModuleHandleW
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetTempPathW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strrchr
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

exit
_errno
_register_onexit_function
_crt_atexit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
terminate
_set_app_type
_c_exit
_get_initial_narrow_environment
strerror_s
_initterm
__p___argv
__p___argc
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_cexit

api-ms-win-crt-convert-l1-1-0

atoi
atol
_atoi64

api-ms-win-crt-stdio-l1-1-0

_fseeki64
feof
fwrite
__stdio_common_vsprintf
_set_fmode
fclose
fflush
fgets
_fileno
fputc
_wfsopen
__p__commode
_dup
_close
fread
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
_ftelli64

api-ms-win-crt-string-l1-1-0

isprint
tolower
strncmp
_strnicmp
isspace
toupper
isdigit
isalpha
_stricmp

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
calloc
_set_new_mode
_callnewh

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindnext64
_wfindfirst64
_wunlink

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/ppsx.exe
.exe windows:6 windows x64 arch:x64

c85c9fff9aa5f79ba7cd78bb3d9ed384

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ppsx.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetModuleHandleW
RtlVirtualUnwind
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strrchr
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
_errno
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate

api-ms-win-crt-convert-l1-1-0

_atoi64
atoi
atol

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
fflush
fgets
_fileno
_ftelli64
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
_set_fmode
_fseeki64
fread
feof
fclose
_wfsopen
_close
_dup
fputc

api-ms-win-crt-string-l1-1-0

toupper
_strnicmp
isprint
_stricmp
strncmp
isspace
isdigit
tolower

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
free
malloc
_callnewh

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindnext64
_wfindfirst64
_wunlink

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/ptmobj.exe
.exe windows:6 windows x64 arch:x64

ed4c03ae65d29d40ebcc01ec0e9af8b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ptmobj.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

GetModuleHandleW
RtlVirtualUnwind
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetFullPathNameW
GetFileAttributesW
CloseHandle
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
strrchr
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
memchr
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_register_thread_local_exe_atexit_callback
_errno
exit
abort
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_get_initial_narrow_environment
_c_exit
_initterm
__p___argv
_initterm_e
_exit
__p___argc
terminate
_seh_filter_exe

api-ms-win-crt-convert-l1-1-0

_atoi64
atol
atoi

api-ms-win-crt-stdio-l1-1-0

_fseeki64
_ftelli64
fread
__stdio_common_vsprintf
fflush
fgets
_fileno
fputc
feof
_set_fmode
fclose
_wfsopen
__acrt_iob_func
_dup
_close
__stdio_common_vfprintf
__stdio_common_vsscanf
__stdio_common_vsnprintf_s
__p__commode

api-ms-win-crt-string-l1-1-0

isspace
_stricmp
strncmp
isprint
toupper
isalpha
_strnicmp
isdigit
tolower

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
calloc
realloc
free
malloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wfindnext64
_wfindfirst64
_wunlink

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/sigmake.exe
.exe windows:6 windows x64 arch:x64

46a6ceceef3ac8721d3babce47ca5201

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sigmake.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

kernel32

SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
GetCurrentThreadId
GetProcAddress
MultiByteToWideChar
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetModuleHandleW
GetCurrentProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead

vcruntime140

_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
_CxxThrowException
memcpy
memmove
memset
strstr
memcmp
memchr
__C_specific_handler
strrchr
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_get_initial_narrow_environment
_initterm
_errno
exit
_initterm_e
_exit
__p___argc
terminate
strerror_s
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_dup
_close
fputc
_fileno
fgets
__stdio_common_vsprintf
_set_fmode
_chsize_s
_write
fflush
fwrite
_ftelli64
_fseeki64
fclose
_wfsopen
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
__stdio_common_vsscanf
feof
_lseeki64
__p__commode

api-ms-win-crt-string-l1-1-0

toupper
isxdigit
isspace
strncmp
isdigit

api-ms-win-crt-heap-l1-1-0

free
calloc
realloc
_set_new_mode
_callnewh
malloc

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_wunlink
_wfindfirst64
_findclose
_wfindnext64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/bin/x64win/zipsig.exe
.exe windows:6 windows x64 arch:x64

3728434a1142ce4373c8c7e588dafd71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

zipsig.pdb

Imports

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

kernel32

WaitForSingleObjectEx
IsDebuggerPresent
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetTempPathW
GetProcAddress
MultiByteToWideChar
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
GetCurrentThreadId
GetFileAttributesW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
IsProcessorFeaturePresent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
InitializeSListHead

vcruntime140

__std_terminate
strchr
memcpy
memmove
memset
__std_exception_copy
__std_exception_destroy
strstr
_CxxThrowException
_purecall
__C_specific_handler
strrchr
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
_set_fmode
__acrt_iob_func
_wfopen_s
_wfsopen
fclose
feof
fread
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
_fseeki64
fwrite
fputc

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
strerror_s
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
exit
_exit
terminate
_initterm
__p___argc
__p___argv
_c_exit
_errno
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_callnewh
_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-filesystem-l1-1-0

_findclose
_wrename
_wfindfirst64
_wfindnext64
_wunlink

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
flair90/crc16.cpp
flair90/examples/bc31rtd.exc
flair90/examples/bctc.bat
.bat .vbs
flair90/examples/ctask.bat
flair90/examples/readme
flair90/go2pat/backend0.go
flair90/go2pat/backend1.go
flair90/go2pat/backend2.go
flair90/go2pat/gen_std_packages.sh
.sh linux
flair90/go2pat/go2pat.go
flair90/go2pat/go2pat.md
flair90/news
flair90/pascal/bin/ptpu.exe
flair90/pascal/bin/ptpu.txt
flair90/pascal/idc/tpdll.idc
flair90/pascal/idc/tpdos.idc
flair90/pascal/idc/tpne.idc
flair90/pascal/idt/50/system.idt
.js
flair90/pascal/idt/55/system.idt
.js
flair90/pascal/idt/60.w/system.idt
.js
flair90/pascal/idt/60/system.idt
.js
flair90/pascal/idt/70.p/system.idt
.js
flair90/pascal/idt/70.w/system.idt
.js
flair90/pascal/idt/70/system.idt
.js
flair90/pascal/idt/701.p/system.idt
.js
flair90/pascal/idt/701.w/system.idt
.js
flair90/pascal/idt/701/system.idt
.js
flair90/pascal/idt/delphi1/system.idt
.js
flair90/pascal/readme
flair90/pascal/samples/minmax.dll
flair90/pascal/samples/readme
flair90/pascal/samples/test.exe
flair90/pascal/sig/delphi.sig
flair90/pascal/sig/tpdos.sig
flair90/pascal/sig/tpdpmi.sig
flair90/pascal/sig/tpowl.sig
flair90/pascal/sig/tpsig2.sig
flair90/pascal/sig/tpsig2n.sig
flair90/pascal/sig/tptv.sig
flair90/pascal/sig/tptvdpmi.sig
flair90/pascal/sig/tpwin.sig
flair90/pat.rus
flair90/pat.txt
flair90/pcf.txt
flair90/plb.txt
flair90/readme.txt
flair90/sigmake.txt
flair90/startup/arm/pe_libc.pat
flair90/startup/arm/startup.bat
flair90/startup/ebc/pe_ebclib.pat
flair90/startup/ebc/startup.bat
flair90/startup/exe.exc
flair90/startup/exe_az.pat
flair90/startup/exe_bc31.pat
flair90/startup/exe_bh.pat
flair90/startup/exe_dm.pat
flair90/startup/exe_lat.pat
flair90/startup/exe_mq.pat
flair90/startup/exe_mv.pat
flair90/startup/exe_sym.pat
flair90/startup/exe_tp.pat
flair90/startup/exe_wa16.pat
flair90/startup/exe_zr1.pat
flair90/startup/exe_zr3.pat
flair90/startup/h8/coff_gnu.pat
flair90/startup/h8/startup.bat
flair90/startup/le.exc
flair90/startup/le_ndp.pat
flair90/startup/le_vir.pat
flair90/startup/le_wa32.pat
flair90/startup/lx.exc
flair90/startup/lx_b2_15.pat
flair90/startup/lx_emx.pat
flair90/startup/lx_high.pat
flair90/startup/lx_va30.pat
flair90/startup/lx_wa32.pat
flair90/startup/mips/pe_libc.pat
flair90/startup/mips/psx.pat
flair90/startup/mips/psx2.pat
flair90/startup/mips/startup.bat
flair90/startup/ne.exc
flair90/startup/ne_bc31.pat
flair90/startup/ne_bh.pat
flair90/startup/ne_mv.pat
flair90/startup/ne_sym.pat
flair90/startup/ne_tp.pat
flair90/startup/ne_wa16.pat
flair90/startup/ne_wa32.pat
flair90/startup/ne_zr3.pat
flair90/startup/nlm_exe.pat
flair90/startup/nlm_wa32.pat
flair90/startup/pe64_uln.pat
flair90/startup/pe64_vc.pat
flair90/startup/pe64_wu.pat
flair90/startup/pe_bds.pat
flair90/startup/pe_bh.pat
flair90/startup/pe_dm.pat
flair90/startup/pe_gcc.pat
flair90/startup/pe_sym.pat
flair90/startup/pe_ulink.pat
flair90/startup/pe_vaw35.pat
flair90/startup/pe_vc.pat
flair90/startup/pe_wa32.pat
flair90/startup/pe_wu.pat
flair90/startup/sh3/pe_libc.pat
flair90/startup/sh3/startup.bat
flair90/startup/startup.bat
flair90/startup/tms320c6/coff_tms.pat
flair90/startup/tms320c6/startup.bat

Sharing

General

Malware Config

Signatures

Files

09eb8a961ca6f029bef3f2f5ce8e3f6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

41c070c198a46860654482dc697ee257

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 660B

bf058be82cb0ad510a9198fc521b4b46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

kernel32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 372B

e66909bd1d462018e367ace4fe60ed06

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 660B

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 372B

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 372B

.text
Size: 153KB - Virtual size: 152KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 640B