8c42ed5696426bfb975989249b663ca214eece0836b9b163c8bb7347fcc8b11b

Sharing

Copy URL Twitter E-mail

General

Target

8c42ed5696426bfb975989249b663ca214eece0836b9b163c8bb7347fcc8b11b
Size

479KB
MD5

4ef788d41bb7b59f1685187720df8359
SHA1

fd8af0e1437fc8a6ce513c663c91dec73c5d358f
SHA256

8c42ed5696426bfb975989249b663ca214eece0836b9b163c8bb7347fcc8b11b
SHA512

013ea489b31d798f164158d75db8e32f3fb0d65f8bfda4b9953e450196bc24907d558992b00bb9b91dc056287af45856b9a70a1a20f768f08cf73b2c1185d341
SSDEEP

6144:t7K4nojUOE9GQnyV/ix24O7DfUDODPohBTYgWdlsH+Zl:1ojUf9LMGWhohBTadi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c42ed5696426bfb975989249b663ca214eece0836b9b163c8bb7347fcc8b11b

Files

8c42ed5696426bfb975989249b663ca214eece0836b9b163c8bb7347fcc8b11b
.exe windows:6 windows x86 arch:x86

24bb5e38a8e213145939110456da8a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Episode 4\Sources\Client\Sanctuary\Build\Nksp_vc100.pdb

Imports

entitiesmp

?CheckEntityVersion@@YAXXZ

kernel32

GetProcAddress
LoadLibraryA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetShortPathNameA
lstrcpyA
lstrcatA
MoveFileA
GetSystemDefaultLangID
CreateToolhelp32Snapshot
Process32First
Process32Next
WaitNamedPipeW
PeekNamedPipe
GetLastError
CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameA
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
OpenEventA
WaitForSingleObject
SetEvent
CreateEventA
FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
SetCurrentDirectoryA
WriteFile
ReadFile
FreeLibrary
DeleteFileA
CreateFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
MultiByteToWideChar
lstrlenW
GetModuleFileNameW
UnhandledExceptionFilter
CreateFileW
Sleep
GetCurrentProcessId

user32

ShowWindow
SetWindowPos
CreateDialogParamA
DestroyWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
GetDC
ReleaseDC
BeginPaint
EndPaint
GetClientRect
GetWindowRect
MessageBoxA
FillRect
SetWindowLongA
GetDesktopWindow
UpdateWindow
DefWindowProcA
LoadBitmapA
InvalidateRect
LoadIconA
RegisterClassA
ChangeDisplaySettingsA
LoadCursorA
TranslateMessage
DispatchMessageA
PeekMessageA
FindWindowA
ShowCursor
MessageBoxW
IsIconic
SendMessageA
SetFocus

gdi32

SelectObject
DeleteDC
CreateCompatibleDC
BitBlt
GetObjectA
GetStockObject
GetDeviceCaps
DeleteObject

advapi32

RegGetValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteA

msvcp140

_Query_perf_frequency
_Thrd_join
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_timedwait
_Cnd_broadcast
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
_Xtime_get_ticks
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
_Query_perf_counter

engine

?Clear@CTString@@QAEXXZ
?DeleteSelf@CEntity@@QAEXXZ
?g_bNoPlaySnd@@3HA
?g_fFramePerSecond@@3MA
?snd_iFormat@@3JA
?g_szExitError@@3PADA
?DiscordUpdateData@@3_NA
?DiscordImage@@3PADA
?DiscordLocation@@3PADA
?DiscordGuild@@3PADA
?DiscordLevel@@3HA
?DiscordNickName@@3PADA
?_pEntityClassStock@@3PAVCStock_CEntityClass@@A
?g_iCountry@@3JA
?g_bNasTrans@@3HA
?g_nmVER@@3VCTString@@A
?g_nmCID@@3VCTString@@A
?g_nmPW@@3VCTString@@A
?g_nmID@@3VCTString@@A
?g_bAutoLogin@@3HA
?sam_bWideScreen@@3JA
?sam_iGfxAPI@@3JA
?sam_iDisplayAdapter@@3JA
?sam_iDisplayDepth@@3JA
?sam_iScreenSizeJ@@3JA
?sam_iScreenSizeI@@3JA
?_pvpViewPortMain@@3PAVCViewPort@@A
?_pdpNormalMain@@3PAVCDrawPort@@A
?_pdpMain@@3PAVCDrawPort@@A
?_bClientApp@@3HA
?_pfdDisplayFont@@3PAVCFontData@@A
?RemovePrefix@CTString@@QAEHABV1@@Z
?_pNetwork@@3PAVHSV016QW@@A
?_pTimer@@3PAVCTimer@@A
?_strModExt@@3VCTString@@A
?_fnmApplicationPath@@3VCTFileName@@A
?CheckEngineVersion@@YAXXZ
?initialize@CWebAddress@@QAEXXZ
?End@cWeb@@QAEHXZ
?Begin@cWeb@@QAEHXZ
?SetNextStage@StageMgr@@QAEXW4eSTAGE@@0@Z
?Run@StageMgr@@QAEXXZ
?Create@StageMgr@@QAEXXZ
?getSingleton@?$CSingletonBase@VStageMgr@@@@SAPAVStageMgr@@XZ
?setVersion@CUILoginNew@@QAEXPBD@Z
?Create@GameDataManager@@QAEXXZ
?DestroyRenderTarget@CUIManager@@QAEXXZ
?InitRenderTarget@CUIManager@@QAEXHH@Z
?SetTitleName@CUIManager@@QAEXJHH@Z
?MsgProc@CUIManager@@QAEXPAUtagMSG@@PAH@Z
?AdjustUIPos@CUIManager@@QAEXPAVCDrawPort@@@Z
?ResetUIPos@CUIManager@@QAEXPAVCDrawPort@@@Z
?SetGameHandle@CUIManager@@QAEXPAVCGame@@@Z
?Create@CUIManager@@QAEXXZ
?Release@CStock_CEntityClass@@QAEXPAVCEntityClass@@@Z
?Obtain_t@CStock_CEntityClass@@QAEPAVCEntityClass@@ABVCTFileName@@@Z
?SE_Destroy_WebAddressPtr@@YAXXZ
?SE_Get_GameDataManagerPtr@@YAPAVGameDataManager@@XZ
?SE_Get_UIManagerPtr@@YAPAVCUIManager@@XZ
?SE_Get_WebAddressPtr@@YAPAVCWebAddress@@XZ
?SE_GetEngineDllRefCnt@@YA?BHXZ
?SE_LoadDefaultFonts@@YAXXZ
?SE_EndEngine@@YAXXZ
?SE_InitEngine@@YAXVCTString@@@Z
?SwapBuffers@CViewPort@@QAEXH@Z
?UpdateSounds@CSoundLibrary@@QAEXXZ
?SetFormat@CSoundLibrary@@QAEXW4SoundFormat@1@H@Z
?TrimSpacesRight@CTString@@QAEJXZ
?TranslateConst@@YAPBDPBDJ@Z
?GetLine_t@CTStream@@QAEXAAVCTString@@D@Z
?GetValue@CShell@@QAE?AVCTString@@ABV2@@Z
?SetValue@CShell@@QAEXABVCTString@@0@Z
??0CTFileName@@QAE@ABVCTString@@@Z
?_pSound@@3PAVCSoundLibrary@@A
?ExceptionFatalError@CTStream@@SAXXZ
?SetVolume@CSoundObject@@QAEXMH@Z
??1CSoundObject@@QAE@XZ
??0CSoundObject@@QAE@XZ
?GameInactive@HSV016QW@@QAEXXZ
?InitPos@CUIBase@@QAEXHHHH@Z
?Fill@CDrawPort@@QBEXK@Z
?PutTexture@CDrawPort@@QBEXPAVCTextureObject@@ABV?$AABBox@J$01@@1KK@Z
?PutText@CDrawPort@@QBEXABVCTString@@JJK@Z
?SetFont@CDrawPort@@QAEXPAVCFontData@@@Z
?IsTripleHead@CDrawPort@@QAEHXZ
?IsDualHead@CDrawPort@@QAEHXZ
?MakeWideScreen@CDrawPort@@QAEXPAV1@@Z
??0CDrawPort@@QAE@PAV0@J@Z
??1CDrawPort@@QAE@XZ
??0CDrawPort@@QAE@XZ
?Unlock_internal@CDrawPort@@QAEXXZ
?Lock_internal@CDrawPort@@QAEHXZ
?InitSEEDEncrypt@Y6YTUZWH@@SAXXZ
??1CTextureObject@@QAE@XZ
?SetData_t@CTextureObject@@QAEXABVCTFileName@@@Z
??0CTextureObject@@QAE@XZ
?Force@CTextureData@@QAEXK@Z
?Benchmark@CGfxLibrary@@QAEXPAVCViewPort@@PAVCDrawPort@@@Z
?DestroyWindowCanvas@CGfxLibrary@@QAEXPAVCViewPort@@@Z
?CreateWindowCanvas@CGfxLibrary@@QAEXPAXPAPAVCViewPort@@PAPAVCDrawPort@@@Z
?ResetDisplayMode@CGfxLibrary@@QAEHW4GfxAPIType@@@Z
?LerpColor@@YAKKKM@Z
?IsWideScreen@CDisplayMode@@QAEHXZ
?IsTripleHead@CDisplayMode@@QAEHXZ
?IsDualHead@CDisplayMode@@QAEHXZ
?DepthString@CDisplayMode@@QBE?AVCTString@@XZ
??0CDisplayMode@@QAE@XZ
?GetHighPrecisionTimer@CTimer@@QAE?AVCTimerValue@@XZ
?GetRealTimeTick@CTimer@@QBEMXZ
?ExpandFilePath@@YAJKABVCTFileName@@AAV1@@Z
??0CTFileName@@QAE@XZ
?ExceptionFilter@CTStream@@SAHKPAU_EXCEPTION_POINTERS@@@Z
?ClearStreamHandling@CTStream@@SAXXZ
?DisableStreamHandling@CTStream@@SAXXZ
?EnableStreamHandling@CTStream@@SAXXZ
?FileName@CTFileName@@QBE?AV1@XZ
?FileDir@CTFileName@@QBE?AV1@XZ
??0CTFileName@@QAE@PBDH@Z
?FinishTranslationTable@@YAXXZ
?AddTranslationTablesDir_t@@YAXABVCTFileName@@0@Z
?InitTranslation@@YAXXZ
?GetWindowsError@@YA?BVCTString@@K@Z
?ThrowF_t@@YAXPADZZ
?DeleteChars@CTString@@QAEXJJ@Z
?IsEqualCaseSensitive@CTString@@QBEHABV1@@Z
?TrimRight@CTString@@QAEJJ@Z
?FindSubstr@CTString@@QAEJABV1@@Z
?g_web@@3VcWeb@@A
?_hDlgWeb@@3PAUHWND__@@A
?_hwndMain@@3PAUHWND__@@A
?_pGameState@@3PAVCGameState@@A
?sam_bFullScreenActive@@3JA
?_hInstanceMain@@3PAUHINSTANCE__@@A
?_bWindowChanging@@3HA
?UpdatePos@cWeb@@QAEXXZ
?CloseWebPage@cWeb@@QAEHPAUHWND__@@@Z
?OpenWebPage@cWeb@@QAEHPAUHWND__@@@Z
?SE_UpdateWindowHandle@@YAXPAUHWND__@@0@Z
?FatalError@@YAXPBDZZ
?_pGfx@@3PAVCGfxLibrary@@A
?_pShell@@3PAVCShell@@A
?Execute@CShell@@QAEXABVCTString@@@Z
?DeclareSymbol@CShell@@QAEXABVCTString@@PAX@Z
?CPrintF@@YAXPBDZZ
?Open_t@CTFileStream@@QAEXABVCTFileName@@W4OpenMode@CTStream@@@Z
??1CTFileStream@@UAE@XZ
??0CTFileStream@@QAE@XZ
?GetLine_t@CTStream@@QAEXPADJD@Z
?AtEOF@CTStream@@QAEHXZ
??0CTString@@QAE@XZ
??0CTString@@QAA@JPBDZZ
??1CTString@@QAE@XZ
?TrimSpacesLeft@CTString@@QAEJXZ
??8CTString@@QBEHPBD@Z
??9CTString@@QBEHPBD@Z
??HCTString@@QBE?AV0@ABV0@@Z
??YCTString@@QAEAAV0@ABV0@@Z
??H@YA?AVCTString@@PBDABV0@@Z
?Split@CTString@@QAEXJAAV1@0@Z
?DeleteChar@CTString@@QAEXJ@Z
?ScanF@CTString@@QAAJPBDZZ
?StringDuplicate@@YAPADPBD@Z
?StringFree@@YAXPAD@Z
?Translate@@YAPADPADJ@Z
?_fnmMod@@3VCTFileName@@A
?_fnmCDPath@@3VCTFileName@@A
?_strLogFile@@3VCTString@@A
?cmd_iWindowLeft@@3JA
?cmd_iWindowTop@@3JA
?MEM_Free@@YAXPAX@Z
?MEM_MAlloc@@YAPAXI@Z
??8CTString@@QBEHABV0@@Z
?Matches@CTString@@QBEHABV1@@Z
?PrintF@CTString@@QAAJPBDZZ
?WarningMessage@@YAXPBDZZ
??1CListNode@@QAE@XZ
?Clear@CListHead@@QAEXXZ
?AddTail@CListHead@@QAEXAAVCListNode@@@Z
??1CTFileName@@QAE@XZ

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

vcruntime140

strchr
__CxxFrameHandler3
__std_exception_destroy
_CxxThrowException
__std_exception_copy
__std_type_info_destroy_list
__std_terminate
memcpy
_except_handler4_common
__current_exception_context
memset
memmove
__current_exception

api-ms-win-crt-string-l1-1-0

_strnicmp
isspace
_stricmp
strncpy
_strdup

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
_get_stream_buffer_pointers
__p__commode
_set_fmode
fclose
__stdio_common_vsprintf
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fflush
fputc
fopen
fgetpos
fgetc
__stdio_common_vswprintf

api-ms-win-crt-runtime-l1-1-0

_initterm
_seh_filter_exe
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_exit
_cexit
_crt_at_quick_exit
_c_exit
_controlfp_s
_initterm_e
_crt_atexit
terminate
_beginthreadex
_set_app_type
_invalid_parameter_noinfo_noreturn
exit
_get_narrow_winmain_command_line
_controlfp

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-process-l1-1-0

_execv

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

shlwapi

PathAppendA
PathFileExistsA

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24bb5e38a8e213145939110456da8a1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

entitiesmp

kernel32

user32

gdi32

advapi32

shell32

msvcp140

engine

version

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

shlwapi

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 221KB

.rsrc Size: 353KB - Virtual size: 352KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 221KB

.rsrc
Size: 353KB - Virtual size: 352KB