a41ea92d12fb28303a73a49f92108e1e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a41ea92d12fb28303a73a49f92108e1e_JaffaCakes118
Size

46KB
MD5

a41ea92d12fb28303a73a49f92108e1e
SHA1

8c2c98d462469097ceba9af455aba8b3f61ed591
SHA256

4b2eb561dc90b1668476441cb21c97a60736110f93aecfd11442f73e53bc5e98
SHA512

99bb17b989ec7ae62fac31408a26d65064620a9e323075f2e74d0cd65773250f73d1123b154419e429e25372fd7a1503eb776bd4513331c35b9ba295b55c1a62
SSDEEP

768:dcfycg6B3CQ6BLaSs1uQbcUagrhGbvJ2uHS2PAetJ1a7MfoblKp+qZH4UE/wxEhq:2ffNB35ULaSs1uqcUHr4J2auK/h

Score

1^/10

Malware Config

Signatures

Files

a41ea92d12fb28303a73a49f92108e1e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

64a8668b405ddcdc05574cc458a73021

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:ac:03:7a:a8:1d:63:fd
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

28/06/2017, 23:20

Not After

25/08/2020, 17:00

Subject

CN=Foxit Software Incorporated,O=Foxit Software Incorporated,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:50:a9:e4:03:8f:6d:fc:56:91:aa:5e:31:f2:b4:5b:2b:db:7c:3e
Signer

Actual PE Digest

b4:50:a9:e4:03:8f:6d:fc:56:91:aa:5e:31:f2:b4:5b:2b:db:7c:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mojom_core_shared.dll.pdb

Imports

bindings_base

?IsHandleOrInterfaceValid@internal@mojo@@YA_NABUHandle_Data@12@@Z
?MakeMessageWithArrayIndex@internal@mojo@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDII@Z
?MakeMessageWithExpectedArraySize@internal@mojo@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDII@Z
?ReportNonNullableValidationError@internal@mojo@@YAXPAVValidationContext@12@W4ValidationError@12@H@Z
?ReportValidationError@internal@mojo@@YAXPAVValidationContext@12@W4ValidationError@12@PBD@Z
?ValidateHandleOrInterface@internal@mojo@@YA_NABUAssociatedEndpointHandle_Data@12@PAVValidationContext@12@@Z
?ValidateHandleOrInterface@internal@mojo@@YA_NABUAssociatedInterface_Data@12@PAVValidationContext@12@@Z
?ValidateHandleOrInterface@internal@mojo@@YA_NABUHandle_Data@12@PAVValidationContext@12@@Z
?ValidateHandleOrInterfaceNonNullable@internal@mojo@@YA_NABUAssociatedEndpointHandle_Data@12@HPAVValidationContext@12@@Z
?ValidateHandleOrInterfaceNonNullable@internal@mojo@@YA_NABUAssociatedInterface_Data@12@HPAVValidationContext@12@@Z
?ValidateStructHeaderAndClaimMemory@internal@mojo@@YA_NPBXPAVValidationContext@12@@Z

mojom_platform_shared

?Validate@NavigationPreloadState_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@SerializedArrayBufferContents_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@SerializedBlob_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerClientInfo_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerClientQueryOptions_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z

mojo_base_mojom_shared

?Validate@BigBuffer_Data@internal@mojom@mojo_base@@SA_NPBXPAVValidationContext@2mojo@@_N@Z
?Validate@UnguessableToken_Data@internal@mojom@mojo_base@@SA_NPBXPAVValidationContext@2mojo@@@Z

kernel32

DisableThreadLibraryCalls
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetSystemInfo
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExA
QueryPerformanceCounter
RaiseException
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
terminate

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

??0ChangedServiceWorkerObjectsMask_Data@internal@mojom@blink@@AAE@XZ
??0CloneableMessage_Data@internal@mojom@blink@@AAE@XZ
??0Portal_Activate_Params_Data@internal@mojom@blink@@AAE@XZ
??0Portal_Activate_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0Portal_Init_Params_Data@internal@mojom@blink@@AAE@XZ
??0Portal_Init_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0Portal_Navigate_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_ClaimClients_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_ClaimClients_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_ClearCachedMetadata_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_FocusClient_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_FocusClient_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_GetClient_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_GetClient_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_GetClients_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_GetClients_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_NavigateClient_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_NavigateClient_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_OpenNewTab_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_OpenNewTab_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_OpenPaymentHandlerWindow_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_OpenPaymentHandlerWindow_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_PostMessageToClient_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_SetCachedMetadata_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_SkipWaiting_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerHost_SkipWaiting_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerObjectHost_PostMessageToServiceWorker_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerObjectHost_TerminateForTesting_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerObjectHost_TerminateForTesting_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerObjectInfo_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerObject_StateChanged_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_EnableNavigationPreload_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_EnableNavigationPreload_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_GetNavigationPreloadState_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_GetNavigationPreloadState_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_SetNavigationPreloadHeader_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_SetNavigationPreloadHeader_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_Unregister_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_Unregister_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_Update_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectHost_Update_ResponseParams_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObjectInfo_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObject_SetServiceWorkerObjects_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObject_SetUpdateViaCache_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationObject_UpdateFound_Params_Data@internal@mojom@blink@@AAE@XZ
??0ServiceWorkerRegistrationOptions_Data@internal@mojom@blink@@AAE@XZ
??0TransferableMessage_Data@internal@mojom@blink@@AAE@XZ
??0UserActivationSnapshot_Data@internal@mojom@blink@@AAE@XZ
?Validate@ChangedServiceWorkerObjectsMask_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@CloneableMessage_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@Portal_Activate_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@Portal_Activate_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@Portal_Init_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@Portal_Init_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@Portal_Navigate_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_ClaimClients_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_ClaimClients_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_ClearCachedMetadata_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_FocusClient_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_FocusClient_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_GetClient_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_GetClient_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_GetClients_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_GetClients_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_NavigateClient_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_NavigateClient_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_OpenNewTab_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_OpenNewTab_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_OpenPaymentHandlerWindow_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_OpenPaymentHandlerWindow_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_PostMessageToClient_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_SetCachedMetadata_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_SkipWaiting_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerHost_SkipWaiting_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerObjectHost_PostMessageToServiceWorker_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerObjectHost_TerminateForTesting_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerObjectHost_TerminateForTesting_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerObjectInfo_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerObject_StateChanged_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_EnableNavigationPreload_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_EnableNavigationPreload_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_GetNavigationPreloadState_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_GetNavigationPreloadState_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_SetNavigationPreloadHeader_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_SetNavigationPreloadHeader_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_Unregister_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_Unregister_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_Update_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectHost_Update_ResponseParams_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObjectInfo_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObject_SetServiceWorkerObjects_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObject_SetUpdateViaCache_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationObject_UpdateFound_Params_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@ServiceWorkerRegistrationOptions_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@TransferableMessage_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z
?Validate@UserActivationSnapshot_Data@internal@mojom@blink@@SA_NPBXPAVValidationContext@2mojo@@@Z

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64a8668b405ddcdc05574cc458a73021

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

36:ac:03:7a:a8:1d:63:fdCertificate

Extended Key Usages

Key Usages

b4:50:a9:e4:03:8f:6d:fc:56:91:aa:5e:31:f2:b4:5b:2b:db:7c:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bindings_base

mojom_platform_shared

mojo_base_mojom_shared

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 940B

.00cfg Size: 512B - Virtual size: 4B

.gfids Size: 512B - Virtual size: 20B

.reloc Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:e7:15
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

36:ac:03:7a:a8:1d:63:fd
Certificate

b4:50:a9:e4:03:8f:6d:fc:56:91:aa:5e:31:f2:b4:5b:2b:db:7c:3e
Signer

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 940B

.00cfg
Size: 512B - Virtual size: 4B

.gfids
Size: 512B - Virtual size: 20B

.reloc
Size: 1KB - Virtual size: 1KB