8d4b55768a3af5ef2d2d226c3df4ecf1bbd0d05172c4aa5d795fa5c4a76eec73

Sharing

Copy URL Twitter E-mail

General

Target

8d4b55768a3af5ef2d2d226c3df4ecf1bbd0d05172c4aa5d795fa5c4a76eec73
Size

2.1MB
MD5

e43b3d863c7368176111f7e133f2246c
SHA1

c2ae337d17731e2d7d8935d6ab40b6fe22978c78
SHA256

8d4b55768a3af5ef2d2d226c3df4ecf1bbd0d05172c4aa5d795fa5c4a76eec73
SHA512

9178e6a5f6fe1e661839ad341db16573bc328bc9a0b6c0fc1e50ad6960b1fda8ac6f40ba3abe9a5c9509eb9bd339782e59f55876e0b4f8184d696bf3fc5cda97
SSDEEP

24576:8WIiJCm6gGaTliSN/x0iwiFVmboxEnTEgwoFHT:Pvw1SN/x0iw/UQFhFHT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d4b55768a3af5ef2d2d226c3df4ecf1bbd0d05172c4aa5d795fa5c4a76eec73

Files

8d4b55768a3af5ef2d2d226c3df4ecf1bbd0d05172c4aa5d795fa5c4a76eec73
.dll windows:6 windows x64 arch:x64

1e19d5edd97b09ba004b93ec091ed6b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Project\YW\doganticheat\doganticheat-fml-1.16\src\main\resources\dlls\dac.pdb

Imports

kernel32

SetThreadContext
VirtualQuery
WriteProcessMemory
GetThreadContext
GetCurrentThread
Process32NextW
Process32FirstW
VirtualFree
VirtualAlloc
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleW
GetThreadTimes
ResumeThread
SuspendThread
GetExitCodeThread
TerminateThread
OpenThread
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
OutputDebugStringW
IsDebuggerPresent
VirtualAllocEx
CreateFileW
DeviceIoControl
GetProcessId
OpenProcess
GetNativeSystemInfo
IsWow64Process
ReadFile
ConnectNamedPipe
CreateNamedPipeW
CreateThread
DuplicateHandle
ResetEvent
GetTickCount
ContinueDebugEvent
WaitForDebugEvent
DebugActiveProcess
DebugActiveProcessStop
CheckRemoteDebuggerPresent
Sleep
DebugSetProcessKillOnExit
OutputDebugStringA
QueryPerformanceCounter
GetSystemTimeAsFileTime
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetWindowsDirectoryW
UnmapViewOfFile
ReleaseActCtx
GetEnvironmentVariableW
GetCurrentDirectoryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
ActivateActCtx
DeactivateActCtx
Module32FirstW
GetFileAttributesW
GetModuleFileNameW
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
CreateRemoteThread
GetSystemInfo
GlobalLock
GlobalUnlock
GlobalSize
VirtualProtect
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
AddVectoredExceptionHandler
SetLastError
GetLastError
LocalFree
DecodePointer
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
DisableThreadLibraryCalls
GetStartupInfoW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeLibrary
LoadLibraryW
CreateActCtxW
MapViewOfFile
CreateFileMappingW
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualFreeEx

user32

UnregisterClassW
GetDC
ReleaseDC
GetClientRect
wsprintfW
GetForegroundWindow

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

ole32

CoInitializeEx
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

SetErrorInfo
VariantChangeType
SysAllocString
SysFreeString
VariantClear
GetErrorInfo
VariantInit
CreateErrorInfo

msvcp140d

?_Xbad_function_call@std@@YAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Random_device@std@@YAIXZ

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToStream
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage

jvm

JNI_GetCreatedJavaVMs

vcruntime140d

memcpy
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memmove
memcmp
_purecall
memchr
__C_specific_handler
__current_exception
__current_exception_context
__C_specific_handler_noexcept
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_LoadLibraryExW

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

__stdio_common_vswprintf_s
terminate
strcmp
_CrtDbgReport
_initterm_e
atoi
_stricmp
__stdio_common_vfprintf_s
__stdio_common_vsprintf_s
wcstok_s
_CrtDbgReportW
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
ceilf
_crt_atexit
_crt_at_quick_exit
_cexit
strcpy_s
_free_dbg
_initterm
free
malloc
wcscpy_s
wcslen
wcscmp
_invalid_parameter_noinfo
_errno
_recalloc
_wassert
realloc
_wcsicmp
_abs64
wcstol
__stdio_common_vsnwprintf_s
__acrt_iob_func
__stdio_common_vfwprintf_s
__stdio_common_vfprintf
abort
__stdio_common_vsprintf
_callnewh
strlen
towlower
strcat_s
_wmakepath_s
_wsplitpath_s
__stdio_common_vswprintf
_invalid_parameter

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
RegOpenKeyW
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
OpenThreadToken

shlwapi

SHDeleteKeyW

Exports

Exports

??0Assembler@asmjit@@QEAA@PEAURuntime@1@@Z
??0CodeGen@asmjit@@QEAA@PEAURuntime@1@@Z
??0HostRuntime@asmjit@@QEAA@XZ
??0JitRuntime@asmjit@@QEAA@XZ
??0Runtime@asmjit@@QEAA@XZ
??0StaticRuntime@asmjit@@QEAA@PEAX_K@Z
??0VMemMgr@asmjit@@QEAA@PEAX@Z
??0X86Assembler@asmjit@@QEAA@PEAURuntime@1@I@Z
??0Zone@asmjit@@QEAA@_K@Z
??1Assembler@asmjit@@UEAA@XZ
??1CodeGen@asmjit@@UEAA@XZ
??1HostRuntime@asmjit@@UEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Runtime@asmjit@@UEAA@XZ
??1StaticRuntime@asmjit@@UEAA@XZ
??1VMemMgr@asmjit@@QEAA@XZ
??1X86Assembler@asmjit@@UEAA@XZ
??1Zone@asmjit@@QEAA@XZ
??_FVMemMgr@asmjit@@QEAAXXZ
?_alloc@Zone@asmjit@@QEAAPEAX_K@Z
?_emit@X86Assembler@asmjit@@UEAAIIAEBUOperand@2@000@Z
?_grow@Assembler@asmjit@@QEAAI_K@Z
?_grow@PodVectorBase@asmjit@@IEAAI_K0@Z
?_newLabel@Assembler@asmjit@@QEAAIPEAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QEAAPEAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QEAAI_K@Z
?_relocCode@X86Assembler@asmjit@@UEBA_KPEAX_K@Z
?_reserve@Assembler@asmjit@@QEAAI_K@Z
?_reserve@PodVectorBase@asmjit@@IEAAI_K0@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UEAAIPEAPEAXPEAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UEAAIII@Z
?alloc@VMemMgr@asmjit@@QEAAPEAX_KI@Z
?alloc@VMemUtil@asmjit@@SAPEAX_KPEA_KI@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPEAXPEAX_KPEA_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K@Z
?assertionFailed@asmjit@@YAXPEBD0H@Z
?bind@Assembler@asmjit@@UEAAIAEBULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPEATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPEAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QEAAPEAXPEBX_K@Z
?embed@Assembler@asmjit@@UEAAIPEBXI@Z
?embedLabel@X86Assembler@asmjit@@QEAAIAEBULabel@2@@Z
?emit@Assembler@asmjit@@QEAAII@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@H@Z
?emit@Assembler@asmjit@@QEAAIIAEBUOperand@2@_K@Z
?emit@Assembler@asmjit@@QEAAIIH@Z
?emit@Assembler@asmjit@@QEAAII_K@Z
?flush@HostRuntime@asmjit@@UEAAXPEAX_K@Z
?getCpuInfo@HostRuntime@asmjit@@UEAAPEBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPEBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SA_KXZ
?getPageSize@VMemUtil@asmjit@@SA_KXZ
?getStackAlignment@HostRuntime@asmjit@@UEAAIXZ
?make@Assembler@asmjit@@UEAAPEAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KAEBUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UEAAIPEAX@Z
?release@StaticRuntime@asmjit@@UEAAIPEAX@Z
?release@VMemMgr@asmjit@@QEAAIPEAX@Z
?release@VMemUtil@asmjit@@SAIPEAX_K@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPEAX0_K@Z
?relocCode@Assembler@asmjit@@QEBA_KPEAX_K@Z
?reset@Assembler@asmjit@@QEAAX_N@Z
?reset@PodVectorBase@asmjit@@QEAAX_N@Z
?reset@VMemMgr@asmjit@@QEAAXXZ
?reset@Zone@asmjit@@QEAAX_N@Z
?sdup@Zone@asmjit@@QEAAPEADPEBD@Z
?setArch@X86Assembler@asmjit@@QEAAII@Z
?setError@CodeGen@asmjit@@QEAAIIPEBD@Z
?setErrorHandler@CodeGen@asmjit@@QEAAIPEAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@VMemMgr@asmjit@@QEAAIPEAX_K@Z
?x86RegData@asmjit@@3UX86RegData@1@B
Java_org_ywzj_doganticheat_core_NativeApi_core0
Java_org_ywzj_doganticheat_core_NativeApi_core1
Java_org_ywzj_doganticheat_core_NativeApi_op0
Java_org_ywzj_doganticheat_core_NativeApi_op1

Sections

.textbss
Size: - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e19d5edd97b09ba004b93ec091ed6b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

msvcp140d

gdiplus

jvm

vcruntime140d

vcruntime140_1d

ucrtbased

advapi32

shlwapi

Exports

Exports

Sections

.textbss Size: - Virtual size: 707KB

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 422KB - Virtual size: 421KB

.data Size: 6KB - Virtual size: 20KB

.pdata Size: 109KB - Virtual size: 109KB

.idata Size: 18KB - Virtual size: 17KB

.msvcjmc Size: 14KB - Virtual size: 13KB

.00cfg Size: 512B - Virtual size: 373B

.tls Size: 1024B - Virtual size: 777B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.textbss
Size: - Virtual size: 707KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 422KB - Virtual size: 421KB

.data
Size: 6KB - Virtual size: 20KB

.pdata
Size: 109KB - Virtual size: 109KB

.idata
Size: 18KB - Virtual size: 17KB

.msvcjmc
Size: 14KB - Virtual size: 13KB

.00cfg
Size: 512B - Virtual size: 373B

.tls
Size: 1024B - Virtual size: 777B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB