24233f44c5d650b1da67fb9a341d1135ba1eb2b64e0a6c516011dbd2a5f833d0

Sharing

Copy URL Twitter E-mail

General

Target

24233f44c5d650b1da67fb9a341d1135ba1eb2b64e0a6c516011dbd2a5f833d0
Size

2.1MB
MD5

024377c2ccde674f105d52c3f83fab36
SHA1

66fef7782b5f05b24fb4fb0c88b28b5ae957fdd6
SHA256

24233f44c5d650b1da67fb9a341d1135ba1eb2b64e0a6c516011dbd2a5f833d0
SHA512

1358dab10583304cd4d443693764342c1e1d9fab430f98104869355d2d9ab6c392462f3d19793f49592c11c5c5383e48d33e7f213c59cd05e5e95bc7118f599b
SSDEEP

49152:KRab6e+zqke5tN6hSkBht2HuH2B45PC1J7nVJbKqbMBBGzD+4Eq1l/27:KEe7zqnN6hjfHH2carVfbs8zlu7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24233f44c5d650b1da67fb9a341d1135ba1eb2b64e0a6c516011dbd2a5f833d0

Files

24233f44c5d650b1da67fb9a341d1135ba1eb2b64e0a6c516011dbd2a5f833d0
.dll windows:6 windows x86 arch:x86

a3d7a778c48d75b2ce5a4ebdca773860

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
RemoveDirectoryA
GetCurrentProcess
GetCurrentThread
GetModuleFileNameA
SetProcessWorkingSetSize
K32GetProcessMemoryInfo
CreateThread
GetExitCodeThread
GetCommandLineA
VirtualProtect
GetPrivateProfileIntA
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadStringPtrA
IsBadReadPtr
GetACP
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
lstrlenA
ExitProcess
MulDiv
lstrcpyA
UnlockFileEx
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
VerifyVersionInfoW
lstrcpynA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
FindFirstFileA
SetLastError
MoveFileExA
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
GetFileSizeEx
ResetEvent
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
FindClose
CreateEventA
SetEvent
TerminateThread
CreateProcessA
WinExec
TerminateProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemTime
FormatMessageA
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
GetLocaleInfoA
LoadLibraryA
GetProcAddress
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
FileTimeToSystemTime
CreateDirectoryA
lstrcmpiA
GetLocalTime
GetTickCount64
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapSize
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
CreateFileMappingW
MapViewOfFile
GetTickCount
FlushFileBuffers
AreFileApisANSI
ReadFile
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetSystemDirectoryA
FreeLibrary
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
IsDBCSLeadByte
GlobalAlloc
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetWindowLongA
GetParent
GetWindow
LoadImageA
GetMonitorInfoA
wsprintfA
DefWindowProcA
PostQuitMessage
CallWindowProcA
RegisterClassA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
GetWindowLongA
PtInRect
IsRectEmpty
EmptyClipboard
GetKeyboardLayout
IntersectRect
GetSysColor
MapWindowPoints
GetWindowRect
InvalidateRect
GetUpdateRect
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
CreateWindowExW
EnableWindow
GetMenu
SetPropA
GetPropA
AdjustWindowRectEx
EndPaint
UpdateWindow
MoveWindow
SetForegroundWindow
EqualRect
GetWindowTextA
GetWindowTextLengthA
IsWindowEnabled
KillTimer
TrackMouseEvent
GetMessageExtraInfo
GetKeyState
GetCapture
SetCapture
ReleaseCapture
IsWindowUnicode
GetForegroundWindow
GetDC
ReleaseDC
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorA
MonitorFromWindow
SendMessageA
ShowWindow
IsWindowVisible
SetTimer
MessageBoxA
SetWindowTextA
PostMessageA
FindWindowA
SetWindowPos
SendNotifyMessageA
GetAsyncKeyState
TranslateMessage
DispatchMessageA
CharNextA
GetMessageA
CreatePopupMenu
DestroyMenu
CreateWindowExA
IsWindow
EnableMenuItem
DestroyWindow
AppendMenuA
TrackPopupMenu
SetWindowRgn
IsZoomed
MapVirtualKeyExA
GetDesktopWindow
OffsetRect
UnionRect
SetFocus
InflateRect
IsIconic
ExitWindowsEx
GetActiveWindow
GetFocus
CreateCaret
GetKeyNameTextA
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableA
SetRect
FillRect
DrawTextW
DrawTextA
CharPrevA
GetWindowRgn
UpdateLayeredWindow
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
BeginPaint

gdi32

CreatePatternBrush
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
GdiFlush
TextOutA
MoveToEx
SetStretchBltMode
StretchBlt
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32A
GetClipBox
GetCharABCWidthsA
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
SetTextColor
SetBkMode
CreateSolidBrush
BitBlt
CreateRoundRectRgn
SetWindowOrgEx
GetObjectA
GetTextMetricsA
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileA
CloseEnhMetaFile
SelectObject
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
GetDeviceCaps
DeleteObject
CreateRectRgn
AddFontMemResourceEx
GetStockObject
DeleteDC
CreatePen
CreateFontIndirectA

comdlg32

ChooseColorA

advapi32

CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

DragQueryFileA
ShellExecuteA

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_BADOFF@std@@3_JB
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??7ios_base@std@@QBE_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow

winmm

timeGetTime

dbghelp

SymGetModuleBase64
SymFunctionTableAccess64
SymGetSymFromAddr64
SymInitialize
StackWalk64
SymCleanup

ntdll

NtQueryVirtualMemory

ws2_32

select
freeaddrinfo
getaddrinfo
__WSAFDIsSet
WSAIoctl
WSASetLastError
WSAWaitForMultipleEvents
accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
htonl
WSAResetEvent
htons
WSAEventSelect
WSAEnumNetworkEvents
inet_addr
listen
ntohs
recv
recvfrom
inet_ntoa
send
sendto
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
gethostname
getsockopt
WSACloseEvent
WSACreateEvent

wldap32

ord60
ord45
ord211
ord143
ord46
ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFindExtension
CertOpenStore
CertCloseStore

normaliz

IdnToAscii
IdnToUnicode

d3dx9_43

D3DXCreateFontA

bcrypt

BCryptGenRandom

vcruntime140

_setjmp3
_CxxThrowException
__CxxFrameHandler3
memcpy
memchr
__std_type_info_destroy_list
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
__RTDynamicCast
longjmp
__std_exception_destroy
__std_exception_copy
_purecall
strrchr
strchr
memset
memcmp
strstr
memmove

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
__sys_nerr
_initialize_onexit_table
_errno
exit
_invalid_parameter_noinfo
__sys_errlist
terminate
system
_endthreadex
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_initialize_narrow_environment
strerror
abort

api-ms-win-crt-stdio-l1-1-0

_fileno
_write
_close
fgets
feof
getc
fopen
ferror
_read
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
_ftelli64
_popen
ftell
fseek
fread
tmpnam
fputs
__stdio_common_vswprintf
ungetc
setvbuf
_open
fflush
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
_wfopen
__acrt_iob_func
fwrite
__stdio_common_vsprintf_s
fclose
fopen_s
_lseeki64
clearerr
_pclose
freopen
tmpfile

api-ms-win-crt-string-l1-1-0

isalpha
tolower
isupper
isspace
strcpy_s
isgraph
isdigit
strcspn
isalnum
strcmp
islower
ispunct
_stricmp
iscntrl
strlen
_strdup
strcpy
strncmp
toupper
strcoll
strcat
strpbrk
isxdigit
strspn
strncpy

api-ms-win-crt-heap-l1-1-0

free
_callnewh
realloc
malloc
calloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort
abs
srand
rand
_lrotl

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
_CIatan2
round
ldexp
ceil
_libm_sse2_acos_precise
_except1
floor
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_fdopen
_libm_sse2_cos_precise
_CIfmod
_libm_sse2_asin_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
sin
cos
frexp
_libm_sse2_pow_precise
sqrt
_libm_sse2_tan_precise

api-ms-win-crt-convert-l1-1-0

strtoll
wcstombs
atol
atoll
_strtoui64
strtol
atoi
strtod
_atoi64
strtoul
_itoa

api-ms-win-crt-time-l1-1-0

_localtime64
_localtime64_s
_difftime64
strftime
_gmtime64
_time64
_mktime64
clock

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsnbcpy
_mbsrchr
_mbsstr
_mbsnbcat
_ismbcspace
_mbsnbcmp
_ismbcalnum
_mbsicmp
_mbscmp
_mbslwr

api-ms-win-crt-filesystem-l1-1-0

_findfirst64i32
_unlock_file
_lock_file
_access
_unlink
rename
_findnext64i32
_findclose
_fstat64
_stat64
remove

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-environment-l1-1-0

getenv

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoCreateInstance

oleaut32

SysAllocStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipDrawLine
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipAlloc
GdipTranslateMatrix
GdipRotateMatrix
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreatePen2
GdipSetPenStartCap
GdipSetPenEndCap
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDeleteMatrix

Exports

Exports

V

Sections

.text
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3d7a778c48d75b2ce5a4ebdca773860

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

msvcp140

imm32

winmm

dbghelp

ntdll

ws2_32

wldap32

crypt32

normaliz

d3dx9_43

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

ole32

oleaut32

comctl32

gdiplus

Exports

Exports

Sections

.text Size: - Virtual size: 3.3MB

.rdata Size: - Virtual size: 503KB

.data Size: - Virtual size: 192KB

.gfids Size: - Virtual size: 104B

.tls Size: 512B - Virtual size: 21B

.vmp0 Size: - Virtual size: 641KB

.vmp1 Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 512B - Virtual size: 144B

.text
Size: - Virtual size: 3.3MB

.rdata
Size: - Virtual size: 503KB

.data
Size: - Virtual size: 192KB

.gfids
Size: - Virtual size: 104B

.tls
Size: 512B - Virtual size: 21B

.vmp0
Size: - Virtual size: 641KB

.vmp1
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 512B - Virtual size: 144B