240923-mmfn2svckn_pw_infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

240923-mmfn2svckn_pw_infected.zip
Size

15.1MB
MD5

d97b600a067272a28d7f28ca71cc0020
SHA1

dff7bf7fec37bc78be8ce4334aa50ca42e90378c
SHA256

28cc4a9984a25cfa560e945da3f172fbda9ad081aeee88a2ab626db8885e0776
SHA512

95f3ae89c24d81381a56f373b2a5c8de6885290a81e6d09eabeff53f2fa35c15f00a29b2dc28def88a7e226f2a22212adac4c0d702e4fbed6d5ff8b163699d57
SSDEEP

393216:uy8NuYU2u4H0UMbIH8L5CmTXpz0DzhveOdEj+TYo3J8g:uy8NTHH+bSmTIUcGPRg

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack003/cerber.exe
unpack005/cryptowall.bin
unpack007/jigsaw
unpack009/Locky

Files

240923-mmfn2svckn_pw_infected.zip
.zip

Password: infected
Ransomware-Samples-main.zip
.zip

Password: infected
Ransomware-Samples-main/Cerber/Ransomware.Cerber.zip
.zip

Password: infected
cerber.exe
.exe windows:5 windows x86 arch:x86

Password: infected

9d6ed8d049bc10bc45b1995cb6f7f4b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVolumeInformationW
GetWindowsDirectoryW
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
IsSystemResumeAutomatic
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
GetEnvironmentVariableW
QueryPerformanceCounter
QueueUserAPC
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RemoveDirectoryW
ScrollConsoleScreenBufferW
SearchPathW
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetLocalTime
SetSystemTime
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelA
SleepEx
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TransmitCommChar
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualFreeEx
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileSectionA
_hwrite
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW
GetEnvironmentStringsW
GetDriveTypeW
GetDiskFreeSpaceExW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleTitleW
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetCompressedFileSizeW
GetCommandLineW
GetCPInfo
GetBinaryTypeW
GetBinaryType
FreeLibrary
FormatMessageW
FlushFileBuffers
FlushConsoleInputBuffer
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
EraseTape
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteFileA
CreateThread
CreateProcessW
CreateFileW
CreateFileA
CreateDirectoryW
CopyFileW
CopyFileA
ConvertDefaultLocale
CompareFileTime
CloseHandle
OpenProcess
AddAtomW

user32

DefWindowProcW
DrawFocusRect
CreateWindowStationA
CreateMenu
FillRect
FindWindowW
GetMenuCheckMarkDimensions
GetProcessWindowStation
GetSysColorBrush
GetThreadDesktop
GetUpdateRgn
GetUserObjectInformationW
InflateRect
InsertMenuItemW
IsIconic
LockWindowUpdate
MessageBeep
MessageBoxW
MonitorFromWindow
OffsetRect
PostMessageW
RealGetWindowClass
SendMessageW
SetUserObjectInformationW
ShowWindow
ToUnicode
WinHelpA
LoadCursorW
GetKBCodePage
DefMDIChildProcW
CloseWindowStation

gdi32

StartPage
SetMiterLimit
SetMapperFlags
SetBitmapBits
PtVisible
OffsetClipRgn
GetViewportOrgEx
GetTextFaceW
AddFontMemResourceEx
AnimatePalette
Arc
BRUSHOBJ_pvAllocRbrush
ColorMatchToTarget
CopyEnhMetaFileA
CreatePatternBrush
DescribePixelFormat
EngFreeModule
EngTextOut
EnumFontsW
FillRgn
GdiGetPageCount
GetGlyphOutlineW
GetMiterLimit
GetOutlineTextMetricsA

advapi32

RegOpenKeyW
SaferRecordEventLogEntry
SaferIdentifyLevel
SaferComputeTokenFromLevel
SaferCloseLevel
RevertToSelf
RegSetValueW
RegSetValueExW
RegQueryValueW
RegQueryValueExW
CreateProcessAsUserW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
ImpersonateLoggedOnUser
GetSecurityDescriptorOwner
GetFileSecurityW
FreeSid

shell32

ShellExecuteExW
ShellExecuteA
ShellAboutA
SHIsFileAvailableOffline
SHGetSettings
CheckEscapesW
DragQueryFile
DragQueryFileAorW
ExtractIconExW
SHAppBarMessage
SHBrowseForFolderA
SHChangeNotify
SHCreateProcessAsUserW
SHEmptyRecycleBinA
SHFileOperationA
SHGetDataFromIDListA
SHGetDiskFreeSpaceA
SHGetMalloc
WOWShellExecute

shlwapi

StrCmpNW
StrStrIA
StrStrIW
StrCmpNA
StrChrIA

comctl32

ImageList_Create

msvcrt

_XcptFilter
__getmainargs
__initenv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_c_exit
_cexit
_close
_controlfp
_dup
_dup2
_errno
_except_handler3
_exit
_get_osfhandle
_getch
_initterm
_iob
_open_osfhandle
_pclose
_pipe
_seh_longjmp_unwind
_setjmp3
_setmode
_snwprintf
_tell
_ultoa
_vsnwprintf
_wcsicmp
_wcslwr
_wcsnicmp
_wcsupr
_wpopen
_wtol
calloc
exit
fflush
fgets
fprintf
free
iswalpha
iswdigit
iswspace
iswxdigit
longjmp
malloc
memmove
printf
qsort
rand
realloc
setlocale
srand
swprintf
swscanf
time
towlower
towupper
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcsrchr
wcsspn
wcsstr
wcstol
wcstoul

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransomware-Samples-main/Cryptowall/Ransomware.Cryptowall.zip
.zip

Password: infected
cryptowall.bin
.exe windows:5 windows x86 arch:x86

Password: infected

edbc0337cc897a187d263d79c09c15c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableMenuItem
GetDlgItem
SendDlgItemMessageA
AppendMenuA
GetWindowLongA
wvsprintfA
SetWindowPos
FindWindowA
RedrawWindow
GetWindowTextA
EnableWindow
GetSystemMetrics
IsWindow
CheckRadioButton
UnregisterClassA
SetCursor
GetSysColorBrush
DialogBoxParamA
DestroyAcceleratorTable
DispatchMessageA
TranslateMessage
LoadIconA
EmptyClipboard
SetClipboardData
SetFocus
CharUpperA
OpenClipboard
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RemoveMenu
InvalidateRect
ChildWindowFromPoint
PostMessageA
DestroyCursor
CreateDialogParamA
GetWindowRect
IsMenu
GetSubMenu
SetDlgItemInt
GetWindowPlacement
CharLowerBuffA
LoadCursorA
CheckMenuRadioItem
GetSysColor
KillTimer
DestroyIcon
DestroyWindow
PostQuitMessage
GetClientRect
MoveWindow
GetSystemMenu
SetTimer
SetWindowPlacement
InsertMenuItemA
GetMenu
CheckMenuItem
SetMenuItemInfoA
SetActiveWindow
DefDlgProcA
RegisterClassA
EndDialog
SetDlgItemTextA
EnumClipboardFormats
GetClipboardData
CloseClipboard
GetClassInfoA
CallWindowProcA
SetWindowLongA
IsDlgButtonChecked
SetWindowTextA
CheckDlgButton
GetActiveWindow
MessageBoxA
wsprintfA
GetDlgItemTextA
SendMessageA
GetCursorPos
TrackPopupMenu
ClientToScreen
DestroyMenu
CreatePopupMenu

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegSetValueA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
GetUserNameA

dbghelp

ImageNtHeader
ImageRvaToSection
ImageRvaToVa

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Remove
CreateToolbarEx
ImageList_SetBkColor
ImageList_Create

kernel32

IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EnterCriticalSection
HeapSize
LeaveCriticalSection
DeleteCriticalSection
GetLocaleInfoA
WriteFile
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
GlobalCompact
SetProcessWorkingSetSize
EncodePointer
OpenProcess
GlobalUnWire
GetStdHandle
IsWow64Process
GetProcessHandleCount
GetProcessHeap
FlushFileBuffers
PulseEvent
GetVersion
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCommandLineA
GetProcessId
LockResource
GlobalDeleteAtom
LCMapStringA
LCMapStringW
GetModuleFileNameA
SetProcessPriorityBoost
GlobalUnfix
RequestWakeupLatency
IsProcessInJob
GetThreadTimes
GetProcessTimes
PeekNamedPipe

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 51.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransomware-Samples-main/Jigsaw/Ransomware.Jigsaw.zip
.zip

Password: infected
jigsaw
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

!mmUPp
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Ransomware-Samples-main/LICENSE
Ransomware-Samples-main/Locky/Ransomware.Locky.zip
.zip

Password: infected
Locky
.exe windows:4 windows x86 arch:x86

0fcea3af550ad0a893e93808dccf17f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityDescriptorDacl
RegisterEventSourceA
RegQueryInfoKeyA
GetSidSubAuthorityCount
RegSetValueExA
RegDeleteKeyA
GetKernelObjectSecurity
RegCloseKey
RegQueryValueA
RegLoadKeyA
GetSidSubAuthority
RegConnectRegistryA
LookupPrivilegeValueA
InitiateSystemShutdownA
CreateProcessAsUserA
GetSidIdentifierAuthority
OpenThreadToken
LsaQueryInformationPolicy
RegQueryValueW
EncryptFileW
RegSetValueW
MakeAbsoluteSD
RegOpenKeyExA
RegCreateKeyExW
AddAce
SetNamedSecurityInfoW
OpenEventLogW
GetUserNameW
SetSecurityDescriptorSacl
MakeSelfRelativeSD
RegFlushKey
InitializeSecurityDescriptor
InitializeAcl
SetEntriesInAclA
GetSidLengthRequired
RegSetValueA
SetEntriesInAclW
GetAclInformation

user32

DrawIconEx
IsDialogMessageA
OffsetRect
PostThreadMessageW
DialogBoxParamA
GetLastActivePopup
GetGUIThreadInfo
DrawStateA
IsWindow
OpenClipboard
InSendMessage
FindWindowW
IsMenu
EnumDisplaySettingsA
DrawAnimatedRects
FrameRect
SetMenuDefaultItem
GrayStringW
CreateDialogIndirectParamW
ClientToScreen
GetParent
TranslateMDISysAccel
CreateDesktopW
ShowCaret
GetProcessWindowStation
TrackPopupMenu
IntersectRect
DialogBoxIndirectParamA
DefWindowProcA
ReuseDDElParam
NotifyWinEvent
SetClipboardData
CloseClipboard
DdeDisconnect
GetClassNameA
GetCaretPos
CharLowerW
GetWindowModuleFileNameA
IsWindowVisible
wvsprintfA
ModifyMenuA
SendDlgItemMessageW
SetCaretBlinkTime
LoadMenuW
GetMenuState
DrawTextExA
ChangeDisplaySettingsW
CreateWindowExW
GetCapture
CreatePopupMenu
SetMenu
CharUpperBuffW
DrawStateW
LoadImageA
GetScrollPos
GetDlgItem
GetClipboardFormatNameW
ValidateRgn
GetWindowThreadProcessId
GetClassInfoExW
DdeAccessData
ShowWindow
GetKeyboardLayout
GetClassInfoW
SetCaretPos
LoadCursorA
FillRect
LoadMenuA
mouse_event
ModifyMenuW
InvalidateRgn
GetMenuItemID
IsIconic
OemToCharA
LoadCursorFromFileW
RegisterWindowMessageA
DispatchMessageW
GetCursorPos
CharPrevA
GetWindowWord

imm32

ImmGetProperty
ImmGetCandidateListCountA
ImmGetCompositionStringA
ImmSetConversionStatus
ImmSetOpenStatus
ImmCreateContext
ImmGetOpenStatus
ImmNotifyIME
ImmInstallIMEA
ImmGetContext
ImmDestroyContext
ImmSimulateHotKey
ImmConfigureIMEA
ImmAssociateContext

rasapi32

RasDialA
RasGetProjectionInfoA

kernel32

WriteFileGather
PulseEvent
GetLongPathNameA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ransomware-Samples-main/Mamba/Ransomware.Mamba.zip
.zip
Ransomware-Samples-main/Matsnu/Ransomware.Matsnu.zip
.zip
Ransomware-Samples-main/Petrwrap/Ransomware.Petrwrap.zip
.zip
Ransomware-Samples-main/Petya/Ransomware.Petya.zip
.zip
Ransomware-Samples-main/README.md
Ransomware-Samples-main/Radamant/Ransomware.Radamant.zip
.zip
Ransomware-Samples-main/RedBoot/Ransomware.RedBoot.zip
.zip
Ransomware-Samples-main/Rex/Ransomware.Rex.zip
.zip
Ransomware-Samples-main/Satana/Ransomware.Satana.zip
.zip
Ransomware-Samples-main/TeslaCrypt/Ransomware.TeslaCrypt.zip
.zip
Ransomware-Samples-main/Thanos/Ransomware.Thanos.zip
.zip
Ransomware-Samples-main/Unnamed_0/Ransomware.Unnamed_0.zip
.zip
Ransomware-Samples-main/Vipasana/Ransomware.Vipasana.zip
.zip
Ransomware-Samples-main/WannaCry/Ransomware.WannaCry.zip
.zip
Ransomware-Samples-main/WannaCry_Plus/Ransomware.WannaCry_Plus.zip
.zip
Ransomware-Samples-main/ransomware.png
.png

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Password: infected

9d6ed8d049bc10bc45b1995cb6f7f4b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

msvcrt

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 49KB - Virtual size: 48KB

Password: infected

Password: infected

edbc0337cc897a187d263d79c09c15c7

Headers

DLL Characteristics

File Characteristics

Imports

user32

comdlg32

advapi32

dbghelp

comctl32

kernel32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 104KB - Virtual size: 51.8MB

.rsrc Size: 90KB - Virtual size: 90KB

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

!mmUPp Size: 209KB - Virtual size: 208KB

.text Size: 70KB - Virtual size: 70KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Password: infected

0fcea3af550ad0a893e93808dccf17f4

Headers

File Characteristics

Imports

advapi32

user32

imm32

rasapi32

kernel32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 3.7MB

.rsrc Size: 104KB - Virtual size: 100KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 49KB - Virtual size: 48KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 104KB - Virtual size: 51.8MB

.rsrc
Size: 90KB - Virtual size: 90KB

!mmUPp
Size: 209KB - Virtual size: 208KB

.text
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 3.7MB

.rsrc
Size: 104KB - Virtual size: 100KB