Target
s1uu.zip
Size
3.8MB
MD5
8837577d5d0ea16bf7605cd7ab407e87
SHA1
9fbf620c7f81dcebe3a54162017d73c66d411688
SHA256
23e4766ee43beb4c0ad4ffa1d09470fdc5f4cf951332330d2992924b86d8b31d
SHA512
b4315930c0a1ee8a9f364596cee535f5ff8021f4d1f94ebc13957845d780f018982636f148439c8cb93ea04a1ae7225ae49b3b9290e146ad841a8cf0e72649e7
SSDEEP
98304:4URcHidwYUTz6RorLueqqhVMKwifLeB/lPeQSgxX:4UCHW1w6equVMKwiz6tbxX
| resource | yara_rule |
|---|---|
| static1/unpack001/siuu/eso/eso.exe | upx |
Checks for missing Authenticode signature.
| resource |
|---|
| unpack001/siuu/eso/eso.exe |
| unpack002/out.upx |
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
wcscpy_s
??_V@YAXPAX@Z
free
_purecall
_wtof
wcstoul
_vsnprintf
_snwprintf_s
memcpy_s
_wcstoui64
wcschr
_amsg_exit
_ftol2_sse
realloc
_errno
_ftol2
wcstod
_wcstoi64
_initterm
floor
_vsnwprintf
_wcsupr
_wcsdup
_wtol
wcsstr
_unlock
_except_handler4_common
_itow_s
_wcsicmp
wcscspn
_wtoi
_callnewh
wcsrchr
toupper
memmove_s
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
memcmp
__CxxFrameHandler3
memcpy
memmove
_lock
malloc
_XcptFilter
_onexit
__dllonexit
mbstowcs_s
memset
RtlUpcaseUnicodeChar
RtlNtStatusToDosError
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
FileTimeToDosDateTime
NdrCStdStubBuffer2_Release
ord19
ord22
ord13
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord18
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
ord17
ord21
CStdStubBuffer2_Disconnect
ord2
ord25
ord11
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
ord15
CStdStubBuffer_QueryInterface
ord24
ord23
ord10
ord6
CStdStubBuffer2_QueryInterface
ord16
CStdStubBuffer_AddRef
ord33
ord34
ord5
ord7
ord8
CStdStubBuffer2_Connect
ord9
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
ord32
CStdStubBuffer_CountRefs
ord14
ord12
ord20
SizeofResource
GetModuleHandleW
FindResourceExW
FreeLibrary
LockResource
FreeResource
LoadStringW
GetModuleFileNameA
LoadResource
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress
LCMapStringEx
GetLocaleInfoEx
GetUserGeoID
FormatMessageW
GetUserDefaultLocaleName
GetGeoInfoW
OpenThreadToken
GetCurrentProcessId
GetProcessId
GetCurrentThread
OpenThread
GetProcessIdOfThread
TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
OutputDebugStringW
IsDebuggerPresent
DebugBreak
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
CloseHandle
SetEvent
ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionEx
ResetEvent
WaitForMultipleObjectsEx
InitializeCriticalSection
WaitForSingleObject
OpenSemaphoreW
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventExW
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
CreateEventW
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
NdrClientCall4
UuidFromStringW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerInqCallAttributesW
I_RpcBindingInqLocalClientPID
IUnknown_QueryInterface_Proxy
NdrOleAllocate
IUnknown_Release_Proxy
NdrOleFree
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrDllGetClassObject
UuidCreate
CompareStringW
CompareStringOrdinal
MultiByteToWideChar
ExpandEnvironmentStringsA
Sleep
WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW
QueryPerformanceCounter
GetTickCount64
GetLocalTime
GetTickCount
GetVersionExA
GetSystemTime
GetSystemTimeAsFileTime
EventRegister
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventActivityIdControl
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
ConvertSidToStringSidW
LocalFree
LocalAlloc
DeleteFileA
SetFilePointer
GetFileInformationByHandle
ReadFile
CreateFileA
CompareFileTime
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
FindClose
FindFirstFileA
CreateDirectoryW
CreateFileW
GetFileSize
DeleteFileW
WriteFile
CheckTokenMembershipEx
GetTempFileNameA
GetTempPathA
ord10
ord13
ord14
ord11
RegGetValueW
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegSetKeyValueW
RegDeleteKeyValueW
PathCchAddExtension
PathCchAppendEx
GetCurrencyFormatEx
CreateRandomAccessStreamOverStream
UrlEscapeW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW
ResolveDelayLoadedAPI
DelayLoadFailureHook
QueueUserWorkItem
FlushTraceW
QueryTraceW
PathCombineA
PathRemoveFileSpecA
PathAppendA
GlobalFree
CapabilityCheck
ord85
ord74
ord89
ord76
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpReadData
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect
WinHttpCrackUrl
WsCreateError
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateReader
WsFreeReader
WsFreeHeap
WsFreeError
WsCreateHeap
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars
ApiSetQueryApiSetPresence
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
_callnewh
_wtoi
wcscspn
_wtof
wcstoul
_vsnprintf
_snwprintf_s
_wcstoui64
wcschr
wcsrchr
wcstod
_wcstoi64
_wcsdup
_wtol
toupper
wcsstr
floor
_itow_s
_wcsicmp
memcmp
memcpy
memmove
memset
mbstowcs_s
memmove_s
strcmp
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
_wcsupr
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
wcscpy_s
??_V@YAXPEAX@Z
__C_specific_handler
free
_purecall
memcpy_s
_vsnwprintf
wcscmp
RtlUpcaseUnicodeChar
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
FileTimeToDosDateTime
ord12
ord14
ord2
ord13
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_QueryInterface
ord7
ord9
CStdStubBuffer_DebugServerRelease
ord24
CStdStubBuffer_IsIIDSupported
ord15
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
ord23
ord20
ord21
ord17
NdrCStdStubBuffer2_Release
ord8
ord19
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord10
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_Disconnect
ord6
CStdStubBuffer2_QueryInterface
CStdStubBuffer_AddRef
ord22
ord33
ord34
ord11
CStdStubBuffer2_Connect
ord18
ord32
ord25
ord5
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
FreeResource
LockResource
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
GetGeoInfoW
GetUserDefaultLocaleName
GetUserGeoID
LCMapStringEx
FormatMessageW
GetLocaleInfoEx
GetProcessId
TerminateProcess
OpenThread
GetCurrentProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
GetProcessIdOfThread
GetCurrentThreadId
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc
OutputDebugStringW
IsDebuggerPresent
DebugBreak
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
ReleaseSRWLockExclusive
CreateMutexExW
InitializeSRWLock
ResetEvent
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
DecodePointer
EncodePointer
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
UuidFromStringW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
UuidCreate
RpcStringFreeW
NdrClientCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
CompareStringOrdinal
CompareStringW
MultiByteToWideChar
ExpandEnvironmentStringsA
Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetVersionExA
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetLocalTime
EventActivityIdControl
EventUnregister
EventRegister
EventProviderEnabled
EventWriteTransfer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
ImpersonateLoggedOnUser
DuplicateTokenEx
GetLengthSid
CopySid
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetTokenInformation
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
ConvertSidToStringSidW
LocalAlloc
LocalFree
GetFileSize
WriteFile
CompareFileTime
DeleteFileA
CreateFileA
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
CreateDirectoryW
ReadFile
DeleteFileW
CreateFileW
FindClose
FindFirstFileA
GetFileInformationByHandle
SetFilePointer
CheckTokenMembershipEx
GetTempFileNameA
GetTempPathA
ord14
ord10
ord13
ord11
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegSetKeyValueW
RegDeleteKeyValueW
PathCchAppendEx
PathCchAddExtension
GetCurrencyFormatEx
CreateRandomAccessStreamOverStream
UrlEscapeW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
ResolveDelayLoadedAPI
DelayLoadFailureHook
QueueUserWorkItem
QueryTraceW
FlushTraceW
PathCombineA
PathAppendA
PathRemoveFileSpecA
GlobalFree
CapabilityCheck
ord74
ord85
ord76
ord89
WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen
WsCreateReader
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateError
WsCreateHeap
WsFreeReader
WsFreeHeap
WsFreeError
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars
ApiSetQueryApiSetPresence
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
SysFreeString
SysReAllocStringLen
SysAllocStringLen
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CloseHandle
Sleep
InitCommonControls
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ