Static task
static1
Behavioral task
behavioral1
Sample
2024-02-18_d29fc53b6917abd1331024211fc31b89_jaff.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral2
Sample
2024-02-18_d29fc53b6917abd1331024211fc31b89_jaff.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
2024-02-18_d29fc53b6917abd1331024211fc31b89_jaff
-
Size
24.0MB
-
MD5
d29fc53b6917abd1331024211fc31b89
-
SHA1
30015d5d39ab39aa941a13710720c41d8ccb6790
-
SHA256
b2c6377f48f87278e25866ffb13d7ca4a99735ff3795f49ca91ce6b2a8915c99
-
SHA512
8c34a0d37c603cade85525db82b39499c58eab7383ec09c9cd6b14d9ab970b2dfdcdfa8d407707903287577fa37c128cbbb16bcb68bd3a98be804c49296932f0
-
SSDEEP
393216:pHFM+ej83cMDUsPgST8i7j0bk5CsBZtmV0O8RcuJiSLoYAVFhXVxCpbHTQcRCHjL:XuMDUsPgST8i7jocZtmV0O8RcuJiSLoI
Malware Config
Signatures
-
Detects executables built or packed with MPress PE compressor 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_MPress -
Detects executables containing possible sandbox analysis VM usernames 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_EXE_SandboxUserNames -
Detects executables packed with Enigma 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_Enigma -
Detects executables packed with RLPACK 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_RLPack -
Detects executables packed with VMProtect. 1 IoCs
resource yara_rule sample INDICATOR_EXE_Packed_VMProtect -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule sample autoit_exe -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-02-18_d29fc53b6917abd1331024211fc31b89_jaff
Files
-
2024-02-18_d29fc53b6917abd1331024211fc31b89_jaff.exe windows:6 windows x64 arch:x64
c9325bf101dbc6deea9c68fced5acde8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
libcrypto-3-x64
ASN1_BMPSTRING_it
ASN1_OCTET_STRING_it
ASN1_BIT_STRING_it
ASN1_OBJECT_it
ASN1_ANY_it
TS_VERIFY_CTX_set_certs
TS_VERIFY_CTX_set_store
TS_VERIFY_CTX_set_imprint
TS_VERIFY_CTX_set_flags
TS_VERIFY_CTX_init
TS_VERIFY_CTX_new
TS_RESP_verify_token
TS_TST_INFO_get_time
TS_TST_INFO_get_msg_imprint
TS_MSG_IMPRINT_get_msg
TS_MSG_IMPRINT_get_algo
PKCS7_to_TS_TST_INFO
TS_TST_INFO_free
X509_find_by_issuer_and_serial
PKCS7_ATTR_VERIFY_it
d2i_PKCS7_SIGNER_INFO
PKCS7_SIGNER_INFO_free
EVP_PKEY_verify_recover
EVP_PKEY_verify_recover_init
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new
ASN1_item_i2d
EVP_DigestFinal_ex
EVP_DigestInit_ex
ASN1_TIME_to_tm
ASN1_item_new
ASN1_item_free
ASN1_item_d2i
X509_NAME_ENTRY_get_object
X509_NAME_get_entry
X509_NAME_entry_count
X509_get0_pubkey
X509_get0_notAfter
X509_get0_notBefore
X509_get_subject_name
X509_get_issuer_name
X509_get_serialNumber
X509_get_version
X509_NAME_oneline
X509_get_signature_nid
i2d_PUBKEY
X509_digest
X509_STORE_CTX_get0_chain
X509_STORE_CTX_init
X509_STORE_CTX_free
X509_STORE_CTX_new
X509_STORE_free
X509_STORE_new
X509_verify_cert
EVP_PKEY_get_base_id
EVP_sha256
EVP_sha1
EVP_EncodeFinal
EVP_EncodeUpdate
EVP_EncodeInit
EVP_ENCODE_CTX_free
EVP_ENCODE_CTX_new
OBJ_obj2txt
OBJ_nid2sn
OBJ_nid2obj
i2d_ASN1_INTEGER
X509_ATTRIBUTE_get0_type
X509_ATTRIBUTE_count
X509at_get_attr
X509at_get_attr_by_NID
ASN1_IA5STRING_it
X509_NAME_ENTRY_get_data
PKCS7_get0_signers
PKCS7_get_signed_attribute
PKCS7_get_signer_info
PKCS7_dataInit
PKCS7_signatureVerify
d2i_PKCS7
PKCS7_free
EVP_get_digestbyname
EVP_DigestFinal
EVP_DigestInit
EVP_DigestUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_MD_get_size
OBJ_create
OBJ_txt2nid
OBJ_obj2nid
OBJ_nid2ln
ASN1_STRING_to_UTF8
ASN1_get_object
ASN1_INTEGER_get_uint64
BIO_new_mem_buf
BIO_free_all
BIO_read
CRYPTO_free
OPENSSL_sk_free
OPENSSL_sk_value
OPENSSL_sk_num
SHA256
MD5
kernel32
RtlLookupFunctionEntry
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
InitOnceComplete
InitOnceBeginInitialize
RtlVirtualUnwind
GetFileInformationByHandleEx
AreFileApisANSI
GetFullPathNameW
GetFileAttributesExW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
CreateJobObjectA
GlobalMemoryStatusEx
FormatMessageA
LocalFree
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
GetExitCodeProcess
TerminateProcess
SearchPathW
FreeLibrary
DeleteCriticalSection
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
SetConsoleMode
GetConsoleMode
GetModuleHandleW
GetNativeSystemInfo
GetProcessTimes
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
GetModuleFileNameW
VirtualQuery
GetSystemTime
SetLastError
DuplicateHandle
SetFileTime
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileInformationByHandle
GetFileAttributesW
FlushFileBuffers
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
WriteConsoleW
GetFileType
SetConsoleCtrlHandler
LoadLibraryW
GetProcAddress
GetCurrentThread
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
CloseHandle
WaitForSingleObject
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileA
GetFileSizeEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
GetSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
RtlCaptureContext
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
shell32
SHGetKnownFolderPath
ole32
CoTaskMemFree
advapi32
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegGetValueW
CryptAcquireContextW
msvcp140
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
_Thrd_sleep
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?eof@ios_base@std@@QEBA_NXZ
?fail@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
_Strcoll
??1_Lockit@std@@QEAA@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??0_Lockit@std@@QEAA@H@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_join
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?good@ios_base@std@@QEBA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
vcruntime140
_purecall
memchr
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
__intrinsic_setjmp
__current_exception_context
__current_exception
memcpy
__C_specific_handler
longjmp
strstr
strrchr
__std_type_info_compare
__RTDynamicCast
memmove
strchr
memset
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0
_set_app_type
_beginthreadex
_crt_atexit
abort
feclearexcept
fetestexcept
_cexit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
__p___argv
__p___argc
_initterm_e
signal
_wassert
_set_error_mode
_set_abort_behavior
_exit
_initterm
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv
_errno
exit
_register_onexit_function
_get_initial_narrow_environment
terminate
api-ms-win-crt-heap-l1-1-0
malloc
free
calloc
_set_new_mode
realloc
_callnewh
_heapwalk
api-ms-win-crt-convert-l1-1-0
strtod
strtol
strtoll
strtoull
atof
_strtoi64
atoi
api-ms-win-crt-filesystem-l1-1-0
remove
_unlock_file
_lock_file
_wfullpath
api-ms-win-crt-math-l1-1-0
sin
__setusermatherr
_dclass
ldexp
log10
pow
log
_fpclass
exp
log2l
acos
asin
sqrt
round
atan
atan2
ceilf
cos
cosh
floor
fabs
fmod
sinh
exp2
tan
rint
ceil
tanh
log2
api-ms-win-crt-stdio-l1-1-0
_lseek
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
fputc
fread
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_write
getc
clearerr
__stdio_common_vsscanf
feof
_sopen_s
_filelength
_read
__p__commode
_set_fmode
_close
_get_osfhandle
_lseeki64
_isatty
__acrt_iob_func
fopen
ferror
fseek
ftell
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
_setmode
_fileno
_open_osfhandle
puts
api-ms-win-crt-string-l1-1-0
strcmp
iscntrl
islower
isxdigit
strncmp
isalnum
isalpha
isprint
isspace
strncpy
isdigit
_stricmp
tolower
_strdup
toupper
isupper
strnlen
_strnicmp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
qsort
srand
rand
api-ms-win-crt-time-l1-1-0
_time64
_localtime64
strftime
_mkgmtime64
_gmtime64
clock
_localtime64_s
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
Sections
.text Size: 14.4MB - Virtual size: 14.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7.4MB - Virtual size: 7.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.4MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 427KB - Virtual size: 426KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 389KB - Virtual size: 389KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ