D:\a\xenia-canary\xenia-canary\build\bin\Windows\Release\xenia_canary.pdb
Static task
static1
1 signatures
General
-
Target
Xenia Canary.exe
-
Size
10.4MB
-
MD5
2137fe305095578ae8f5043578978ba9
-
SHA1
4b29500ac6b30a9fa353e550734bbc640f2c848e
-
SHA256
f87722f4644999ae6d0ce5e08fb116ff87c5e1881866f9f0d47c3b7c2e90c926
-
SHA512
7d92be588781d8d3df8a4b57e314bdac2080e23ec1e341d40f670a5ca51053610a097c503b3906dcd2971e3ef5dc104b5be23eac30d310a32debb05a56c69a0d
-
SSDEEP
98304:Sc9KwZgBgCTqOIQgSYlSg8SVDAlq2htvDOM:SMK9fImUAlq2htqM
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Xenia Canary.exe
Files
-
Xenia Canary.exe.exe windows:6 windows x64 arch:x64
285c2ff90f0a7469fa7a58fcd9d249bf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
WakeAllConditionVariable
SleepConditionVariableSRW
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetLocaleInfoA
GetSystemPowerStatus
GetModuleHandleExW
CompareStringA
MulDiv
SetThreadExecutionState
GlobalMemoryStatusEx
VerifyVersionInfoW
GetOverlappedResult
CreateFileA
FormatMessageW
CancelIo
SetEnvironmentVariableA
GetEnvironmentVariableA
ReleaseSemaphore
InitializeConditionVariable
Process32Next
CreateToolhelp32Snapshot
Process32First
OutputDebugStringW
SetErrorMode
GetFileSizeEx
GetModuleFileNameW
WaitNamedPipeW
PeekNamedPipe
LoadLibraryA
VirtualAlloc
VirtualFree
RemoveVectoredContinueHandler
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
MapViewOfFileEx
MapViewOfFile
CreateFileMappingW
GetFileSize
GetSystemInfo
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
InitializeCriticalSectionEx
TryEnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
WakeConditionVariable
InitializeSRWLock
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetTickCount
GetConsoleMode
ExitProcess
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetFileInformationByHandleEx
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
FormatMessageA
WaitForSingleObject
FlushInstructionCache
VirtualProtect
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
DeleteTimerQueueTimer
GlobalAddAtomW
GlobalDeleteAtom
CreateTimerQueueTimer
GetThreadContext
GetSystemTimeAsFileTime
AllocConsole
AttachConsole
GetStdHandle
FreeLibrary
LocalFree
LoadLibraryW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetFileAttributesExW
CreateFileW
FindClose
SetEndOfFile
WriteFile
FindNextFileW
FindFirstFileW
ReadFile
TlsGetValue
SleepEx
CreateSemaphoreW
GetModuleHandleW
GetThreadId
GetProcAddress
QueueUserAPC
CreateThread
RaiseException
GetThreadPriority
TlsAlloc
WaitForSingleObjectEx
TerminateThread
GetCurrentThread
GetLastError
CreateEventW
CancelWaitableTimer
GetModuleHandleA
ExitThread
ResumeThread
SuspendThread
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
SetThreadPriority
SignalObjectAndWait
GetProcessAffinityMask
CreateWaitableTimerW
SetProcessAffinityMask
GetCurrentProcess
TlsSetValue
SetWaitableTimer
SetThreadAffinityMask
QueryPerformanceCounter
GetCurrentProcessId
CloseHandle
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
IsDebuggerPresent
OutputDebugStringA
WriteConsoleW
user32
GetClipboardSequenceNumber
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MapVirtualKeyW
GetKeyboardState
EnumDisplayDevicesW
EnumDisplayMonitors
SetForegroundWindow
PtInRect
GetDoubleClickTime
IsIconic
GetClassInfoExW
KillTimer
ClipCursor
GetUpdateRect
IsRectEmpty
GetForegroundWindow
GetClipCursor
TrackMouseEvent
GetRawInputData
PeekMessageW
SetTimer
UnregisterClassW
GetSystemMetrics
CallNextHookEx
GetPropW
GetMenu
GetWindowRect
CallWindowProcW
GetMessageExtraInfo
RegisterClassExA
UnregisterDeviceNotification
GetWindowTextW
UnregisterClassA
MessageBoxA
CreateWindowExA
RegisterDeviceNotificationW
RegisterWindowMessageA
GetDesktopWindow
SystemParametersInfoW
DrawTextW
GetDlgItem
SystemParametersInfoA
DialogBoxIndirectParamW
EndDialog
MessageBoxW
GetCursorPos
ReleaseDC
InvalidateRect
ReleaseCapture
CreateMenu
GetParent
AppendMenuW
GetMenuInfo
GetClientRect
SetWindowLongW
RegisterClassW
SetCapture
DrawMenuBar
LoadCursorW
LoadIconW
SetPropW
SetFocus
DestroyMenu
SetMenu
ValidateRect
SetMenuInfo
SetWindowPlacement
ClientToScreen
GetMonitorInfoW
DestroyIcon
GetCapture
ShowWindow
GetClassLongPtrW
GetWindowPlacement
WindowFromPoint
RegisterClassExW
GetWindowLongPtrW
CreatePopupMenu
SetWindowTextW
SendMessageW
ScreenToClient
CreateWindowExW
SetWindowLongPtrW
MonitorFromWindow
SetWindowPos
GetDC
DestroyWindow
GetFocus
CreateIconFromResourceEx
GetKeyState
AdjustWindowRectEx
DefWindowProcW
GetWindowLongW
PostQuitMessage
TranslateMessage
DispatchMessageW
PostMessageW
GetMessageW
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
GetRawInputDeviceList
GetRawInputDeviceInfoA
PostThreadMessageW
FlashWindowEx
SetWindowsHookExW
IntersectRect
SetLayeredWindowAttributes
UnhookWindowsHookEx
EnableMenuItem
CreateIconFromResource
IsClipboardFormatAvailable
GetWindowTextLengthW
RegisterRawInputDevices
SetCursorPos
CreateIconIndirect
CopyImage
SetWindowRgn
ToUnicode
RemovePropW
SetCursor
GetKeyboardLayout
ole32
PropVariantClear
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext
VerSetConditionMask
RtlInstallFunctionTableCallback
RtlDeleteFunctionTable
dwmapi
DwmSetWindowAttribute
shlwapi
ord219
dxgi
CreateDXGIFactory1
wsock32
WSAGetLastError
connect
setsockopt
inet_ntoa
sendto
__WSAFDIsSet
socket
htonl
ioctlsocket
WSAStartup
send
getsockopt
accept
bind
closesocket
ntohl
getsockname
listen
select
recv
shutdown
recvfrom
bcrypt
BCryptOpenAlgorithmProvider
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptImportKeyPair
BCryptGenRandom
imm32
ImmNotifyIME
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContext
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmGetCandidateListW
msvcp140
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
??0_Locinfo@std@@QEAA@PEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_id
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Mtx_trylock
_Thrd_hardware_concurrency
_Thrd_yield
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Strcoll
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Cnd_init_in_situ
_Cnd_wait
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_broadcast
_Cnd_destroy_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Mbrtowc
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
_Cnd_timedwait
_Mtx_current_owns
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
_Cnd_signal
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcpy
memchr
memcmp
memmove
__RTDynamicCast
memset
_CxxThrowException
__current_exception_context
__current_exception
strrchr
__std_type_info_compare
strstr
__RTtypeid
__std_type_info_name
__C_specific_handler
strchr
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
api-ms-win-crt-heap-l1-1-0
free
_aligned_realloc
_set_new_mode
realloc
_aligned_free
calloc
malloc
_callnewh
_aligned_malloc
api-ms-win-crt-math-l1-1-0
frexp
log2f
llrint
__setusermatherr
acos
asin
atan
cos
cosh
round
trunc
exp
exp2
ldexp
exp2f
fabs
log
sin
sinh
tan
tanh
scalbnf
_ldsign
lround
hypot
_copysign
truncf
_dclass
atan2
pow
sqrt
_fdopen
_fdsign
scalbn
sinf
_dsign
roundf
_fdclass
_ldclass
acosf
asinf
atan2f
lroundf
atanf
log2
cosf
expf
nanf
fmod
fmodf
log10
log10f
logf
powf
sqrtf
tanf
api-ms-win-crt-runtime-l1-1-0
_errno
exit
_get_wpgmptr
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_invalid_parameter_noinfo_noreturn
quick_exit
_beginthreadex
terminate
abort
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
signal
api-ms-win-crt-stdio-l1-1-0
_isatty
__stdio_common_vsnprintf_s
_fseeki64
_open_osfhandle
freopen_s
_ftelli64
__acrt_iob_func
__p__commode
_fileno
fwrite
_set_fmode
fgets
fputc
fgetc
fgetpos
fflush
fclose
__stdio_common_vsprintf
ferror
__stdio_common_vsprintf_s
setvbuf
ungetc
fsetpos
_get_stream_buffer_pointers
__stdio_common_vfprintf
ftell
fread
fseek
__stdio_common_vsscanf
_chsize_s
fputs
fopen_s
_wfopen
api-ms-win-crt-string-l1-1-0
iscntrl
strcmp
isalpha
isupper
toupper
isalnum
isxdigit
strspn
_strdup
strcspn
isgraph
_strnicmp
strncmp
isspace
isprint
islower
isdigit
_wcsnicmp
strncpy
_stricmp
_wcsicmp
_strrev
tolower
ispunct
api-ms-win-crt-time-l1-1-0
_gmtime64
clock
_time64
_localtime64
_mktime64
_mkgmtime64
api-ms-win-crt-convert-l1-1-0
strtoul
strtoll
strtod
wcstombs
atof
strtol
strtoull
atoi
api-ms-win-crt-environment-l1-1-0
_wgetenv_s
getenv
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
localeconv
api-ms-win-crt-utility-l1-1-0
bsearch
qsort
gdi32
CreateBitmap
CreateCompatibleDC
GetTextExtentPoint32A
GetTextMetricsW
CreateFontIndirectW
GetICMProfileW
CreateDCW
DeleteDC
GetStockObject
SelectObject
GetDeviceCaps
BitBlt
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
CreateCompatibleBitmap
GetDIBits
CreateRectRgn
CombineRgn
CreateDIBSection
DeleteObject
shell32
DragFinish
DragAcceptFiles
DragQueryFileW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW
ExtractIconExW
winmm
waveInClose
waveOutOpen
waveOutGetErrorTextW
waveOutWrite
waveInPrepareHeader
waveOutGetNumDevs
timeBeginPeriod
waveOutGetDevCapsW
waveInReset
waveInAddBuffer
waveInOpen
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutClose
waveOutReset
waveOutPrepareHeader
waveInGetDevCapsW
timeEndPeriod
waveInGetNumDevs
waveInStart
setupapi
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
CM_Get_Device_IDA
SetupDiEnumDeviceInfo
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
advapi32
RegQueryValueExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
oleaut32
SysFreeString
Exports
Exports
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
Sections
.text Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.cold Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4.4MB - Virtual size: 4.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 318KB - Virtual size: 6.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 227KB - Virtual size: 227KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 173KB - Virtual size: 173KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ