d:\dbs\el\dec\target\x86\ship\groove\x-none\GrooveEX.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0df7e5ee6c4e20a3f2e0e2b798901b2574d0463b20b9f4a3463a91e89015ac5a.dll
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
0df7e5ee6c4e20a3f2e0e2b798901b2574d0463b20b9f4a3463a91e89015ac5a
-
Size
3.1MB
-
MD5
8fd60d3a7b39d49e9f3b2d630e0f6b34
-
SHA1
52c0fc838e2ae08c3839266f31714f9f531f4072
-
SHA256
0df7e5ee6c4e20a3f2e0e2b798901b2574d0463b20b9f4a3463a91e89015ac5a
-
SHA512
e7390bb34c2749b4243d3ec5dfaffc8768e837c8e3e6b28c9b3e3ec362785e2d6c2f884727cea4fb97c06400b8a0a58a73eb512338c19958dc01c957ca6878b5
-
SSDEEP
98304:uPIsVLrn6KLJMtKCagHQwIabjKoh9WcUoUuvfb:uws9rfjvRGv
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0df7e5ee6c4e20a3f2e0e2b798901b2574d0463b20b9f4a3463a91e89015ac5a
Files
-
0df7e5ee6c4e20a3f2e0e2b798901b2574d0463b20b9f4a3463a91e89015ac5a.dll regsvr32 windows:6 windows x86 arch:x86
4ac7b099cb61eebe2a4f46a672345e17
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
EventRegister
EventUnregister
RegGetValueW
RegEnumValueA
RegDeleteValueA
RegQueryValueExW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
EventWriteTransfer
OpenProcessToken
RegEnumKeyW
CryptAcquireContextA
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetLengthSid
RegQueryValueExA
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
CopySid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CreateWellKnownSid
EqualSid
OpenThreadToken
RegCreateKeyExA
RegSetValueExA
RevertToSelf
RegOpenKeyExA
gdi32
SetLayout
LPtoDP
DeleteObject
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
TextOutW
SetTextAlign
SetMapMode
SaveDC
RestoreDC
GetDeviceCaps
DeleteMetaFile
DeleteDC
CreateRectRgnIndirect
CreateMetaFileW
CreateDCW
CloseMetaFile
kernel32
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
FreeLibrary
LoadLibraryExW
GetFileAttributesW
GetModuleHandleExW
LocalFree
TlsFree
FlsFree
TlsAlloc
FlsAlloc
TlsGetValue
FlsGetValue
TlsSetValue
FlsSetValue
CompareStringEx
GetLocaleInfoEx
CloseHandle
ReleaseSemaphore
WaitForSingleObjectEx
CreateEventExW
ResetEvent
SetEvent
MapViewOfFile
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoW
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
GetUserDefaultLCID
GetNumberFormatW
GetSystemDirectoryW
GetTickCount64
MultiByteToWideChar
ReadFile
WriteFile
UnmapViewOfFile
CreateFileW
LockResource
LoadResource
FindResourceW
CreateFileMappingW
GetUserDefaultLocaleName
IsValidCodePage
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetStringTypeExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
SizeofResource
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
OpenProcess
GetCurrentProcessId
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetDateFormatEx
GetCalendarInfoEx
GetThreadUILanguage
GetStringTypeW
GetVersionExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetDiskFreeSpaceExW
GetWindowsDirectoryW
FormatMessageW
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
CompareFileTime
ApplicationRecoveryFinished
Sleep
GlobalFree
ReleaseMutex
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
Thread32Next
SuspendThread
RaiseFailFastException
ExitProcess
GetModuleHandleW
DuplicateHandle
CopyFileW
SetEndOfFile
SetFilePointer
DeleteFileW
GetTempFileNameW
GetFileAttributesExW
SetFileAttributesW
GetFileInformationByHandleEx
FindNextFileW
FindClose
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
GetLongPathNameW
FlushInstructionCache
VirtualQuery
LocalAlloc
FindAtomW
GetCommandLineW
FindFirstFileW
FlushFileBuffers
GetFileSize
GetFinalPathNameByHandleW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
CreateSemaphoreW
GetTickCount
CreateThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
lstrcmpiW
MoveFileW
GetTimeZoneInformation
GetTimeFormatW
GetCurrencyFormatW
ConvertDefaultLocale
EnumSystemLocalesW
SetProcessDEPPolicy
GetSystemInfo
SetUnhandledExceptionFilter
GetDateFormatW
GetCurrentDirectoryW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
FlushViewOfFile
GlobalMemoryStatus
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetModuleHandleA
OpenFileMappingA
CreateSemaphoreA
OpenSemaphoreA
CreateMutexA
OpenMutexA
CreateEventA
OpenEventA
GetLogicalProcessorInformationEx
GetProcessAffinityMask
QueryDepthSList
RtlCaptureStackBackTrace
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
GetModuleFileNameW
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
VirtualProtect
UnhandledExceptionFilter
K32GetModuleBaseNameW
IsSystemResumeAutomatic
GetSystemPowerStatus
CreateMemoryResourceNotification
QueryFullProcessImageNameW
WerUnregisterMemoryBlock
WerRegisterMemoryBlock
CreateThread
GetQueuedCompletionStatus
GetThreadIOPendingFlag
PostQueuedCompletionStatus
CreateIoCompletionPort
QueueUserWorkItem
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SubmitThreadpoolWork
GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError
RaiseException
DecodePointer
EncodePointer
OutputDebugStringA
CreateFileMappingA
GetProcAddress
CreateMutexW
WaitForMultipleObjectsEx
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
GetCurrentThread
K32EnumProcessModules
K32GetModuleInformation
VirtualProtectEx
ole32
CoTaskMemRealloc
StringFromIID
CoInitializeEx
CoUninitialize
CLSIDFromProgID
StringFromCLSID
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoCreateFreeThreadedMarshaler
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleSaveToStream
CreateDataAdviseHolder
WriteClassStm
ReadClassStm
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
IIDFromString
ProgIDFromCLSID
oleaut32
SetErrorInfo
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
SafeArrayAccessData
OleCreatePropertyFrame
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
VarDateFromStr
VariantTimeToSystemTime
SysReAllocStringLen
GetErrorInfo
LoadRegTypeLi
LoadTypeLibEx
VarUI4FromStr
VariantCopyInd
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayDestroy
SysAllocStringLen
VariantChangeType
vcruntime140
__std_type_info_name
memcmp
memmove
strchr
wcsstr
wcschr
_except_handler4_common
__std_exception_copy
__std_exception_destroy
wcsrchr
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_terminate
_purecall
__std_type_info_compare
memchr
__std_type_info_destroy_list
msvcp140
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
_Wcscoll
_Wcsxfrm
?id@?$collate@_W@std@@2V0locale@2@A
?is@?$ctype@_W@std@@QBE_NF_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_sleep
_Xtime_get_ticks
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Incref@facet@locale@std@@UAEXXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
_Query_perf_counter
_Query_perf_frequency
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
api-ms-win-crt-heap-l1-1-0
calloc
free
malloc
realloc
_recalloc
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsnprintf_s
__stdio_common_vswscanf
__stdio_common_vsprintf_s
api-ms-win-crt-string-l1-1-0
_stricmp
_wcsnicmp
wcstok_s
strcmp
_towupper_l
_wcsicmp
isdigit
wcsncmp
wcsncpy_s
wcsnlen
towlower
strncpy_s
wcscmp
iswspace
isxdigit
wcspbrk
wcscpy_s
tolower
wcscat_s
wcsncat_s
strnlen
api-ms-win-crt-math-l1-1-0
_except1
_libm_sse2_log_precise
_libm_sse2_exp_precise
_libm_sse2_pow_precise
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
terminate
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_get_errno
_errno
_clearfp
_initterm
_initterm_e
_set_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_endthreadex
_beginthreadex
_beginthread
api-ms-win-crt-convert-l1-1-0
strtol
wcstol
_i64tow_s
_ultow_s
wcstoul
_wcstoi64
_wcstoui64
wcstod
_wtoi
_ltow_s
_ui64toa_s
_wtof
_itow_s
api-ms-win-crt-locale-l1-1-0
_create_locale
__initialize_lconv_for_unsigned_char
localeconv
api-ms-win-crt-time-l1-1-0
_difftime64
_mktime64
_localtime64_s
_ftime64_s
_time64
api-ms-win-crt-utility-l1-1-0
div
api-ms-win-crt-filesystem-l1-1-0
_wsplitpath_s
_wfullpath
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExecuteSPFSVerbW
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 521KB - Virtual size: 521KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 742KB - Virtual size: 744KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ