D:\work\fhdjclt\steam_plugin\SteamPlugin\bin\auclt.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-05-03_12250fbab5d949fb3dd499edc22c1530_avoslocker_revil.exe
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-03_12250fbab5d949fb3dd499edc22c1530_avoslocker_revil.exe
Resource
win10v2004-20240419-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-05-03_12250fbab5d949fb3dd499edc22c1530_avoslocker_revil
-
Size
4.3MB
-
MD5
12250fbab5d949fb3dd499edc22c1530
-
SHA1
57621099a0bbd078a9c4ea873d7520b0a55b80c2
-
SHA256
f8b5e0d49cd5e1be1d6737232a2012cabef225606701952ccc5d753e4dfbc602
-
SHA512
7ccb551f8d652f5292168683a1e32602737588ae08ffbfc9525ec2e5b2873ff3fbbe90646d84971136cd04d53ee21b1fe23bb59929d13b406ff230077f3f0f85
-
SSDEEP
98304:bznIF6aAJJSvKUb3KksNkPMyVV8BLF49GkijLdK8ofDl7pt:vn0AneNCsV85jhK8ofDl9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-03_12250fbab5d949fb3dd499edc22c1530_avoslocker_revil
Files
-
2024-05-03_12250fbab5d949fb3dd499edc22c1530_avoslocker_revil.exe windows:6 windows x86 arch:x86
280df2a09ab8311aad9219a1b0b61162
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
WSACleanup
WSAStartup
gethostbyname
freeaddrinfo
htonl
getaddrinfo
ntohs
gethostname
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
setsockopt
socket
WSAIoctl
accept
listen
recvfrom
sendto
ioctlsocket
shutdown
getservbyname
recv
wldap32
ord60
ord50
ord211
ord46
ord22
ord26
ord27
ord32
ord33
ord35
ord41
ord79
ord30
ord200
ord301
ord143
kernel32
SystemTimeToFileTime
lstrcpynW
SetThreadPriority
CreateThread
SetNamedPipeHandleState
DisconnectNamedPipe
ReadFileEx
WaitNamedPipeW
FlushFileBuffers
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
GlobalSize
LocalFree
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
GetThreadLocale
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
GetSystemTime
GetModuleHandleA
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetFileTime
GetCurrentDirectoryW
FindResourceExW
VerifyVersionInfoW
GetTempFileNameW
GetProfileIntW
SearchPathW
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
ExitThread
VirtualQuery
VirtualAlloc
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
LCMapStringW
GetCPInfo
GetStringTypeW
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
VerifyVersionInfoA
TlsSetValue
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
WaitForSingleObjectEx
FormatMessageA
SleepEx
GetTickCount64
DuplicateHandle
lstrcmpiW
GetDriveTypeW
GetLogicalDriveStringsW
GetFileSizeEx
GetTempPathW
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
TerminateThread
GetExitCodeThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetPrivateProfileIntW
GetPrivateProfileStringW
SetUnhandledExceptionFilter
CreateMutexW
RaiseException
SetProcessWorkingSetSize
ResetEvent
SetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
CompareStringW
IsValidCodePage
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
GetWindowsDirectoryW
MoveFileExW
DeleteFileW
FormatMessageW
GetACP
WriteFile
CopyFileW
GetFileSize
SetFilePointer
GetFileAttributesW
LeaveCriticalSection
OutputDebugStringW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryW
GetLocalTime
GetModuleHandleExW
SetErrorMode
HeapFree
GetProcessHeap
LoadLibraryW
VirtualProtect
FreeLibrary
lstrcpyW
WideCharToMultiByte
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Sleep
TerminateProcess
GetTickCount
PeekNamedPipe
GetLastError
ReadFile
WaitForSingleObject
CreateProcessW
lstrcmpW
GetFileAttributesExW
MultiByteToWideChar
GetModuleFileNameW
ReadProcessMemory
CloseHandle
OpenProcess
GetSystemInfo
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
GetFileInformationByHandle
SetFilePointerEx
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
HeapQueryInformation
SetStdHandle
GetConsoleMode
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputW
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
TlsFree
user32
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetLastActivePopup
GetClassLongW
GetWindowTextLengthW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
TrackPopupMenu
SetMenu
GetMenu
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsMenu
RegisterClassW
PeekMessageW
DispatchMessageW
RemoveMenu
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetClassInfoExW
UnregisterClassW
GetWindowTextW
EnumWindows
SetParent
DrawIcon
LoadIconW
PostQuitMessage
CreateWindowExW
RegisterClassExW
DestroyWindow
PostThreadMessageW
ShowWindow
MessageBoxW
MoveWindow
RegisterWindowMessageW
GetCursorPos
CallWindowProcW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetIconInfo
LoadBitmapW
GetMessagePos
GetMessageTime
AdjustWindowRectEx
SetClassLongW
GetWindowRgn
GetTopWindow
SetWindowRgn
ScreenToClient
SetLayeredWindowAttributes
UpdateLayeredWindow
AttachThreadInput
SetForegroundWindow
DefWindowProcW
GetClassInfoW
SetFocus
IsChild
DrawIconEx
IsIconic
IntersectRect
SetTimer
MapWindowPoints
GetClientRect
InflateRect
GetSysColorBrush
DrawFrameControl
ModifyMenuW
InsertMenuW
AppendMenuW
DeleteMenu
LoadMenuW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
SystemParametersInfoW
LoadImageW
GetKeyState
InvalidateRect
DestroyIcon
FillRect
ReleaseDC
GetDC
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetWindow
IsWindowEnabled
DrawFocusRect
TrackMouseEvent
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
SetWindowLongW
SetWindowPos
GetDlgItem
GetClassNameW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetFocus
IsZoomed
PtInRect
KillTimer
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
GetCursor
UpdateWindow
RedrawWindow
EqualRect
GetSysColor
SetRect
IsRectEmpty
OffsetRect
SetRectEmpty
CopyRect
EnableWindow
SetWindowTextW
IsDialogMessageW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetWindowDC
WindowFromPoint
CharUpperW
DestroyMenu
SetWindowContextHelpId
MapDialogRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
PostMessageW
RemovePropW
SetPropW
GetPropW
GetMessageW
TranslateMessage
ShowOwnedPopups
CopyImage
SendDlgItemMessageA
RealChildWindowFromPoint
CreateDialogIndirectParamW
EndDialog
GetAsyncKeyState
DestroyCursor
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UnionRect
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
NotifyWinEvent
CreatePopupMenu
InvertRect
HideCaret
GetCapture
EnableScrollBar
GetSystemMetrics
GetWindowRect
GetDesktopWindow
GetParent
GetForegroundWindow
IsWindowVisible
IsWindow
GetWindowLongW
ClientToScreen
GetWindowThreadProcessId
SendMessageW
gdi32
CreatePolygonRgn
PtInRegion
GetPixel
SaveDC
RestoreDC
SetPixel
CreateBitmap
GetTextColor
GetTextMetricsW
GetTextExtentExPointW
SetTextCharacterExtra
CopyMetaFileW
CreateDCW
SetBkColor
SetTextColor
CreateHatchBrush
CreatePen
CreatePatternBrush
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
GetTextExtentPoint32W
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetBkColor
GetRgnBox
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateEllipticRgn
Ellipse
Polygon
Polyline
LPtoDP
Rectangle
RoundRect
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetStockObject
StretchBlt
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateEllipticRgnIndirect
OffsetRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
CreateDIBSection
GetObjectW
GetDIBColorTable
CreateCompatibleDC
SelectObject
DeleteDC
SelectClipRgn
CreateRectRgn
GetClipRgn
DeleteObject
ExtSelectClipRgn
SetViewportExtEx
SetDIBColorTable
CreateRoundRectRgn
msimg32
GradientFill
AlphaBlend
TransparentBlt
winspool.drv
DocumentPropertiesW
OpenPrinterW
ClosePrinter
advapi32
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegDisableReflectionKey
RegEnableReflectionKey
RegSetValueExW
RegCreateKeyExW
shell32
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteW
DragFinish
DragQueryFileW
SHGetDesktopFolder
comctl32
DrawShadowText
_TrackMouseEvent
InitCommonControlsEx
shlwapi
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW
uxtheme
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
ole32
CoInitialize
CoCreateInstance
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
oleaut32
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
gdiplus
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdiplusShutdown
GdipLoadImageFromFile
GdipDrawImageRectI
GdipFillRectangleI
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipTranslateTextureTransform
GdipCreateTexture2I
GdipCreateTextureIAI
GdipFillEllipseI
GdipScaleTextureTransform
GdipSetSmoothingMode
GdipGetDC
GdipReleaseDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetPageUnit
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipBitmapUnlockBits
GdipGetFamily
GdipGetFontSize
GdipGetFontStyle
GdipSetTextRenderingHint
GdipDrawString
GdipCreatePath
GdipDeletePath
GdipAddPathString
GdipCreatePen1
GdipDeletePen
GdipSetPenLineJoin
GdipDrawPath
GdipFillPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDrawImageI
GdipGetImageGraphicsContext
GdipDisposeImage
GdipDrawImageRectRectI
GdipDeleteFont
GdipSetInterpolationMode
oledlg
OleUIBusyW
winmm
PlaySoundW
timeSetEvent
iphlpapi
GetAdaptersInfo
dbghelp
MiniDumpWriteDump
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
oleacc
AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject
imm32
ImmGetContext
ImmReleaseContext
ImmGetOpenStatus
Exports
Exports
??0CNamedPipeClientEvent@@QAE@ABV0@@Z
??0CNamedPipeClientEvent@@QAE@PAUINamePipeClitEvent@NS_IPC@@@Z
??0INamePipeClitEvent@NS_IPC@@QAE@$$QAU01@@Z
??0INamePipeClitEvent@NS_IPC@@QAE@ABU01@@Z
??0INamePipeClitEvent@NS_IPC@@QAE@XZ
??0INamedPipe@@QAE@$$QAU0@@Z
??0INamedPipe@@QAE@ABU0@@Z
??0INamedPipe@@QAE@XZ
??0INamedPipeEvent@@QAE@$$QAU0@@Z
??0INamedPipeEvent@@QAE@ABU0@@Z
??0INamedPipeEvent@@QAE@XZ
??0INamedPipeServer@@QAE@$$QAU0@@Z
??0INamedPipeServer@@QAE@ABU0@@Z
??0INamedPipeServer@@QAE@XZ
??0INamedPipeServerRoutine@@QAE@$$QAU0@@Z
??0INamedPipeServerRoutine@@QAE@ABU0@@Z
??0INamedPipeServerRoutine@@QAE@XZ
??1CNamedPipeClientEvent@@QAE@XZ
??4CNamedPipeClientEvent@@QAEAAV0@ABV0@@Z
??4INamePipeClitEvent@NS_IPC@@QAEAAU01@$$QAU01@@Z
??4INamePipeClitEvent@NS_IPC@@QAEAAU01@ABU01@@Z
??4INamedPipe@@QAEAAU0@$$QAU0@@Z
??4INamedPipe@@QAEAAU0@ABU0@@Z
??4INamedPipeEvent@@QAEAAU0@$$QAU0@@Z
??4INamedPipeEvent@@QAEAAU0@ABU0@@Z
??4INamedPipeServer@@QAEAAU0@$$QAU0@@Z
??4INamedPipeServer@@QAEAAU0@ABU0@@Z
??4INamedPipeServerRoutine@@QAEAAU0@$$QAU0@@Z
??4INamedPipeServerRoutine@@QAEAAU0@ABU0@@Z
??_7CNamedPipeClientEvent@@6B@
??_7INamePipeClitEvent@NS_IPC@@6B@
??_7INamedPipe@@6B@
??_7INamedPipeEvent@@6B@
??_7INamedPipeServer@@6B@
??_7INamedPipeServerRoutine@@6B@
?OnBeforeRelease@CNamedPipeClientEvent@@UAGHPAUINamedPipe@@@Z
?OnCompletedConnect@CNamedPipeClientEvent@@UAGXPAUINamedPipe@@@Z
?OnCompletedCreate@CNamedPipeClientEvent@@UAGXPAUINamedPipe@@@Z
?OnCompletedDisconnect@CNamedPipeClientEvent@@UAGHPAUINamedPipe@@@Z
?OnCompletedRecv@CNamedPipeClientEvent@@UAGKPAUINamedPipe@@PBDK@Z
?OnCompletedSend@CNamedPipeClientEvent@@UAGHPAUINamedPipe@@PBDK@Z
?SetNamedPipeEvent@CNamedPipeClientEvent@@QAEXPAUINamePipeClitEvent@NS_IPC@@@Z
Sections
.text Size: 3.2MB - Virtual size: 3.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 757KB - Virtual size: 757KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 70KB - Virtual size: 111KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.giats Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 904B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 206KB - Virtual size: 206KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ