C:\php-sdk\php54dev\vc9\x86\obj\Release\php5.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2e30edc8d51d39c4ebfb2c2fcb5197e0_NeikiAnalytics.dll
Resource
win7-20240215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
2e30edc8d51d39c4ebfb2c2fcb5197e0_NeikiAnalytics.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
2e30edc8d51d39c4ebfb2c2fcb5197e0_NeikiAnalytics.exe
-
Size
6.2MB
-
MD5
2e30edc8d51d39c4ebfb2c2fcb5197e0
-
SHA1
4356e12e602e5b852794f454c859d8628059076e
-
SHA256
6f7edbf8c722b0d603902daada4a6eb43cb725015dd1ccfdb7f0deb4fa8a69aa
-
SHA512
bf55a32a24a9c1b20ae508bd22c8994d8dcbf7c503982ffe4c3e0f39d5dfe3c9b800667a26595d7c19bd9b769056bed06b5642db2894134ef0af47a64275911a
-
SSDEEP
98304:9qW9q2DHggLYNjUnhmDsGZMyYZ9ig2BAUZLioo6lC:sULYNInhmYYMrIg2Vpo6o
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2e30edc8d51d39c4ebfb2c2fcb5197e0_NeikiAnalytics.exe
Files
-
2e30edc8d51d39c4ebfb2c2fcb5197e0_NeikiAnalytics.exe.dll windows:5 windows x86 arch:x86
4d4f2121eb27cb76e7526ef91fcd6d33
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
advapi32
GetUserNameA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegNotifyChangeKeyValue
CryptAcquireContextA
CryptGenRandom
RegisterEventSourceA
DeregisterEventSource
ReportEventA
CreateProcessAsUserA
OpenProcessToken
OpenThreadToken
ConvertSidToStringSidA
MapGenericMask
GetTokenInformation
AccessCheck
CopySid
EqualSid
DuplicateToken
DuplicateTokenEx
GetFileSecurityA
GetLengthSid
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
ws2_32
inet_addr
WSAAddressToStringA
getpeername
ioctlsocket
connect
inet_ntoa
htonl
getaddrinfo
select
htons
WSAStringToAddressA
getsockname
setsockopt
bind
socket
freeaddrinfo
listen
send
recv
sendto
shutdown
recvfrom
gethostbyname
getsockopt
accept
WSAStartup
WSAGetLastError
WSACleanup
gethostbyaddr
gethostname
getprotobyname
getservbyport
getservbyname
ntohs
ntohl
__WSAFDIsSet
WSASetLastError
getprotobynumber
closesocket
odbc32
ord66
ord65
ord47
ord60
ord56
ord40
ord54
ord42
ord61
ord20
ord2
ord1
ord50
ord41
ord7
ord59
ord13
ord70
ord53
ord52
ord43
ord11
ord57
ord17
ord21
ord58
ord72
ord12
ord48
ord49
ord3
ord45
ord51
ord19
ord63
ord18
ord6
ord4
ord10
ord14
ord15
ord9
ord23
ord16
ord67
kernel32
InterlockedExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemDirectoryA
TlsGetValue
TlsSetValue
TlsAlloc
Sleep
TlsFree
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetACP
SetFilePointer
SetErrorMode
TerminateProcess
CreateHardLinkA
GetFileAttributesA
GetComputerNameA
GetModuleHandleA
VerSetConditionMask
VerifyVersionInfoA
UnlockFileEx
LockFileEx
GetDiskFreeSpaceA
SleepEx
SetEnvironmentVariableA
GetCurrentProcessId
VirtualAlloc
VirtualFree
ReleaseMutex
CreateMutexA
GetLocalTime
OpenFileMappingA
GetVersion
DuplicateHandle
CreatePipe
GetStdHandle
GetBinaryTypeA
CreateProcessA
GetExitCodeProcess
GetCurrentThread
GetCurrentProcess
MapViewOfFileEx
GetFullPathNameA
GetSystemTime
GetCurrentDirectoryA
DeviceIoControl
FileTimeToSystemTime
WideCharToMultiByte
SetFileTime
GetProcessHeap
GetFileAttributesExA
SystemTimeToFileTime
CreateFileA
CreateWaitableTimerA
GetSystemTimeAsFileTime
SetWaitableTimer
GetTickCount
FindNextFileA
FindClose
FindFirstFileA
GetSystemInfo
GetFileType
CreateFileMappingA
MoveFileExA
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetTempPathA
GetTempFileNameA
SetLastError
GetEnvironmentVariableA
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
LocalFree
GetVersionExA
FreeLibrary
HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
IsDBCSLeadByte
InterlockedIncrement
WaitForSingleObject
SetEvent
CreateEventA
GetCurrentThreadId
CloseHandle
GetProcAddress
LoadLibraryA
FormatMessageA
GetLastError
GetModuleFileNameA
OutputDebugStringA
ole32
CoInitialize
CoUninitialize
user32
MsgWaitForMultipleObjects
MessageBoxA
DestroyWindow
GetMessageA
SetTimer
PostThreadMessageA
PostQuitMessage
KillTimer
SendMessageA
UnregisterClassA
CreateWindowExA
DefWindowProcA
RegisterClassA
GetSystemMetrics
dnsapi
DnsQuery_A
DnsFree
msvcr90
_getcwd
_umask
_putenv
_access
_lseek
_chsize
_read
_unlink
_chmod
_write
_open
_isatty
_stricmp
_strnicmp
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_vsnprintf
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
fputc
sprintf_s
strcpy_s
vfprintf
_wstat64i32
_stat64i32
_wfopen
wcstombs
_wopen
_lseeki64
abort
clearerr
strcmp
ferror
putc
_mktemp
_creat
remove
_fileno
_setmode
rand
srand
_close
strncpy_s
strcat_s
_CIfmod
_hypot
_CItanh
_CIcosh
_CIsinh
_CIatan
_CIasin
_CItan
_CIexp
_CIlog
ceil
_CIlog10
getc
mblen
strcspn
_setjmp3
atof
strtoul
sscanf
_CIpow
strtod
calloc
_CIacos
_CIcos
_CIsin
_CIsqrt
_CIatan2
_atoi64
strftime
floor
isxdigit
isupper
ispunct
isprint
isgraph
iscntrl
_mktime32
memcpy
putchar
memset
_fdopen
_open_osfhandle
strncat
free
malloc
atoi
_snprintf
fopen
longjmp
realloc
exit
__iob_func
strtol
fprintf
getenv
fflush
memchr
sprintf
memmove
strncmp
strchr
isalpha
strrchr
_beginthreadex
strspn
_controlfp_s
_errno
ftell
printf
strcoll
_tolower_l
toupper
_finite
_get_current_locale
fread
_fstat32
fclose
isspace
_HUGE
_time32
strstr
tolower
isalnum
strncpy
_dup
strerror
_chdir
_set_invalid_parameter_handler
setlocale
fwrite
qsort
vsprintf
_environ
_ctime32
_localtime32
asctime
_gmtime32
atol
strpbrk
localeconv
isdigit
_fpclass
_isnan
islower
strnlen
rewind
feof
_mkdir
setvbuf
_rmdir
_get_osfhandle
fseek
strtok
__daylight
__timezone
_tzset
_getpid
_set_errno
_memicmp
_stat32
_strdup
Exports
Exports
GetSMErrorText
OnUpdateBaseDir
OnUpdateBool
OnUpdateLong
OnUpdateLongGEZero
OnUpdateReal
OnUpdateString
OnUpdateStringUnempty
PHP_3HAVAL128Init
PHP_3HAVAL160Init
PHP_3HAVAL192Init
PHP_3HAVAL224Init
PHP_3HAVAL256Init
PHP_3TIGERInit
PHP_4HAVAL128Init
PHP_4HAVAL160Init
PHP_4HAVAL192Init
PHP_4HAVAL224Init
PHP_4HAVAL256Init
PHP_4TIGERInit
PHP_5HAVAL128Init
PHP_5HAVAL160Init
PHP_5HAVAL192Init
PHP_5HAVAL224Init
PHP_5HAVAL256Init
PHP_ADLER32Copy
PHP_ADLER32Final
PHP_ADLER32Init
PHP_ADLER32Update
PHP_CRC32BFinal
PHP_CRC32BUpdate
PHP_CRC32Copy
PHP_CRC32Final
PHP_CRC32Init
PHP_CRC32Update
PHP_FNV132Final
PHP_FNV132Init
PHP_FNV132Update
PHP_FNV164Final
PHP_FNV164Init
PHP_FNV164Update
PHP_FNV1a32Update
PHP_FNV1a64Update
PHP_GOSTFinal
PHP_GOSTInit
PHP_GOSTUpdate
PHP_HAVAL128Final
PHP_HAVAL160Final
PHP_HAVAL192Final
PHP_HAVAL224Final
PHP_HAVAL256Final
PHP_HAVALUpdate
PHP_JOAATFinal
PHP_JOAATInit
PHP_JOAATUpdate
PHP_MD2Final
PHP_MD2Init
PHP_MD2Update
PHP_MD4Final
PHP_MD4Init
PHP_MD4Update
PHP_MD5Final
PHP_MD5Init
PHP_MD5Update
PHP_RIPEMD128Final
PHP_RIPEMD128Init
PHP_RIPEMD128Update
PHP_RIPEMD160Final
PHP_RIPEMD160Init
PHP_RIPEMD160Update
PHP_RIPEMD256Final
PHP_RIPEMD256Init
PHP_RIPEMD256Update
PHP_RIPEMD320Final
PHP_RIPEMD320Init
PHP_RIPEMD320Update
PHP_SHA1Final
PHP_SHA1Init
PHP_SHA1Update
PHP_SHA224Final
PHP_SHA224Init
PHP_SHA224Update
PHP_SHA256Final
PHP_SHA256Init
PHP_SHA256Update
PHP_SHA384Final
PHP_SHA384Init
PHP_SHA384Update
PHP_SHA512Final
PHP_SHA512Init
PHP_SHA512Update
PHP_SNEFRUFinal
PHP_SNEFRUInit
PHP_SNEFRUUpdate
PHP_TIGER128Final
PHP_TIGER160Final
PHP_TIGER192Final
PHP_TIGERUpdate
PHP_WHIRLPOOLFinal
PHP_WHIRLPOOLInit
PHP_WHIRLPOOLUpdate
TSMClose
TSendMail
UTF8ToHtml
UTF8Toisolat1
ValidateFormat
XML_GetUserData
_DllMain@12
__docbDefaultSAXHandler
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXHandler
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlParserDebugEntities
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
_array_init
_convert_to_string
_ecalloc
_efree
_emalloc
_erealloc
_estrdup
_estrndup
_libiconv_version
_mysqlnd_calloc
_mysqlnd_debug
_mysqlnd_ecalloc
_mysqlnd_efree
_mysqlnd_emalloc
_mysqlnd_erealloc
_mysqlnd_fetch_lengths
_mysqlnd_free
_mysqlnd_get_client_stats
_mysqlnd_init
_mysqlnd_malloc
_mysqlnd_pecalloc
_mysqlnd_pefree
_mysqlnd_pemalloc
_mysqlnd_perealloc
_mysqlnd_pestrdup
_mysqlnd_pestrndup
_mysqlnd_plugin_apply_with_argument
_mysqlnd_plugin_find
_mysqlnd_plugin_get_plugin_connection_data
_mysqlnd_plugin_get_plugin_connection_data_data
_mysqlnd_plugin_get_plugin_net_data
_mysqlnd_plugin_get_plugin_protocol_data
_mysqlnd_plugin_get_plugin_result_data
_mysqlnd_plugin_get_plugin_result_metadata_data
_mysqlnd_plugin_get_plugin_stmt_data
_mysqlnd_poll
_mysqlnd_realloc
_mysqlnd_sprintf
_mysqlnd_sprintf_free
_mysqlnd_vsprintf
_object_and_properties_init
_object_init
_object_init_ex
_php_emit_fd_setsize_warning
_php_error_log
_php_error_log_ex
_php_find_ps_module
_php_find_ps_serializer
_php_get_stream_filters_hash
_php_glob_stream_get_count
_php_glob_stream_get_path
_php_glob_stream_get_pattern
_php_math_basetolong
_php_math_basetozval
_php_math_longtobase
_php_math_number_format
_php_math_number_format_ex
_php_math_round
_php_math_zvaltobase
_php_regcomp@12
_php_regerror@16
_php_regexec@20
_php_regfree@4
_php_stream_alloc
_php_stream_cast
_php_stream_copy_to_mem
_php_stream_copy_to_stream
_php_stream_copy_to_stream_ex
_php_stream_eof
_php_stream_fill_read_buffer
_php_stream_filter_alloc
_php_stream_filter_append
_php_stream_filter_flush
_php_stream_filter_prepend
_php_stream_flush
_php_stream_fopen
_php_stream_fopen_from_fd
_php_stream_fopen_from_file
_php_stream_fopen_from_pipe
_php_stream_fopen_temporary_file
_php_stream_fopen_tmpfile
_php_stream_fopen_with_path
_php_stream_free
_php_stream_free_enclosed
_php_stream_get_line
_php_stream_get_url_stream_wrappers_hash
_php_stream_getc
_php_stream_make_seekable
_php_stream_memory_create
_php_stream_memory_get_buffer
_php_stream_memory_open
_php_stream_mkdir
_php_stream_mmap_range
_php_stream_mmap_unmap
_php_stream_mmap_unmap_ex
_php_stream_open_wrapper_as_file
_php_stream_open_wrapper_ex
_php_stream_opendir
_php_stream_passthru
_php_stream_printf
_php_stream_putc
_php_stream_puts
_php_stream_read
_php_stream_readdir
_php_stream_rmdir
_php_stream_scandir
_php_stream_seek
_php_stream_set_option
_php_stream_sock_open_from_socket
_php_stream_sock_open_host
_php_stream_stat
_php_stream_stat_path
_php_stream_tell
_php_stream_temp_create
_php_stream_temp_open
_php_stream_truncate_set_size
_php_stream_write
_php_stream_xport_create
_safe_emalloc
_safe_erealloc
_safe_malloc
_safe_realloc
_xml_zval_strdup
_zend_bailout
_zend_get_parameters_array
_zend_get_parameters_array_ex
_zend_hash_add_or_update
_zend_hash_index_update_or_next_insert
_zend_hash_init
_zend_hash_init_ex
_zend_hash_merge
_zend_hash_quick_add_or_update
_zend_list_addref
_zend_list_delete
_zend_list_find
_zend_mem_block_size
_zend_mm_alloc
_zend_mm_block_size
_zend_mm_free
_zend_mm_realloc
_zend_ts_hash_add_or_update
_zend_ts_hash_index_update_or_next_insert
_zend_ts_hash_init
_zend_ts_hash_init_ex
_zend_ts_hash_quick_add_or_update
_zval_copy_ctor_func
_zval_dtor_func
_zval_dtor_wrapper
_zval_internal_dtor
_zval_internal_ptr_dtor
_zval_ptr_dtor
add_assoc_bool_ex
add_assoc_double_ex
add_assoc_function
add_assoc_long_ex
add_assoc_null_ex
add_assoc_resource_ex
add_assoc_string_ex
add_assoc_stringl_ex
add_assoc_zval_ex
add_char_to_string
add_function
add_get_assoc_string_ex
add_get_assoc_stringl_ex
add_get_index_double
add_get_index_long
add_get_index_string
add_get_index_stringl
add_index_bool
add_index_double
add_index_long
add_index_null
add_index_resource
add_index_string
add_index_stringl
add_index_zval
add_next_index_bool
add_next_index_double
add_next_index_long
add_next_index_null
add_next_index_resource
add_next_index_string
add_next_index_stringl
add_next_index_zval
add_property_bool_ex
add_property_double_ex
add_property_long_ex
add_property_null_ex
add_property_resource_ex
add_property_string_ex
add_property_stringl_ex
add_property_zval_ex
add_string_to_string
adler32
ap_php_asprintf
ap_php_slprintf
ap_php_snprintf
ap_php_vasprintf
ap_php_vslprintf
ap_php_vsnprintf
append_user_shutdown_function
arcfour_LTX__is_block_algorithm
arcfour_LTX__mcrypt_algorithm_version
arcfour_LTX__mcrypt_decrypt
arcfour_LTX__mcrypt_encrypt
arcfour_LTX__mcrypt_get_algo_iv_size
arcfour_LTX__mcrypt_get_algorithms_name
arcfour_LTX__mcrypt_get_block_size
arcfour_LTX__mcrypt_get_key_size
arcfour_LTX__mcrypt_get_size
arcfour_LTX__mcrypt_get_supported_key_sizes
arcfour_LTX__mcrypt_self_test
arcfour_LTX__mcrypt_set_key
attribute
attributeDecl
basic_globals
bitwise_and_function
bitwise_not_function
bitwise_or_function
bitwise_xor_function
blowfish_LTX__is_block_algorithm
blowfish_LTX__mcrypt_algorithm_version
blowfish_LTX__mcrypt_decrypt
blowfish_LTX__mcrypt_encrypt
blowfish_LTX__mcrypt_get_algorithms_name
blowfish_LTX__mcrypt_get_block_size
blowfish_LTX__mcrypt_get_key_size
blowfish_LTX__mcrypt_get_size
blowfish_LTX__mcrypt_get_supported_key_sizes
blowfish_LTX__mcrypt_self_test
blowfish_LTX__mcrypt_set_key
blowfish_compat_LTX__is_block_algorithm
blowfish_compat_LTX__mcrypt_algorithm_version
blowfish_compat_LTX__mcrypt_decrypt
blowfish_compat_LTX__mcrypt_encrypt
blowfish_compat_LTX__mcrypt_get_algorithms_name
blowfish_compat_LTX__mcrypt_get_block_size
blowfish_compat_LTX__mcrypt_get_key_size
blowfish_compat_LTX__mcrypt_get_size
blowfish_compat_LTX__mcrypt_get_supported_key_sizes
blowfish_compat_LTX__mcrypt_self_test
blowfish_compat_LTX__mcrypt_set_key
boolean_not_function
boolean_xor_function
call_user_function
call_user_function_ex
cast_128_LTX__is_block_algorithm
cast_128_LTX__mcrypt_algorithm_version
cast_128_LTX__mcrypt_decrypt
cast_128_LTX__mcrypt_encrypt
cast_128_LTX__mcrypt_get_algorithms_name
cast_128_LTX__mcrypt_get_block_size
cast_128_LTX__mcrypt_get_key_size
cast_128_LTX__mcrypt_get_size
cast_128_LTX__mcrypt_get_supported_key_sizes
cast_128_LTX__mcrypt_self_test
cast_128_LTX__mcrypt_set_key
cast_256_LTX__is_block_algorithm
cast_256_LTX__mcrypt_algorithm_version
cast_256_LTX__mcrypt_decrypt
cast_256_LTX__mcrypt_encrypt
cast_256_LTX__mcrypt_get_algorithms_name
cast_256_LTX__mcrypt_get_block_size
cast_256_LTX__mcrypt_get_key_size
cast_256_LTX__mcrypt_get_size
cast_256_LTX__mcrypt_get_supported_key_sizes
cast_256_LTX__mcrypt_self_test
cast_256_LTX__mcrypt_set_key
cdataBlock
cfg_get_double
cfg_get_entry
cfg_get_long
cfg_get_string
characters
checkNamespace
clean_non_persistent_class_full
clean_non_persistent_function_full
comment
compare_function
compile_file
compile_filename
compile_string
compiler_globals
compress
compress2
compressBound
concat_function
config_zval_dtor
convert_scalar_to_number
convert_to_array
convert_to_boolean
convert_to_double
convert_to_long
convert_to_long_base
convert_to_null
convert_to_object
core_globals
crc32
decrement_function
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
des_LTX__is_block_algorithm
des_LTX__mcrypt_algorithm_version
des_LTX__mcrypt_decrypt
des_LTX__mcrypt_encrypt
des_LTX__mcrypt_get_algorithms_name
des_LTX__mcrypt_get_block_size
des_LTX__mcrypt_get_key_size
des_LTX__mcrypt_get_size
des_LTX__mcrypt_get_supported_key_sizes
des_LTX__mcrypt_self_test
des_LTX__mcrypt_set_key
destroy_op_array
destroy_zend_class
destroy_zend_function
display_ini_entries
display_link_numbers
div_function
do_bind_class
do_bind_function
do_bind_inherited_class
docbCreateFileParserCtxt
docbCreatePushParserCtxt
docbDefaultSAXHandlerInit
docbEncodeEntities
docbFreeParserCtxt
docbParseChunk
docbParseDoc
docbParseDocument
docbParseFile
docbSAXParseDoc
docbSAXParseFile
dom_node_class_entry
dom_object_get_node
dummy_indent
elementDecl
empty_fcall_info
empty_fcall_info_cache
endDocument
endElement
end_mcrypt
enigma_LTX__is_block_algorithm
enigma_LTX__mcrypt_algorithm_version
enigma_LTX__mcrypt_decrypt
enigma_LTX__mcrypt_encrypt
enigma_LTX__mcrypt_get_algo_iv_size
enigma_LTX__mcrypt_get_algorithms_name
enigma_LTX__mcrypt_get_block_size
enigma_LTX__mcrypt_get_key_size
enigma_LTX__mcrypt_get_size
enigma_LTX__mcrypt_get_supported_key_sizes
enigma_LTX__mcrypt_self_test
enigma_LTX__mcrypt_set_key
entityDecl
execute
execute_internal
executor_globals
expand_filepath
expand_filepath_ex
expand_filepath_with_mode
externalSubset
Sections
.text Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 33KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 232KB - Virtual size: 231KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ