D:\work\fhdjclt\steam_plugin\SteamPlugin\bin\douyinHelper.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-05-23_0671085dc7990e84c602644f73f189e8_avoslocker_revil.exe
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-23_0671085dc7990e84c602644f73f189e8_avoslocker_revil.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
2024-05-23_0671085dc7990e84c602644f73f189e8_avoslocker_revil
-
Size
4.2MB
-
MD5
0671085dc7990e84c602644f73f189e8
-
SHA1
0fb515c56c86119f332b2494876cc00f6a3796f5
-
SHA256
b48bb3a3261488bf4481693042ffd13b414ba7c3d5cb4fe2d6aebf9f8c7888bc
-
SHA512
efc2b5664edada382ca73afa5ccd7b10a8153b7e391eac9763ae732ea7f8ebbe1726422a8074a0f98f3ef4e6f0abe6e7afd14b3648ef8b3590d71b162cbf4d2d
-
SSDEEP
98304:ZNO49SyS6MML/WXBi4Oawh3Jh+wLBcS5ZB7zHa6hjyDc:i417KvwhUAB7zHaKB
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-05-23_0671085dc7990e84c602644f73f189e8_avoslocker_revil
Files
-
2024-05-23_0671085dc7990e84c602644f73f189e8_avoslocker_revil.exe windows:6 windows x86 arch:x86
48a17fed098fdbc280af82f33ad98c9e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ws2_32
gethostbyname
freeaddrinfo
htonl
ntohs
getaddrinfo
gethostname
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
setsockopt
socket
WSAIoctl
accept
listen
recvfrom
sendto
ioctlsocket
shutdown
getservbyname
select
wldap32
ord60
ord50
ord211
ord46
ord22
ord26
ord27
ord32
ord33
ord35
ord41
ord79
ord30
ord200
ord301
ord143
kernel32
SystemTimeToFileTime
lstrcpynW
SetThreadPriority
CreateThread
SetNamedPipeHandleState
DisconnectNamedPipe
ReadFileEx
WaitNamedPipeW
FlushFileBuffers
GlobalSize
LocalFree
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
GetThreadLocale
FileTimeToSystemTime
GetCurrentThread
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTime
GetModuleHandleA
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetFileTime
GetCurrentDirectoryW
FindResourceExW
VerifyVersionInfoW
GetTempFileNameW
GetProfileIntW
SearchPathW
GetUserDefaultLCID
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
LCMapStringW
QueryPerformanceFrequency
GetCPInfo
GetStringTypeW
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
VerifyVersionInfoA
GlobalReAlloc
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
GetFileType
GetStdHandle
WaitForSingleObjectEx
FormatMessageA
SleepEx
GetTickCount64
DuplicateHandle
lstrcmpiW
GetDriveTypeW
GetLogicalDriveStringsW
GetFileSizeEx
GetTempPathW
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
TerminateThread
GetExitCodeThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
GetPrivateProfileIntW
GetPrivateProfileStringW
SetUnhandledExceptionFilter
CreateMutexW
RaiseException
SetProcessWorkingSetSize
ResetEvent
SetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
CreateEventW
CompareStringW
IsValidCodePage
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
GetWindowsDirectoryW
MoveFileExW
DeleteFileW
FormatMessageW
GetACP
WriteFile
CopyFileW
GetFileSize
SetFilePointer
GetFileAttributesW
LeaveCriticalSection
OutputDebugStringW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
CreateDirectoryW
GetLocalTime
GetModuleHandleExW
SetErrorMode
HeapFree
GetProcessHeap
LoadLibraryW
VirtualProtect
FreeLibrary
lstrcpyW
WideCharToMultiByte
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Sleep
TerminateProcess
GetTickCount
PeekNamedPipe
GetLastError
ReadFile
WaitForSingleObject
CreateProcessW
lstrcmpW
GetFileAttributesExW
MultiByteToWideChar
GetModuleFileNameW
ReadProcessMemory
CloseHandle
OpenProcess
GetSystemInfo
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetCommandLineA
GetCommandLineW
GetFileInformationByHandle
SetFilePointerEx
ExitProcess
SetConsoleCtrlHandler
GetConsoleCP
HeapQueryInformation
SetStdHandle
GetConsoleMode
ReadConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputW
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
GlobalHandle
user32
CheckDlgButton
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
GetLastActivePopup
GetClassLongW
GetWindowTextLengthW
GetWindowTextW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
TrackPopupMenu
SetMenu
GetMenu
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsMenu
RegisterClassW
PeekMessageW
DispatchMessageW
RemoveMenu
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetClassInfoExW
UnregisterClassW
SetParent
DrawIcon
LoadIconW
PostQuitMessage
CreateWindowExW
RegisterClassExW
DestroyWindow
PostThreadMessageW
ShowWindow
MessageBoxW
MoveWindow
RegisterWindowMessageW
GetCursorPos
CallWindowProcW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetIconInfo
LoadBitmapW
GetMessagePos
GetMessageTime
AdjustWindowRectEx
SetClassLongW
MapVirtualKeyW
GetTopWindow
MessageBeep
ScreenToClient
SetLayeredWindowAttributes
UpdateLayeredWindow
SetForegroundWindow
DefWindowProcW
GetClassInfoW
SetFocus
IsChild
DrawIconEx
IsIconic
IntersectRect
SetTimer
MapWindowPoints
GetClientRect
InflateRect
GetSysColorBrush
DrawFrameControl
ModifyMenuW
InsertMenuW
AppendMenuW
DeleteMenu
LoadMenuW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
SystemParametersInfoW
LoadImageW
GetKeyState
InvalidateRect
DestroyIcon
FillRect
ReleaseDC
GetDC
SetActiveWindow
GetActiveWindow
GetNextDlgTabItem
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
TrackMouseEvent
SetPropW
GetPropW
RegisterClipboardFormatW
GetWindow
IsWindowEnabled
GetDlgItem
GetClassNameW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetFocus
IsZoomed
PtInRect
KillTimer
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
GetCursor
UpdateWindow
RedrawWindow
EqualRect
GetSysColor
SetRect
IsRectEmpty
OffsetRect
SetRectEmpty
SetWindowTextW
IsDialogMessageW
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetWindowDC
WindowFromPoint
CharUpperW
DestroyMenu
SetWindowContextHelpId
MapDialogRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
CopyRect
EnableWindow
PostMessageW
RemovePropW
GetMessageW
TranslateMessage
ShowOwnedPopups
CopyImage
SendDlgItemMessageA
RealChildWindowFromPoint
CreateDialogIndirectParamW
EndDialog
GetAsyncKeyState
GetCapture
GetNextDlgGroupItem
DestroyCursor
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UnionRect
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetWindowRgn
GetKeyNameTextW
EnableScrollBar
DrawFocusRect
GetWindowRgn
SetWindowLongW
SetWindowPos
GetSystemMetrics
GetWindowRect
GetDesktopWindow
GetParent
GetForegroundWindow
IsWindowVisible
IsWindow
FindWindowExW
GetWindowThreadProcessId
SendMessageW
ClientToScreen
GetWindowLongW
gdi32
CreatePolygonRgn
PtInRegion
GetPixel
SaveDC
RestoreDC
SetPixel
CreateBitmap
GetTextColor
GetTextMetricsW
GetTextExtentExPointW
SetTextCharacterExtra
CopyMetaFileW
CreateDCW
SetBkColor
SetTextColor
CreateHatchBrush
CreatePen
CreatePatternBrush
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
GetTextExtentPoint32W
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetBkColor
GetRgnBox
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateEllipticRgn
Ellipse
Polygon
Polyline
LPtoDP
Rectangle
RoundRect
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
GetStockObject
StretchBlt
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
GetDeviceCaps
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateEllipticRgnIndirect
OffsetRgn
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
CreateDIBSection
GetObjectW
GetDIBColorTable
SetDIBColorTable
SelectObject
DeleteDC
SelectClipRgn
CreateRectRgn
GetClipRgn
DeleteObject
ExtSelectClipRgn
SetViewportExtEx
CreateCompatibleDC
CreateRoundRectRgn
msimg32
AlphaBlend
TransparentBlt
GradientFill
winspool.drv
DocumentPropertiesW
ClosePrinter
OpenPrinterW
advapi32
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegDisableReflectionKey
RegEnableReflectionKey
RegSetValueExW
RegCreateKeyExW
shell32
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
ShellExecuteW
DragFinish
DragQueryFileW
SHGetDesktopFolder
comctl32
DrawShadowText
_TrackMouseEvent
InitCommonControlsEx
shlwapi
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW
uxtheme
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
ole32
CoLockObjectExternal
CoCreateInstance
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoCreateGuid
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoDisconnectObject
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoInitialize
oleaut32
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
gdiplus
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdiplusShutdown
GdipLoadImageFromFile
GdipDrawImageRectI
GdipFillRectangleI
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipTranslateTextureTransform
GdipCreateTexture2I
GdipCreateTextureIAI
GdipFillEllipseI
GdipScaleTextureTransform
GdipSetSmoothingMode
GdipGetDC
GdipReleaseDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetPageUnit
GdipDeleteFontFamily
GdipDrawImageI
GdipDeleteFont
GdipGetFamily
GdipGetFontSize
GdipGetFontStyle
GdipSetTextRenderingHint
GdipDrawString
GdipCreatePath
GdipDeletePath
GdipAddPathString
GdipCreatePen1
GdipDeletePen
GdipSetPenLineJoin
GdipDrawPath
GdipFillPath
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipDisposeImage
GdipDeleteGraphics
GdipSetInterpolationMode
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorKeys
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipCreateFontFromDC
GdipCreateFromHDC
GdipAlloc
GdipFree
oledlg
OleUIBusyW
winmm
timeSetEvent
PlaySoundW
iphlpapi
GetAdaptersInfo
dbghelp
MiniDumpWriteDump
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
oleacc
CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject
imm32
ImmGetContext
ImmReleaseContext
ImmGetOpenStatus
Exports
Exports
??0CNamedPipeClientEvent@@QAE@ABV0@@Z
??0CNamedPipeClientEvent@@QAE@PAUINamePipeClitEvent@NS_IPC@@@Z
??0INamePipeClitEvent@NS_IPC@@QAE@$$QAU01@@Z
??0INamePipeClitEvent@NS_IPC@@QAE@ABU01@@Z
??0INamePipeClitEvent@NS_IPC@@QAE@XZ
??0INamedPipe@@QAE@$$QAU0@@Z
??0INamedPipe@@QAE@ABU0@@Z
??0INamedPipe@@QAE@XZ
??0INamedPipeEvent@@QAE@$$QAU0@@Z
??0INamedPipeEvent@@QAE@ABU0@@Z
??0INamedPipeEvent@@QAE@XZ
??0INamedPipeServer@@QAE@$$QAU0@@Z
??0INamedPipeServer@@QAE@ABU0@@Z
??0INamedPipeServer@@QAE@XZ
??0INamedPipeServerRoutine@@QAE@$$QAU0@@Z
??0INamedPipeServerRoutine@@QAE@ABU0@@Z
??0INamedPipeServerRoutine@@QAE@XZ
??1CNamedPipeClientEvent@@QAE@XZ
??4CNamedPipeClientEvent@@QAEAAV0@ABV0@@Z
??4INamePipeClitEvent@NS_IPC@@QAEAAU01@$$QAU01@@Z
??4INamePipeClitEvent@NS_IPC@@QAEAAU01@ABU01@@Z
??4INamedPipe@@QAEAAU0@$$QAU0@@Z
??4INamedPipe@@QAEAAU0@ABU0@@Z
??4INamedPipeEvent@@QAEAAU0@$$QAU0@@Z
??4INamedPipeEvent@@QAEAAU0@ABU0@@Z
??4INamedPipeServer@@QAEAAU0@$$QAU0@@Z
??4INamedPipeServer@@QAEAAU0@ABU0@@Z
??4INamedPipeServerRoutine@@QAEAAU0@$$QAU0@@Z
??4INamedPipeServerRoutine@@QAEAAU0@ABU0@@Z
??_7CNamedPipeClientEvent@@6B@
??_7INamePipeClitEvent@NS_IPC@@6B@
??_7INamedPipe@@6B@
??_7INamedPipeEvent@@6B@
??_7INamedPipeServer@@6B@
??_7INamedPipeServerRoutine@@6B@
?OnBeforeRelease@CNamedPipeClientEvent@@UAGHPAUINamedPipe@@@Z
?OnCompletedConnect@CNamedPipeClientEvent@@UAGXPAUINamedPipe@@@Z
?OnCompletedCreate@CNamedPipeClientEvent@@UAGXPAUINamedPipe@@@Z
?OnCompletedDisconnect@CNamedPipeClientEvent@@UAGHPAUINamedPipe@@@Z
?OnCompletedRecv@CNamedPipeClientEvent@@UAGKPAUINamedPipe@@PBDK@Z
?OnCompletedSend@CNamedPipeClientEvent@@UAGHPAUINamedPipe@@PBDK@Z
?SetNamedPipeEvent@CNamedPipeClientEvent@@QAEXPAUINamePipeClitEvent@NS_IPC@@@Z
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 751KB - Virtual size: 751KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 70KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.giats Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 896B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 205KB - Virtual size: 204KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ