I:\build\trunk_cn_9.0build\simulator\bin\dnplycore.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ac675e4bcda2936497056000cb300deeeb66aed6c2e9c75eeab73b37fb68fc37.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ac675e4bcda2936497056000cb300deeeb66aed6c2e9c75eeab73b37fb68fc37.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
ac675e4bcda2936497056000cb300deeeb66aed6c2e9c75eeab73b37fb68fc37
-
Size
997KB
-
MD5
8ad748f3afa5418959158c30df6c6661
-
SHA1
82e785ad801cf9ba90ce85218d06e5d8218410f8
-
SHA256
ac675e4bcda2936497056000cb300deeeb66aed6c2e9c75eeab73b37fb68fc37
-
SHA512
67267315b6a4e08757196bd03ca83ce716a891d8d99eabaf8d88a1d2a40e83a2df53363fd03d810dd3ea3682d03e9b332c7a1a07318eb44bb97fc90a02cb7307
-
SSDEEP
24576:CpNJmS6ObR6krlQDLl0XtqGzNuuonh/WoR+jK+D5:wP9AuQDLl09qYkh/WoR+jb5
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ac675e4bcda2936497056000cb300deeeb66aed6c2e9c75eeab73b37fb68fc37
Files
-
ac675e4bcda2936497056000cb300deeeb66aed6c2e9c75eeab73b37fb68fc37.dll windows:6 windows x86 arch:x86
4171d46c0685df2ea0e537de558c516e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
cximagecrt
?GetHeight@CxImage@@QBEIXZ
?DestroyFrames@CxImage@@QAE_NXZ
?Destroy@CxImage@@QAE_NXZ
?GetWidth@CxImage@@QBEIXZ
??0CxImage@@QAE@ABV0@_N11@Z
?Scanf@CxMemFile@@UAEHPBDPAX@Z
?GetS@CxMemFile@@UAEPADPADH@Z
?GetPixelColor@CxImage@@QAE?AUtagRGBQUAD@@HH_N@Z
?Load@CxImage@@QAE_NPB_WI@Z
??0CxImage@@QAE@I@Z
?Write@CxMemFile@@UAEIPBXII@Z
??0CxMemFile@@QAE@PAEI@Z
??1CxMemFile@@UAE@XZ
?Close@CxMemFile@@UAE_NXZ
?Read@CxMemFile@@UAEIPAXII@Z
?Resample@CxImage@@QAE_NHHHPAV1@@Z
?Seek@CxMemFile@@UAE_NHH@Z
?Tell@CxMemFile@@UAEHXZ
?Size@CxMemFile@@UAEHXZ
?Flush@CxMemFile@@UAE_NXZ
?Eof@CxMemFile@@UAE_NXZ
?Error@CxMemFile@@UAEHXZ
?PutC@CxMemFile@@UAE_NE@Z
?GetC@CxMemFile@@UAEHXZ
hid
HidP_GetCaps
HidP_GetUsages
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetButtonCaps
xinput1_3
ord4
ord5
ord2
winmm
timeEndPeriod
timeKillEvent
timeGetTime
timeBeginPeriod
timeGetDevCaps
timeSetEvent
kernel32
DisableThreadLibraryCalls
LoadLibraryW
GetProcAddress
GetModuleFileNameA
CopyFileW
GetTickCount
GetLocalTime
GetUserDefaultUILanguage
OutputDebugStringA
GetCurrentProcessId
LocalFree
GetModuleFileNameW
lstrcmpW
lstrlenW
CreateFileMappingA
lstrcpyW
GlobalAlloc
GetVersionExW
GlobalFree
GetCurrentThreadId
GetFileSize
CreateFileW
SetPriorityClass
GlobalLock
DeleteCriticalSection
GlobalUnlock
OpenProcess
ReleaseSemaphore
CreateSemaphoreW
TerminateProcess
GlobalMemoryStatusEx
GetSystemInfo
VirtualQuery
FindResourceW
LoadResource
CreateProcessW
SizeofResource
GetFileAttributesW
MoveFileW
LockResource
DeleteFileW
SetFileAttributesW
WaitForMultipleObjects
CreateEventW
EnterCriticalSection
CreateNamedPipeA
GetLastError
GetOverlappedResult
ReadFile
LeaveCriticalSection
SetThreadPriority
ReleaseMutex
ConnectNamedPipe
SetEvent
WaitForSingleObject
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
TerminateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetExitCodeProcess
CreateThread
GetSystemDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentThread
MultiByteToWideChar
QueryPerformanceFrequency
OpenEventW
OpenFileMappingW
CreateFileMappingW
OpenMutexW
Sleep
QueryPerformanceCounter
MapViewOfFile
CreateMutexW
WriteFile
ResetEvent
WideCharToMultiByte
DebugBreak
InitializeCriticalSection
CloseHandle
GetModuleHandleW
user32
ClientToScreen
GetMessageExtraInfo
SetCapture
TrackMouseEvent
GetCapture
SendMessageW
FindWindowExW
IsWindow
EmptyClipboard
GetClassNameW
GetWindowTextW
MessageBoxW
DispatchMessageW
PeekMessageW
MessageBoxA
TranslateMessage
MsgWaitForMultipleObjects
wsprintfW
InflateRect
SetCursorPos
SystemParametersInfoW
GetDesktopWindow
GetKeyState
MapVirtualKeyW
GetWindowThreadProcessId
GetParent
SetClipboardData
MonitorFromWindow
ReleaseCapture
GetMonitorInfoW
SetCursor
SendInput
LoadImageW
PostMessageW
GetClipCursor
ShowCursor
DestroyCursor
ClipCursor
DestroyWindow
CloseClipboard
LoadCursorW
SetFocus
GetWindowLongW
GetClipboardData
SetWindowLongW
GetCursorPos
ShowWindow
CreateWindowExW
OpenClipboard
RegisterClassW
GetKeyboardLayoutList
DefWindowProcW
ActivateKeyboardLayout
MoveWindow
DrawTextW
GetDC
ReleaseDC
GetSystemMetrics
GetKeyNameTextW
GetRawInputData
IsIconic
PtInRect
GetRegisteredRawInputDevices
GetRawInputDeviceInfoW
GetRawInputDeviceList
SetTimer
ScreenToClient
GetWindowRect
KillTimer
GetFocus
WindowFromPoint
GetClientRect
GetForegroundWindow
ChangeDisplaySettingsW
EnumWindows
GetKeyboardLayout
GetAsyncKeyState
GetAncestor
RegisterRawInputDevices
RegisterClassExW
gdi32
Rectangle
CreateCompatibleDC
SelectObject
CreatePen
GetStockObject
DeleteObject
GetTextFaceW
CreateDCW
GetDeviceCaps
SetBkMode
CreateDIBSection
DeleteDC
SetTextColor
CreateFontW
CreateSolidBrush
advapi32
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ole32
CoCreateGuid
CoInitializeEx
CoGetClassObject
CoUninitialize
oleaut32
SysAllocStringLen
SysStringLen
SafeArrayGetLBound
SysAllocString
SafeArrayGetUBound
SysFreeString
SysStringByteLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SysAllocStringByteLen
SafeArrayUnaccessData
msvcp120
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_current
_Thrd_equal
?_Launch@_Pad@std@@QAEXPAU_Thrd_imp_t@@@Z
??1_Pad@std@@QAE@XZ
?_Release@_Pad@std@@QAEXXZ
??0_Pad@std@@QAE@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?_Make_dir@sys@tr2@std@@YAHPB_W@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Mtx_current_owns
_Cnd_timedwait
_Thrd_join
?_Open_dir@sys@tr2@std@@YAPAXAAY0BAE@_WPB_WAAHAAW4file_type@123@@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
_Cnd_init
?_Throw_C_error@std@@YAXH@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Future_error_map@std@@YAPBDH@Z
?_Stat@sys@tr2@std@@YA?AW4file_type@123@PB_WAAH@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
_Cnd_destroy
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Mtx_destroy
_Mtx_unlock
_Cnd_broadcast
_Cnd_wait
_Mtx_lock
_Mtx_init
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Rename@sys@tr2@std@@YAHPB_W0@Z
?_Close_dir@sys@tr2@std@@YAXPAX@Z
?_Read_dir@sys@tr2@std@@YAPA_WAAY0BAE@_WPAXAAW4file_type@123@@Z
?_Unlink@sys@tr2@std@@YAHPB_W@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
_Xtime_get_ticks
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
ws2_32
ntohs
accept
listen
send
closesocket
__WSAFDIsSet
socket
bind
recv
setsockopt
htons
WSAGetLastError
select
htonl
inet_addr
connect
ioctlsocket
ntohl
dsound
ord8
ord3
ord1
ord6
msvcr120
memset
memcpy
_setjmp3
_libm_sse2_sqrt_precise
_libm_sse2_sin_precise
_libm_sse2_log10_precise
_libm_sse2_cos_precise
_libm_sse2_asin_precise
__CxxFrameHandler3
_CxxThrowException
_CIatan2
_stricmp
_strnicmp
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_vsnprintf_s
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
vsprintf_s
_wcsicmp
_wcsnicmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
free
malloc
_snprintf_s
printf
sprintf_s
??_V@YAXPAX@Z
longjmp
realloc
_beginthreadex
wcstoul
_swprintf
_invalid_parameter_noinfo_noreturn
strchr
strrchr
strtoul
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
??0exception@std@@QAE@ABQBDH@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??1critical_section@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
?set@event@Concurrency@@QAEXXZ
?wait@event@Concurrency@@QAEII@Z
??1event@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
?Free@Concurrency@@YAXPAX@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAAIXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPAX@Z0@Z
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPAV123@PAV_CancellationTokenState@23@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
swprintf_s
rand
_time64
wcschr
strncmp
strstr
wcsstr
tolower
wcstod
wcsncmp
fscanf
fputc
sprintf
feof
fflush
_wfopen
fgets
wcsrchr
fread
ferror
fwrite
ftell
fseek
fclose
getc
_snwprintf_s
?terminate@@YAXXZ
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
_unlock_file
ungetc
fgetpos
_fseeki64
fgetc
fsetpos
setvbuf
_lock_file
memcpy_s
??8type_info@@QBE_NABV0@@Z
_localtime64_s
memchr
atoi
strncpy
isspace
fopen_s
isalpha
isdigit
wcstol
wcsncpy
_vswprintf
_waccess
_snprintf
strtol
wcstoull
?_wopen@@YAHPB_WHH@Z
wprintf
_wcslwr
_read
srand
_write
_close
vswprintf_s
_vswprintf_c_l
_except1
iphlpapi
GetAdaptersInfo
imm32
ImmGetCompositionStringW
ImmGetProperty
ImmGetContext
ImmIsIME
ImmReleaseContext
ImmSetConversionStatus
ImmAssociateContext
ImmGetConversionStatus
ImmSetCompositionWindow
shlwapi
PathFileExistsW
wininet
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
shell32
SHGetFolderPathW
ord165
ShellExecuteExW
ShellExecuteW
Exports
Exports
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEHXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEHXZ
?GetExifInfo@CxImage@@QAEPAUtag_ExifInfo@@XZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPB_W0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEHPBDPAX@Z
?Seek@CxIOFile@@UAE_NHH@Z
?Size@CxIOFile@@UAEHXZ
?Tell@CxIOFile@@UAEHXZ
?Write@CxIOFile@@UAEIPBXII@Z
createVBoxClient
initVbox
uninitVbox
Sections
.text Size: 747KB - Virtual size: 747KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 173KB - Virtual size: 172KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 30KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ