ntoskrnl.pdb
Static task
static1
1 signatures
General
-
Target
96d1c81937007d437049cc174c6428e8_JaffaCakes118
-
Size
2.2MB
-
MD5
96d1c81937007d437049cc174c6428e8
-
SHA1
a7da810ce166e23824a971e33351ede0206ec478
-
SHA256
7487137bf8ff8ae185763f9bca471ff024cfb346002e0df2eb2760af5df8e8da
-
SHA512
2151eb703ab845cbba277f6a036411675fe52e225ef472f97008dd9def05de0aa445bb7e4fb0d30768b223583b72d974ee2a0371acdf9d9f9608419e410cfbdf
-
SSDEEP
49152:dEf2hvZPzN/xw6n1wRjJm6K4MCcUxifW:Wf2xZPzNsG40
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 96d1c81937007d437049cc174c6428e8_JaffaCakes118
Files
-
96d1c81937007d437049cc174c6428e8_JaffaCakes118.sys windows:5 windows x86 arch:x86
98af8eb0c52baa904d13933f5dd1ad3e
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
hal
HalReportResourceUsage
HalAllProcessorsStarted
HalQueryRealTimeClock
HalAllocateAdapterChannel
KeStallExecutionProcessor
HalTranslateBusAddress
KfReleaseSpinLock
KfAcquireSpinLock
HalGetBusDataByOffset
HalSetBusDataByOffset
KeQueryPerformanceCounter
HalReturnToFirmware
READ_PORT_UCHAR
READ_PORT_USHORT
READ_PORT_ULONG
WRITE_PORT_UCHAR
WRITE_PORT_USHORT
WRITE_PORT_ULONG
HalInitializeProcessor
HalCalibratePerformanceCounter
HalSetRealTimeClock
HalHandleNMI
HalBeginSystemInterrupt
HalEndSystemInterrupt
KeRaiseIrqlToSynchLevel
KeAcquireInStackQueuedSpinLockRaiseToSynch
HalInitSystem
HalDisableSystemInterrupt
HalEnableSystemInterrupt
KeRaiseIrql
KeLowerIrql
HalClearSoftwareInterrupt
KeReleaseSpinLock
KeAcquireSpinLock
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
KeFlushWriteBuffer
HalProcessorIdle
HalReadDmaCounter
IoMapTransfer
IoFreeMapRegisters
IoFreeAdapterChannel
IoFlushAdapterBuffers
HalFreeCommonBuffer
HalAllocateCommonBuffer
HalAllocateCrashDumpRegisters
HalGetAdapter
HalSetTimeIncrement
HalGetEnvironmentVariable
HalSetEnvironmentVariable
KfRaiseIrql
HalGetInterruptVector
KeGetCurrentIrql
HalRequestSoftwareInterrupt
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel
HalSystemVectorDispatchEntry
KfLowerIrql
HalStartProfileInterrupt
HalSetProfileInterval
HalStopProfileInterrupt
bootvid
VidInitialize
VidDisplayString
VidSetTextColor
VidSolidColorFill
VidBitBlt
VidBufferToScreenBlt
VidScreenToBufferBlt
VidResetDisplay
VidCleanUp
VidSetScrollRegion
kdcom
KdD0Transition
KdD3Transition
KdRestore
KdReceivePacket
KdDebuggerInitialize0
KdSave
KdDebuggerInitialize1
KdSendPacket
Exports
Exports
CcCanIWrite
CcCopyRead
CcCopyWrite
CcDeferWrite
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFastReadNotPossible
CcFastReadWait
CcFlushCache
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFlushedValidData
CcGetLsnForFileObject
CcInitializeCacheMap
CcIsThereDirtyData
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcSetAdditionalCacheAttributes
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetLogHandleForFile
CcSetReadAheadGranularity
CcUninitializeCacheMap
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcWaitForCurrentLazyWriterActivity
CcZeroData
CmRegisterCallback
CmUnRegisterCallback
DbgBreakPoint
DbgBreakPointWithStatus
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
ExAcquireFastMutexUnsafe
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExConvertExclusiveToSharedLite
ExCreateCallback
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDesktopObjectType
ExDisableResourceBoostLite
ExEnumHandleTable
ExEventObjectType
ExExtendZone
ExFreePool
ExFreePoolWithTag
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetPreviousMode
ExGetSharedWaiterCount
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddLargeStatistic
ExInterlockedAddUlong
ExInterlockedCompareExchange64
ExInterlockedDecrementLong
ExInterlockedExchangeUlong
ExInterlockedExtendZone
ExInterlockedFlushSList
ExInterlockedIncrementLong
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPopEntrySList
ExInterlockedPushEntryList
ExInterlockedPushEntrySList
ExInterlockedRemoveHeadList
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
ExNotifyCallback
ExQueryPoolBlockSize
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExReInitializeRundownProtection
ExRegisterCallback
ExReinitializeResourceLite
ExReleaseFastMutexUnsafe
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionEx
ExRundownCompleted
ExSemaphoreObjectType
ExSetResourceOwnerPointer
ExSetTimerResolution
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExUnregisterCallback
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfInterlockedAddUlong
ExfInterlockedCompareExchange64
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExfInterlockedPopEntryList
ExfInterlockedPushEntryList
ExfInterlockedRemoveHeadList
ExfReleasePushLock
Exfi386InterlockedDecrementLong
Exfi386InterlockedExchangeUlong
Exfi386InterlockedIncrementLong
Exi386InterlockedDecrementLong
Exi386InterlockedExchangeUlong
Exi386InterlockedIncrementLong
FsRtlAcquireFileExclusive
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlBalanceReads
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCurrentBatchOplock
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindInTunnelCache
FsRtlFreeFileLock
FsRtlGetFileSize
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertPerFileObjectContext
FsRtlInsertPerStreamContext
FsRtlIsDbcsInExpression
FsRtlIsFatDbcsLegal
FsRtlIsHpfsDbcsLegal
FsRtlIsNameInExpression
FsRtlIsNtstatusExpected
FsRtlIsPagingFile
FsRtlIsTotalDeviceFailure
FsRtlLegalAnsiCharacterArray
FsRtlLookupLargeMcbEntry
FsRtlLookupLastLargeMcbEntry
FsRtlLookupLastLargeMcbEntryAndIndex
FsRtlLookupLastMcbEntry
FsRtlLookupMcbEntry
FsRtlLookupPerFileObjectContext
FsRtlLookupPerStreamContextInternal
FsRtlMdlRead
FsRtlMdlReadComplete
FsRtlMdlReadCompleteDev
FsRtlMdlReadDev
FsRtlMdlWriteComplete
FsRtlMdlWriteCompleteDev
FsRtlNormalizeNtstatus
FsRtlNotifyChangeDirectory
FsRtlNotifyCleanup
FsRtlNotifyFilterChangeDirectory
FsRtlNotifyFilterReportChange
FsRtlNotifyFullChangeDirectory
FsRtlNotifyFullReportChange
FsRtlNotifyInitializeSync
FsRtlNotifyReportChange
FsRtlNotifyUninitializeSync
FsRtlNotifyVolumeEvent
FsRtlNumberOfRunsInLargeMcb
FsRtlNumberOfRunsInMcb
FsRtlOplockFsctrl
FsRtlOplockIsFastIoPossible
FsRtlPostPagingFileStackOverflow
FsRtlPostStackOverflow
FsRtlPrepareMdlWrite
FsRtlPrepareMdlWriteDev
FsRtlPrivateLock
FsRtlProcessFileLock
FsRtlRegisterFileSystemFilterCallbacks
FsRtlRegisterUncProvider
FsRtlReleaseFile
FsRtlRemoveLargeMcbEntry
FsRtlRemoveMcbEntry
FsRtlRemovePerFileObjectContext
FsRtlRemovePerStreamContext
FsRtlResetLargeMcb
FsRtlSplitLargeMcb
FsRtlSyncVolumes
FsRtlTeardownPerStreamContexts
FsRtlTruncateLargeMcb
FsRtlTruncateMcb
FsRtlUninitializeFileLock
FsRtlUninitializeLargeMcb
FsRtlUninitializeMcb
FsRtlUninitializeOplock
HalDispatchTable
HalExamineMBR
HalPrivateDispatchTable
HeadlessDispatch
InbvAcquireDisplayOwnership
InbvCheckDisplayOwnership
InbvDisplayString
InbvEnableBootDriver
InbvEnableDisplayString
InbvInstallDisplayStringFilter
InbvIsBootDriverInstalled
InbvNotifyDisplayOwnershipLost
InbvResetDisplay
InbvSetScrollRegion
InbvSetTextColor
InbvSolidColorFill
InitSafeBootMode
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
InterlockedPopEntrySList
InterlockedPushEntrySList
IoAcquireCancelSpinLock
IoAcquireRemoveLockEx
IoAcquireVpbSpinLock
IoAdapterObjectType
IoAllocateAdapterChannel
IoAllocateController
IoAllocateDriverObjectExtension
IoAllocateErrorLogEntry
IoAllocateIrp
IoAllocateMdl
IoAllocateWorkItem
IoAssignDriveLetters
IoAssignResources
IoAttachDevice
IoAttachDeviceByPointer
IoAttachDeviceToDeviceStack
IoAttachDeviceToDeviceStackSafe
IoBuildAsynchronousFsdRequest
IoBuildDeviceIoControlRequest
IoBuildPartialMdl
IoBuildSynchronousFsdRequest
IoCallDriver
IoCancelFileOpen
IoCancelIrp
IoCheckDesiredAccess
IoCheckEaBufferValidity
IoCheckFunctionAccess
IoCheckQuerySetFileInformation
IoCheckQuerySetVolumeInformation
IoCheckQuotaBufferValidity
IoCheckShareAccess
IoCompleteRequest
IoConnectInterrupt
IoCreateController
IoCreateDevice
IoCreateDisk
IoCreateDriver
IoCreateFile
IoCreateFileSpecifyDeviceObjectHint
IoCreateNotificationEvent
IoCreateStreamFileObject
IoCreateStreamFileObjectEx
IoCreateStreamFileObjectLite
IoCreateSymbolicLink
IoCreateSynchronizationEvent
IoCreateUnprotectedSymbolicLink
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveIrp
IoCsqRemoveNextIrp
IoDeleteController
IoDeleteDevice
IoDeleteDriver
IoDeleteSymbolicLink
IoDetachDevice
IoDeviceHandlerObjectSize
IoDeviceHandlerObjectType
IoDeviceObjectType
IoDisconnectInterrupt
IoDriverObjectType
IoEnqueueIrp
IoEnumerateDeviceObjectList
IoFastQueryNetworkAttributes
IoFileObjectType
IoForwardAndCatchIrp
IoForwardIrpSynchronously
IoFreeController
IoFreeErrorLogEntry
IoFreeIrp
IoFreeMdl
IoFreeWorkItem
IoGetAttachedDevice
IoGetAttachedDeviceReference
IoGetBaseFileSystemDeviceObject
IoGetBootDiskInformation
IoGetConfigurationInformation
IoGetCurrentProcess
IoGetDeviceAttachmentBaseRef
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoGetDeviceObjectPointer
IoGetDeviceProperty
IoGetDeviceToVerify
IoGetDiskDeviceObject
IoGetDmaAdapter
IoGetDriverObjectExtension
IoGetFileObjectGenericMapping
IoGetInitialStack
IoGetLowerDeviceObject
IoGetRelatedDeviceObject
IoGetRequestorProcess
IoGetRequestorProcessId
IoGetRequestorSessionId
IoGetStackLimits
IoGetTopLevelIrp
IoInitializeIrp
IoInitializeRemoveLockEx
IoInitializeTimer
IoInvalidateDeviceRelations
IoInvalidateDeviceState
IoIsFileOriginRemote
IoIsOperationSynchronous
IoIsSystemThread
IoIsValidNameGraftingBuffer
IoIsWdmVersionAvailable
IoMakeAssociatedIrp
IoOpenDeviceInterfaceRegistryKey
IoOpenDeviceRegistryKey
IoPageRead
IoPnPDeliverServicePowerNotification
IoQueryDeviceDescription
IoQueryFileDosDeviceName
IoQueryFileInformation
IoQueryVolumeInformation
IoQueueThreadIrp
IoQueueWorkItem
IoRaiseHardError
IoRaiseInformationalHardError
IoReadDiskSignature
IoReadOperationCount
IoReadPartitionTable
IoReadPartitionTableEx
IoReadTransferCount
IoRegisterBootDriverReinitialization
IoRegisterDeviceInterface
IoRegisterDriverReinitialization
IoRegisterFileSystem
IoRegisterFsRegistrationChange
IoRegisterLastChanceShutdownNotification
IoRegisterPlugPlayNotification
IoRegisterShutdownNotification
IoReleaseCancelSpinLock
IoReleaseRemoveLockAndWaitEx
IoReleaseRemoveLockEx
IoReleaseVpbSpinLock
IoRemoveShareAccess
IoReportDetectedDevice
IoReportHalResourceUsage
IoReportResourceForDetection
IoReportResourceUsage
IoReportTargetDeviceChange
IoReportTargetDeviceChangeAsynchronous
IoRequestDeviceEject
IoReuseIrp
IoSetCompletionRoutineEx
IoSetDeviceInterfaceState
IoSetDeviceToVerify
IoSetFileOrigin
IoSetHardErrorOrVerifyDevice
IoSetInformation
IoSetIoCompletion
IoSetPartitionInformation
IoSetPartitionInformationEx
IoSetShareAccess
IoSetStartIoAttributes
IoSetSystemPartition
IoSetThreadHardErrorMode
IoSetTopLevelIrp
IoStartNextPacket
IoStartNextPacketByKey
IoStartPacket
IoStartTimer
IoStatisticsLock
IoStopTimer
IoSynchronousInvalidateDeviceRelations
IoSynchronousPageWrite
IoThreadToProcess
IoUnregisterFileSystem
IoUnregisterFsRegistrationChange
IoUnregisterPlugPlayNotification
IoUnregisterShutdownNotification
IoUpdateShareAccess
IoValidateDeviceIoControlAccess
IoVerifyPartitionTable
IoVerifyVolume
IoVolumeDeviceToDosName
IoWMIAllocateInstanceIds
IoWMIDeviceObjectToInstanceName
IoWMIExecuteMethod
IoWMIHandleToInstanceName
IoWMIOpenBlock
IoWMIQueryAllData
IoWMIQueryAllDataMultiple
IoWMIQuerySingleInstance
IoWMIQuerySingleInstanceMultiple
IoWMIRegistrationControl
IoWMISetNotificationCallback
IoWMISetSingleInstance
IoWMISetSingleItem
IoWMISuggestInstanceName
IoWMIWriteEvent
IoWriteErrorLogEntry
IoWriteOperationCount
IoWritePartitionTable
IoWritePartitionTableEx
IoWriteTransferCount
IofCallDriver
IofCompleteRequest
KdDebuggerEnabled
KdDebuggerNotPresent
KdDisableDebugger
KdEnableDebugger
KdEnteredDebugger
KdPollBreakIn
KdPowerTransition
Ke386CallBios
Ke386IoSetAccessProcess
Ke386QueryIoAccessMap
Ke386SetIoAccessMap
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeAcquireInterruptSpinLock
KeAcquireSpinLockAtDpcLevel
KeAddSystemServiceTable
KeAreApcsDisabled
KeAttachProcess
KeBugCheck
KeBugCheckEx
Sections
.text Size: 455KB - Virtual size: 455KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
POOLMI Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
MISYSPTE Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
POOLCODE Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 995KB - Virtual size: 995KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEVRFY Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEKD Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESPEC Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHDLS Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGEDATA Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEKD Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGECONS Size: 512B - Virtual size: 396B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEVRFC Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGEVRFD Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 181KB - Virtual size: 181KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Size: 97KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE