ntkrnlmp.pdb
Static task
static1
1 signatures
General
-
Target
a132646e57c6277e2c1fc1965eb17a02_JaffaCakes118
-
Size
2.1MB
-
MD5
a132646e57c6277e2c1fc1965eb17a02
-
SHA1
7f3c18ef773b9a3ef3b429f0a3994e90ea9c7762
-
SHA256
34f33bcf71a0bdec339ee64ccf95d914053d8c6b05a77e3fbb489e54883a34c8
-
SHA512
c55854eb0a5a49b0d5b57797d6782f101fba44915f14e93a41e9f4c9d770d24c1ca9614a4be4253c6ee69adc0f76e1538679ea890808a3f0672ab2c44334875d
-
SSDEEP
24576:IyxV24tzbQCsOc7tMNiZJvkh8Dx0V9vskdUM/u3aCa6VTviXH4ufWhyuyGUzJ1Jj:HxgNpvQ0dNv1ufEU19tj+BgeA/cnWE2
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a132646e57c6277e2c1fc1965eb17a02_JaffaCakes118
Files
-
a132646e57c6277e2c1fc1965eb17a02_JaffaCakes118.sys windows:5 windows x86 arch:x86
ca0b50edc2ad0eddf86d2589b79a08ea
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
bootvid
VidInitialize
VidDisplayString
VidSetTextColor
VidSolidColorFill
VidBitBlt
VidBufferToScreenBlt
VidScreenToBufferBlt
VidResetDisplay
VidCleanUp
VidSetScrollRegion
hal
KfRaiseIrql
KfLowerIrql
HalInitSystem
HalReportResourceUsage
HalAllProcessorsStarted
HalQueryRealTimeClock
HalAllocateAdapterChannel
KeRaiseIrqlToDpcLevel
KeStallExecutionProcessor
HalTranslateBusAddress
KeQueryPerformanceCounter
HalGetBusDataByOffset
HalSetBusDataByOffset
HalReturnToFirmware
READ_PORT_UCHAR
READ_PORT_USHORT
READ_PORT_ULONG
WRITE_PORT_UCHAR
WRITE_PORT_USHORT
WRITE_PORT_ULONG
HalInitializeProcessor
HalCalibratePerformanceCounter
HalSetRealTimeClock
KeAcquireQueuedSpinLockRaiseToSynch
HalHandleNMI
HalBeginSystemInterrupt
HalEndSystemInterrupt
HalGetInterruptVector
HalSystemVectorDispatchEntry
HalDisableSystemInterrupt
HalEnableSystemInterrupt
KeRaiseIrqlToSynchLevel
KeRaiseIrql
KeLowerIrql
HalClearSoftwareInterrupt
HalRequestIpi
HalStartNextProcessor
KeReleaseSpinLock
KeAcquireSpinLock
ExTryToAcquireFastMutex
KeAcquireSpinLockRaiseToSynch
KeTryToAcquireQueuedSpinLock
KeFlushWriteBuffer
HalReadDmaCounter
IoMapTransfer
IoFreeMapRegisters
IoFreeAdapterChannel
IoFlushAdapterBuffers
HalFreeCommonBuffer
HalAllocateCommonBuffer
HalAllocateCrashDumpRegisters
HalGetAdapter
HalSetTimeIncrement
HalGetEnvironmentVariable
HalSetEnvironmentVariable
KeGetCurrentIrql
HalRequestSoftwareInterrupt
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KeAcquireQueuedSpinLock
KeAcquireInStackQueuedSpinLockRaiseToSynch
KeReleaseQueuedSpinLock
HalStopProfileInterrupt
HalSetProfileInterval
HalStartProfileInterrupt
kdcom
KdSendPacket
KdD0Transition
KdD3Transition
KdReceivePacket
KdDebuggerInitialize0
KdSave
KdDebuggerInitialize1
KdRestore
Exports
Exports
CcCanIWrite
CcCopyRead
CcCopyWrite
CcDeferWrite
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFastReadNotPossible
CcFastReadWait
CcFlushCache
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFlushedValidData
CcGetLsnForFileObject
CcInitializeCacheMap
CcIsThereDirtyData
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcSetAdditionalCacheAttributes
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetLogHandleForFile
CcSetReadAheadGranularity
CcUninitializeCacheMap
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcWaitForCurrentLazyWriterActivity
CcZeroData
CmRegisterCallback
CmUnRegisterCallback
DbgBreakPoint
DbgBreakPointWithStatus
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
ExAcquireFastMutexUnsafe
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExConvertExclusiveToSharedLite
ExCreateCallback
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDesktopObjectType
ExDisableResourceBoostLite
ExEnumHandleTable
ExEventObjectType
ExExtendZone
ExFreePool
ExFreePoolWithTag
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetPreviousMode
ExGetSharedWaiterCount
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddLargeStatistic
ExInterlockedAddUlong
ExInterlockedCompareExchange64
ExInterlockedDecrementLong
ExInterlockedExchangeUlong
ExInterlockedExtendZone
ExInterlockedFlushSList
ExInterlockedIncrementLong
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPopEntrySList
ExInterlockedPushEntryList
ExInterlockedPushEntrySList
ExInterlockedRemoveHeadList
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
ExNotifyCallback
ExQueryPoolBlockSize
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExReInitializeRundownProtection
ExRegisterCallback
ExReinitializeResourceLite
ExReleaseFastMutexUnsafe
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionEx
ExRundownCompleted
ExSemaphoreObjectType
ExSetResourceOwnerPointer
ExSetTimerResolution
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExUnregisterCallback
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfInterlockedAddUlong
ExfInterlockedCompareExchange64
ExfInterlockedInsertHeadList
ExfInterlockedInsertTailList
ExfInterlockedPopEntryList
ExfInterlockedPushEntryList
ExfInterlockedRemoveHeadList
ExfReleasePushLock
Exfi386InterlockedDecrementLong
Exfi386InterlockedExchangeUlong
Exfi386InterlockedIncrementLong
Exi386InterlockedDecrementLong
Exi386InterlockedExchangeUlong
Exi386InterlockedIncrementLong
FsRtlAcquireFileExclusive
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlBalanceReads
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindInTunnelCache
FsRtlFreeFileLock
FsRtlGetFileSize
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertPerFileObjectContext
FsRtlInsertPerStreamContext
FsRtlIsDbcsInExpression
FsRtlIsFatDbcsLegal
FsRtlIsHpfsDbcsLegal
FsRtlIsNameInExpression
FsRtlIsNtstatusExpected
FsRtlIsPagingFile
FsRtlIsTotalDeviceFailure
FsRtlLegalAnsiCharacterArray
FsRtlLookupLargeMcbEntry
FsRtlLookupLastLargeMcbEntry
FsRtlLookupLastLargeMcbEntryAndIndex
FsRtlLookupLastMcbEntry
FsRtlLookupMcbEntry
FsRtlLookupPerFileObjectContext
FsRtlLookupPerStreamContextInternal
FsRtlMdlRead
FsRtlMdlReadComplete
FsRtlMdlReadCompleteDev
FsRtlMdlReadDev
FsRtlMdlWriteComplete
FsRtlMdlWriteCompleteDev
FsRtlNormalizeNtstatus
FsRtlNotifyChangeDirectory
FsRtlNotifyCleanup
FsRtlNotifyFilterChangeDirectory
FsRtlNotifyFilterReportChange
FsRtlNotifyFullChangeDirectory
FsRtlNotifyFullReportChange
FsRtlNotifyInitializeSync
FsRtlNotifyReportChange
FsRtlNotifyUninitializeSync
FsRtlNotifyVolumeEvent
FsRtlNumberOfRunsInLargeMcb
FsRtlNumberOfRunsInMcb
FsRtlOplockFsctrl
FsRtlOplockIsFastIoPossible
FsRtlPostPagingFileStackOverflow
FsRtlPostStackOverflow
FsRtlPrepareMdlWrite
FsRtlPrepareMdlWriteDev
FsRtlPrivateLock
FsRtlProcessFileLock
FsRtlRegisterFileSystemFilterCallbacks
FsRtlRegisterUncProvider
FsRtlReleaseFile
FsRtlRemoveLargeMcbEntry
FsRtlRemoveMcbEntry
FsRtlRemovePerFileObjectContext
FsRtlRemovePerStreamContext
FsRtlResetLargeMcb
FsRtlSplitLargeMcb
FsRtlSyncVolumes
FsRtlTeardownPerStreamContexts
FsRtlTruncateLargeMcb
FsRtlTruncateMcb
FsRtlUninitializeFileLock
FsRtlUninitializeLargeMcb
FsRtlUninitializeMcb
FsRtlUninitializeOplock
HalDispatchTable
HalExamineMBR
HalPrivateDispatchTable
HeadlessDispatch
InbvAcquireDisplayOwnership
InbvCheckDisplayOwnership
InbvDisplayString
InbvEnableBootDriver
InbvEnableDisplayString
InbvInstallDisplayStringFilter
InbvIsBootDriverInstalled
InbvNotifyDisplayOwnershipLost
InbvResetDisplay
InbvSetScrollRegion
InbvSetTextColor
InbvSolidColorFill
InitSafeBootMode
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
InterlockedPopEntrySList
InterlockedPushEntrySList
IoAcquireCancelSpinLock
IoAcquireRemoveLockEx
IoAcquireVpbSpinLock
IoAdapterObjectType
IoAllocateAdapterChannel
IoAllocateController
IoAllocateDriverObjectExtension
IoAllocateErrorLogEntry
IoAllocateIrp
IoAllocateMdl
IoAllocateWorkItem
IoAssignDriveLetters
IoAssignResources
IoAttachDevice
IoAttachDeviceByPointer
IoAttachDeviceToDeviceStack
IoAttachDeviceToDeviceStackSafe
IoBuildAsynchronousFsdRequest
IoBuildDeviceIoControlRequest
IoBuildPartialMdl
IoBuildSynchronousFsdRequest
IoCallDriver
IoCancelFileOpen
IoCancelIrp
IoCheckDesiredAccess
IoCheckEaBufferValidity
IoCheckFunctionAccess
IoCheckQuerySetFileInformation
IoCheckQuerySetVolumeInformation
IoCheckQuotaBufferValidity
IoCheckShareAccess
IoCompleteRequest
IoConnectInterrupt
IoCreateController
IoCreateDevice
IoCreateDisk
IoCreateDriver
IoCreateFile
IoCreateFileSpecifyDeviceObjectHint
IoCreateNotificationEvent
IoCreateStreamFileObject
IoCreateStreamFileObjectEx
IoCreateStreamFileObjectLite
IoCreateSymbolicLink
IoCreateSynchronizationEvent
IoCreateUnprotectedSymbolicLink
IoCsqInitialize
IoCsqInsertIrp
IoCsqRemoveIrp
IoCsqRemoveNextIrp
IoDeleteController
IoDeleteDevice
IoDeleteDriver
IoDeleteSymbolicLink
IoDetachDevice
IoDeviceHandlerObjectSize
IoDeviceHandlerObjectType
IoDeviceObjectType
IoDisconnectInterrupt
IoDriverObjectType
IoEnqueueIrp
IoEnumerateDeviceObjectList
IoEnumerateRegisteredFiltersList
IoFastQueryNetworkAttributes
IoFileObjectType
IoForwardAndCatchIrp
IoForwardIrpSynchronously
IoFreeController
IoFreeErrorLogEntry
IoFreeIrp
IoFreeMdl
IoFreeWorkItem
IoGetAttachedDevice
IoGetAttachedDeviceReference
IoGetBaseFileSystemDeviceObject
IoGetBootDiskInformation
IoGetConfigurationInformation
IoGetCurrentProcess
IoGetDeviceAttachmentBaseRef
IoGetDeviceInterfaceAlias
IoGetDeviceInterfaces
IoGetDeviceObjectPointer
IoGetDeviceProperty
IoGetDeviceToVerify
IoGetDiskDeviceObject
IoGetDmaAdapter
IoGetDriverObjectExtension
IoGetFileObjectGenericMapping
IoGetInitialStack
IoGetLowerDeviceObject
IoGetRelatedDeviceObject
IoGetRequestorProcess
IoGetRequestorProcessId
IoGetRequestorSessionId
IoGetStackLimits
IoGetTopLevelIrp
IoInitializeCrashDump
IoInitializeIrp
IoInitializeRemoveLockEx
IoInitializeTimer
IoInvalidateDeviceRelations
IoInvalidateDeviceState
IoIsFileOriginRemote
IoIsOperationSynchronous
IoIsSystemThread
IoIsValidNameGraftingBuffer
IoIsWdmVersionAvailable
IoMakeAssociatedIrp
IoOpenDeviceInterfaceRegistryKey
IoOpenDeviceRegistryKey
IoPageRead
IoPnPDeliverServicePowerNotification
IoQueryDeviceDescription
IoQueryFileDosDeviceName
IoQueryFileInformation
IoQueryVolumeInformation
IoQueueThreadIrp
IoQueueWorkItem
IoRaiseHardError
IoRaiseInformationalHardError
IoReadDiskSignature
IoReadOperationCount
IoReadPartitionTable
IoReadPartitionTableEx
IoReadTransferCount
IoRegisterBootDriverReinitialization
IoRegisterDeviceInterface
IoRegisterDriverReinitialization
IoRegisterFileSystem
IoRegisterFsRegistrationChange
IoRegisterLastChanceShutdownNotification
IoRegisterPlugPlayNotification
IoRegisterShutdownNotification
IoReleaseCancelSpinLock
IoReleaseRemoveLockAndWaitEx
IoReleaseRemoveLockEx
IoReleaseVpbSpinLock
IoRemoveShareAccess
IoReportDetectedDevice
IoReportHalResourceUsage
IoReportResourceForDetection
IoReportResourceUsage
IoReportTargetDeviceChange
IoReportTargetDeviceChangeAsynchronous
IoRequestDeviceEject
IoReuseIrp
IoSetCompletionRoutineEx
IoSetDeviceInterfaceState
IoSetDeviceToVerify
IoSetFileOrigin
IoSetHardErrorOrVerifyDevice
IoSetInformation
IoSetIoCompletion
IoSetPartitionInformation
IoSetPartitionInformationEx
IoSetShareAccess
IoSetStartIoAttributes
IoSetSystemPartition
IoSetThreadHardErrorMode
IoSetTopLevelIrp
IoStartNextPacket
IoStartNextPacketByKey
IoStartPacket
IoStartTimer
IoStatisticsLock
IoStopTimer
IoSynchronousInvalidateDeviceRelations
IoSynchronousPageWrite
IoThreadToProcess
IoUnregisterFileSystem
IoUnregisterFsRegistrationChange
IoUnregisterPlugPlayNotification
IoUnregisterShutdownNotification
IoUpdateShareAccess
IoValidateDeviceIoControlAccess
IoVerifyPartitionTable
IoVerifyVolume
IoVolumeDeviceToDosName
IoWMIAllocateInstanceIds
IoWMIDeviceObjectToInstanceName
IoWMIExecuteMethod
IoWMIHandleToInstanceName
IoWMIOpenBlock
IoWMIQueryAllData
IoWMIQueryAllDataMultiple
IoWMIQuerySingleInstance
IoWMIQuerySingleInstanceMultiple
IoWMIRegistrationControl
IoWMISetNotificationCallback
IoWMISetSingleInstance
IoWMISetSingleItem
IoWMISuggestInstanceName
IoWMIWriteEvent
IoWriteErrorLogEntry
IoWriteOperationCount
IoWritePartitionTable
IoWritePartitionTableEx
IoWriteTransferCount
IofCallDriver
IofCompleteRequest
KdDebuggerEnabled
KdDebuggerNotPresent
KdDisableDebugger
KdEnableDebugger
KdEnteredDebugger
KdPollBreakIn
KdPowerTransition
Ke386CallBios
Ke386IoSetAccessProcess
Ke386QueryIoAccessMap
Ke386SetIoAccessMap
KeAcquireInStackQueuedSpinLockAtDpcLevel
KeAcquireInterruptSpinLock
KeAcquireSpinLockAtDpcLevel
KeAddSystemServiceTable
KeAreApcsDisabled
Sections
.text Size: 471KB - Virtual size: 470KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
POOLMI Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
MISYSPTE Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
POOLCODE Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 996KB - Virtual size: 995KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGELK Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEVRFY Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEWMI Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEKD Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGESPEC Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGEHDLS Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.edata Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGEDATA Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEKD Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGECONS Size: 512B - Virtual size: 396B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGEVRFC Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGEVRFD Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 187KB - Virtual size: 186KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 63KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.PPOOLMI Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE