Static task
static1
Behavioral task
behavioral1
Sample
be862b705136d33dd183016573de97a3_JaffaCakes118.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
be862b705136d33dd183016573de97a3_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
be862b705136d33dd183016573de97a3_JaffaCakes118
-
Size
18.9MB
-
MD5
be862b705136d33dd183016573de97a3
-
SHA1
635278c863475788b193d68380ad9ca4727bd75d
-
SHA256
4cca89b026993f102a3c36ff2922c3073f349ac2c5f6c756141ae0dceb9ccdeb
-
SHA512
f60d68464c999fcc8eafd2a15e8eda607eab31fc755596f3ae49e9467a9a279880d0ee16d9640c7653e31d55152a6df548f0e43bf38c5a76b079d69f62523ef5
-
SSDEEP
98304:AoFPbvUirCw5ZHHNOMThDLgDcZRKsrCY:AoFPbvUir35dZThDLgDQKsrCY
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource be862b705136d33dd183016573de97a3_JaffaCakes118
Files
-
be862b705136d33dd183016573de97a3_JaffaCakes118.exe windows:4 windows x86 arch:x86
f4a26189453f895ec9caea22883fce14
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
dnsapi
DnsQuery_A
DnsRecordListFree
winmm
PlaySoundA
mfc71
ord656
ord605
ord354
ord587
ord1883
ord6236
ord5807
ord2657
ord4580
ord4100
ord2094
ord3244
ord1955
ord6144
ord1283
ord1425
ord630
ord781
ord3088
ord2021
ord385
ord2958
ord658
ord709
ord501
ord5866
ord5873
ord3879
ord911
ord4768
ord620
ord1063
ord2321
ord6237
ord1647
ord1589
ord3315
ord1654
ord1598
ord2987
ord3328
ord651
ord754
ord416
ord739
ord3883
ord6182
ord2884
ord907
ord2496
ord5751
ord2370
ord1564
ord3991
ord3799
ord1489
ord299
ord2933
ord6118
ord2168
ord1554
ord3195
ord4104
ord3875
ord2176
ord1308
ord3605
ord1643
ord1581
ord3292
ord715
ord742
ord553
ord5929
ord3908
ord2874
ord5859
ord5613
ord4125
ord5497
ord5927
ord1262
ord3684
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord3651
ord6255
ord2873
ord2468
ord1009
ord563
ord6120
ord3163
ord3287
ord3302
ord602
ord1966
ord5523
ord4001
ord4123
ord5641
ord502
ord326
ord5639
ord5588
ord1279
ord347
ord2306
ord1181
ord2259
ord2794
ord4109
ord2271
ord667
ord584
ord1434
ord317
ord433
ord3108
ord2654
ord6304
ord1970
ord2907
ord432
ord4081
ord2451
ord2095
ord1591
ord4240
ord3317
ord741
ord3161
ord6035
ord3401
ord1968
ord5731
ord5637
ord4118
ord4115
ord1728
ord5640
ord2368
ord3989
ord4749
ord4761
ord4394
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1614
ord1191
ord1187
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord757
ord566
ord764
ord3397
ord578
ord1123
ord2322
ord310
ord1084
ord2020
ord1122
ord2141
ord1054
ord1024
ord2248
ord6090
ord2164
ord297
ord2469
ord3934
ord784
ord265
ord1207
ord304
ord762
ord3596
ord591
ord3182
ord5203
ord3227
ord1568
ord1639
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord3164
ord4232
ord1545
ord2086
ord3641
ord1280
ord1916
ord1934
ord3210
ord3204
ord4353
ord5833
ord6065
ord1903
ord1794
ord4262
ord1401
ord5912
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord3441
ord1249
ord1091
ord6067
ord3761
ord6168
ord2292
ord3850
ord3997
ord2902
ord1248
ord6138
ord1482
ord1247
ord1486
ord4085
ord2272
ord5491
ord2372
ord2160
ord2866
ord4035
ord876
ord3230
ord1599
ord4238
ord1571
ord1641
ord2092
ord266
ord760
ord572
ord4486
ord2991
ord2862
ord5200
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
msvcr71
_wfopen
fseek
ftell
fclose
wcscat
mbstowcs
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strlen
memcpy
_mbsrchr
strcpy
time
srand
rand
memset
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
atoi
sscanf
_itoa
strcat
toupper
isdigit
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
tolower
_ismbcdigit
strstr
wcslen
labs
strcmp
_fmode
fopen
fwrite
fread
memmove
memcmp
memchr
getenv
sprintf
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_controlfp
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_except_handler3
malloc
__CxxFrameHandler
free
_wcsnicmp
_stat
_strcmpi
_setmbcp
__set_app_type
__security_error_handler
?terminate@@YAXXZ
kernel32
GetCurrentProcessId
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetSystemDirectoryA
ReleaseSemaphore
CreateSemaphoreA
OpenSemaphoreA
OpenEventA
GetShortPathNameA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
HeapFree
GetProcessHeap
HeapAlloc
GetVolumeInformationA
ReadProcessMemory
FindResourceA
LoadResource
LockResource
CopyFileA
MoveFileExA
SetThreadPriority
SetFileAttributesA
DeleteFileA
ResetEvent
GetCurrentThreadId
ReadDirectoryChangesW
GetFullPathNameA
WaitForMultipleObjects
CreateEventA
SetEvent
TerminateThread
CreateThread
GetTickCount
lstrcmpA
GetLogicalDriveStringsA
GetDriveTypeA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetFileTime
SetFileTime
lstrcpyA
GetExitCodeProcess
WriteFile
CreateFileA
GetFileSize
ReadFile
FormatMessageA
LocalFree
GetTempPathA
GetTempFileNameA
VirtualQuery
GetSystemTime
FindFirstFileA
FindNextFileA
FindClose
CreateToolhelp32Snapshot
Thread32First
OpenThread
ResumeThread
SuspendThread
Thread32Next
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpynA
OutputDebugStringA
GetProcAddress
FreeLibrary
ReleaseMutex
GetWindowsDirectoryA
lstrcatA
CreateProcessA
ExitProcess
GetCommandLineA
CreateMutexA
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetModuleHandleA
GetModuleFileNameA
OpenProcess
OpenMutexA
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
LoadLibraryA
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
IsDebuggerPresent
Sleep
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
InterlockedExchange
user32
FindWindowExA
AttachThreadInput
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowEnabled
EnumChildWindows
GetDlgCtrlID
LoadImageA
SetWindowRgn
MoveWindow
ReleaseDC
OffsetRect
CopyRect
GetSysColor
ShowWindow
SetWindowPos
AnimateWindow
MonitorFromRect
GetMonitorInfoA
wsprintfW
GetKeyState
SetCursor
ClientToScreen
PostQuitMessage
GetCursorPos
GetDC
MessageBoxA
GetTopWindow
UpdateWindow
ModifyMenuA
DestroyMenu
IsIconic
DrawIcon
CreatePopupMenu
AppendMenuA
GetParent
DrawTextA
RedrawWindow
GetFocus
GetWindowRect
GetWindowLongA
SetWindowLongA
SetLayeredWindowAttributes
SetFocus
FillRect
InvalidateRect
GetSystemMetrics
KillTimer
SetTimer
GetPropA
DefWindowProcA
DestroyIcon
RemovePropA
DestroyWindow
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
SetPropA
SystemParametersInfoA
SetForegroundWindow
GetClientRect
GetMessagePos
ScreenToClient
SendMessageA
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
EnumWindows
EnableWindow
PostMessageA
PtInRect
CharLowerA
TrackPopupMenu
FindWindowA
wsprintfA
WaitForInputIdle
LoadMenuA
GetSubMenu
gdi32
DPtoLP
GetMapMode
SetMapMode
CreateBitmap
DeleteDC
ExtCreateRegion
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetViewportOrgEx
SetViewportOrgEx
BitBlt
CreateRectRgnIndirect
DeleteObject
GetDeviceCaps
CreateFontIndirectA
SelectObject
SetTextColor
SetBkMode
SetBkColor
TextOutA
GetPixel
CreateSolidBrush
GetStockObject
msimg32
TransparentBlt
advapi32
RegSetValueExW
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegSetValueA
RegCreateKeyA
InitiateSystemShutdownA
RegOpenKeyExW
RegCreateKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
AddAccessAllowedAce
OpenSCManagerA
OpenServiceA
ControlService
ChangeServiceConfigA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetNamedSecurityInfoA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegCreateKeyExA
shell32
ShellExecuteExA
SHGetSpecialFolderPathA
Shell_NotifyIconA
ShellExecuteA
SHAppBarMessage
comctl32
ImageList_Create
_TrackMouseEvent
ImageList_ReplaceIcon
shlwapi
SHRegGetUSValueW
PathIsDirectoryA
StrStrIA
SHDeleteValueA
ole32
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoInitializeEx
CoInitialize
CoUninitialize
oleaut32
VariantClear
VariantInit
SysAllocString
SysFreeString
msvcp71
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?width@ios_base@std@@QBEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@V312@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?rdbuf@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPAV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?eof@ios_base@std@@QBE_NXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1locale@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@H@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
hjengine
hj_load
hj_scanfile
hj_cvdverify
hj_cvdfree
hj_cvdhead
hj_build
hj_free
crypt32
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertFindCertificateInStore
cryptui
CryptUIDlgViewCertificateA
psapi
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
wininet
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
ws2_32
WSAStartup
gethostname
gethostbyname
WSACleanup
htonl
ntohs
ntohl
htons
inet_addr
inet_ntoa
Sections
.text Size: 236KB - Virtual size: 235KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 116KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 3B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18.6MB - Virtual size: 18.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ