d:\LocalSvnForDailyBuild\yoga_turkey\bin\Release\WuShuangHO.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c827091b4cab316c4d823b867ae35ea5_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
c827091b4cab316c4d823b867ae35ea5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c827091b4cab316c4d823b867ae35ea5_JaffaCakes118
-
Size
1.2MB
-
MD5
c827091b4cab316c4d823b867ae35ea5
-
SHA1
54637d3f3875bf5ae9a433174de7d346eb428b91
-
SHA256
47d6f6d12c9e2389135d43bae9f18f2520fa8256b347f2556566aaa543e04458
-
SHA512
ebd516c37e56d3bd82a248e19195036e2f06768deef02ab422610b6faf1605fa0e516c19464b0f05288b313e9a230869bece5e9b829fd561f07a4444d41f40b8
-
SSDEEP
24576:LgeyvlDNn38LUIgL18pIEVzdHLd4/iNlOCX:0bvX8LGh8SEVzI/Mt
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c827091b4cab316c4d823b867ae35ea5_JaffaCakes118
Files
-
c827091b4cab316c4d823b867ae35ea5_JaffaCakes118.exe windows:4 windows x86 arch:x86
ffefcc260a453a0980fb6ecebf36111b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
GetFileAttributesA
GetFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
ExitProcess
ExitThread
HeapSize
SetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetConsoleCP
GetConsoleMode
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
InterlockedCompareExchange
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
InterlockedDecrement
GetModuleFileNameW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetThreadLocale
InterlockedIncrement
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
CreateFileA
WriteFile
WinExec
lstrcpyA
LoadLibraryExA
lstrcatA
GetWindowsDirectoryA
MulDiv
GetLocalTime
CreateDirectoryA
QueryPerformanceCounter
GetModuleHandleA
GetUserDefaultLangID
GetVersionExA
CreateThread
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
GetCurrentProcess
LocalAlloc
GetPrivateProfileIntA
VirtualProtect
WaitForSingleObject
GetModuleFileNameA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
Sleep
FreeLibrary
Module32First
TerminateProcess
OpenProcess
Module32Next
CreateProcessA
Process32Next
Process32First
CreateToolhelp32Snapshot
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
HeapFree
GetTickCount
GetProcessHeap
HeapAlloc
MultiByteToWideChar
InterlockedExchange
lstrcmpiA
CompareStringW
GetVersion
lstrlenA
CompareStringA
GetLastError
WritePrivateProfileStringA
SizeofResource
WideCharToMultiByte
GetPrivateProfileStringA
LoadResource
FindResourceA
GetStringTypeW
LockResource
CreateFileW
user32
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
UpdateWindow
GetMenu
GetSubMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowPlacement
GetWindow
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
CreateIconIndirect
GetIconInfo
SystemParametersInfoA
DestroyCursor
LoadStringA
DestroyIcon
LoadImageA
ScreenToClient
SetRectEmpty
GetMenuItemCount
EqualRect
DefWindowProcA
WindowFromPoint
GetMenuState
GetWindowTextA
CopyRect
SetCursor
IsWindowEnabled
ChildWindowFromPoint
GetMenuItemID
IsRectEmpty
PtInRect
GetDC
SetWindowRgn
ReleaseDC
SetRect
OffsetRect
LoadCursorA
SetWindowLongA
CheckMenuItem
GetWindowLongA
ClientToScreen
MessageBoxA
GetDesktopWindow
GetCursorPos
AppendMenuA
EnableWindow
SendMessageA
GetClassInfoA
FindWindowA
ShowWindow
CreatePopupMenu
GetClassNameA
GetWindowThreadProcessId
EnumWindows
SetWindowPos
IsWindowVisible
PostMessageA
FillRect
SetScrollRange
ShowScrollBar
GetScrollPos
SetParent
IsWindow
GetParent
GetSysColor
KillTimer
SetTimer
CharUpperA
InvalidateRect
LoadIconA
IsDialogMessageA
SetWindowTextA
PostThreadMessageA
RegisterClipboardFormatA
GetWindowRect
RegisterWindowMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SetForegroundWindow
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
GetSysColorBrush
ReleaseCapture
SetCapture
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharNextA
MoveWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CopyIcon
gdi32
CreateBitmap
CreateDIBSection
GetObjectA
Escape
CreateFontA
PtVisible
RectVisible
ExtTextOutA
GetClipBox
GetBkColor
GetTextColor
SaveDC
RestoreDC
SetMapMode
GetViewportExtEx
GetWindowExtEx
StretchBlt
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateRectRgnIndirect
DPtoLP
GetMapMode
GetRgnBox
MoveToEx
TextOutA
SetBkMode
SetTextJustification
SetBkColor
SetTextColor
GetTextExtentPoint32A
GetTextMetricsA
GetDeviceCaps
LineTo
CreatePolygonRgn
BitBlt
CreateRoundRectRgn
SelectClipRgn
CreateCompatibleBitmap
DeleteObject
OffsetRgn
DeleteDC
CreateRectRgn
FrameRgn
CombineRgn
CreateCompatibleDC
FillRgn
CreateFontIndirectA
CreateSolidBrush
Ellipse
CreatePen
Rectangle
SelectObject
GetStockObject
comdlg32
GetFileTitleA
winspool.drv
DocumentPropertiesA
OpenPrinterA
ClosePrinter
advapi32
RegCreateKeyExA
SetSecurityInfo
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
GetTokenInformation
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
FreeSid
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
RegCloseKey
AllocateAndInitializeSid
OpenProcessToken
shell32
Shell_NotifyIconA
SHFileOperationA
ShellExecuteA
comctl32
ord17
ImageList_GetIcon
InitCommonControlsEx
ImageList_GetImageCount
shlwapi
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
oledlg
ord8
ole32
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
oleaut32
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringByteLen
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysAllocStringLen
ws2_32
setsockopt
inet_addr
select
closesocket
htons
WSACleanup
connect
WSAStartup
getprotobyname
socket
recv
send
gethostbyname
psapi
GetProcessImageFileNameA
wininet
InternetCanonicalizeUrlA
InternetCrackUrlA
Exports
Exports
??0CHttpSocket@@QAE@ABV0@@Z
??0CHttpSocket@@QAE@XZ
??1CHttpSocket@@UAE@XZ
??4CHttpSocket@@QAEAAV0@ABV0@@Z
??_7CHttpSocket@@6B@
?CloseSocket@CHttpSocket@@QAEHXZ
?Connect@CHttpSocket@@QAEHPADH@Z
?FormatRequestHeader@CHttpSocket@@QAEPBDPAD0AAJ00JJH@Z
?GetField@CHttpSocket@@QAEHPBDPADH@Z
?GetFileSize@CHttpSocket@@QAEHXZ
?GetRequestHeader@CHttpSocket@@QBEHPADH@Z
?GetResponseHeader@CHttpSocket@@QAEPBDAAH@Z
?GetResponseLine@CHttpSocket@@QAEHPADH@Z
?GetServerState@CHttpSocket@@QAEHXZ
?InitHttpSocket@CHttpSocket@@QAEXVHttpInfoForSocket@@@Z
?ProcessHeaderResponse@CHttpSocket@@QAEXXZ
?Receive@CHttpSocket@@QAEJPADJ@Z
?SendRequest@CHttpSocket@@QAEHPBDJ@Z
?SetTimeout@CHttpSocket@@QAEHHH@Z
?Socket@CHttpSocket@@QAEHXZ
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@UHeroInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VCShareData@@V?$allocator@VCShareData@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCConsoleLoginAckPack@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCConsoleOnlinePack@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCShareData@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VCShareDataContainer@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@UHeroInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VCShareData@@V?$allocator@VCShareData@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCConsoleLoginAckPack@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCConsoleOnlinePack@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCShareData@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VCShareDataContainer@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineTrasaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
Sections
.text Size: 864KB - Virtual size: 862KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 172KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 84KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ