Static task
static1
Behavioral task
behavioral1
Sample
2f6fc3bf9e28e6b061fc18bc0c69fbab_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
2f6fc3bf9e28e6b061fc18bc0c69fbab_JaffaCakes118.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
2f6fc3bf9e28e6b061fc18bc0c69fbab_JaffaCakes118
-
Size
141KB
-
MD5
2f6fc3bf9e28e6b061fc18bc0c69fbab
-
SHA1
a02ca342a1095b759d400ffb0768ca053363a35f
-
SHA256
6b9a51ba61dbabd372a183a61e963662104cfb47a42cb69b189ef8f6778abc10
-
SHA512
254052fd116108c0247ba4c6436fafc88aaca6d001b308030a08f3bac1809510999739a1de69a7bcf91daa1138fbcb9465bc626a2948b1259ecb3fdf98ef1946
-
SSDEEP
3072:SabvqkCa4XK7prwQJmBWZa4d1FTqqxdUSEFjNAiOlcZ4y:SabikCahTqqxdUSEFjNAiOlOF
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2f6fc3bf9e28e6b061fc18bc0c69fbab_JaffaCakes118
Files
-
2f6fc3bf9e28e6b061fc18bc0c69fbab_JaffaCakes118.exe windows:4 windows x86 arch:x86
810f3dae9d82c54f69770aa0ed4e6def
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
qtcore4
?load@QLibrary@@QAE_NXZ
?resolve@QLibrary@@QAEPAXPBD@Z
??1QLibrary@@UAE@XZ
?fromLatin1@QString@@SA?AV1@PBDH@Z
?toUInt@QString@@QBEIPA_NH@Z
?createData@QMapData@@SAPAU1@XZ
??MQString@@QBE_NABV0@@Z
?node_create@QMapData@@QAEPAUNode@1@QAPAU21@H@Z
??9QString@@QBE_NPBD@Z
?exists@QFile@@SA_NABVQString@@@Z
??4QString@@QAEAAV0@PBD@Z
?toStdWString@QString@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
??8QString@@QBE_NPBD@Z
??0QLibrary@@QAE@ABVQString@@PAVQObject@@@Z
??8QString@@QBE_NABV0@@Z
?qWinMain@@YAXPAUHINSTANCE__@@0PADHAAHAAV?$QVector@PAD@@@Z
??4QByteArray@@QAEAAV0@PBD@Z
??1QByteArray@@QAE@XZ
??4QByteArray@@QAEAAV0@ABV0@@Z
?toLocal8Bit@QString@@QBE?AVQByteArray@@XZ
?fromUtf16@QString@@SA?AV1@PBGH@Z
?WindowsVersion@QSysInfo@@2W4WinVersion@1@B
??0QByteArray@@QAE@XZ
?staticMetaObject@QThread@@2UQMetaObject@@B
?qt_metacall@QThread@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?activate@QMetaObject@@SAXPAVQObject@@PBU1@HPAPAX@Z
?qt_metacast@QThread@@UAEPAXPBD@Z
??1QTimer@@UAE@XZ
?timerEvent@QTimer@@MAEXPAVQTimerEvent@@@Z
?qt_metacall@QTimer@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QTimer@@UAEPAXPBD@Z
?metaObject@QTimer@@UBEPBUQMetaObject@@XZ
??0QTimer@@QAE@PAVQObject@@@Z
?fromStdWString@QString@@SA?AV1@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
?separator@QDir@@SA?AVQChar@@XZ
??4QString@@QAEAAV0@ABV0@@Z
??1QTranslator@@UAE@XZ
?isEmpty@QTranslator@@UBE_NXZ
?translate@QTranslator@@UBE?AVQString@@PBD00@Z
?qt_metacall@QTranslator@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QTranslator@@UAEPAXPBD@Z
?metaObject@QTranslator@@UBEPBUQMetaObject@@XZ
??0QTranslator@@QAE@PAVQObject@@@Z
?load@QTranslator@@QAE_NABVQString@@000@Z
?installTranslator@QCoreApplication@@SAXPAVQTranslator@@@Z
?grow@QVectorData@@SAHHHH_N@Z
?malloc@QVectorData@@SAPAU1@HHHPAU1@@Z
?qRealloc@@YAPAXPAXI@Z
?qMemSet@@YAPAXPAXHI@Z
??0QChar@@QAE@UQLatin1Char@@@Z
?arg@QString@@QBE?AV1@HHHABVQChar@@@Z
?start@QThread@@QAEXW4Priority@1@@Z
?qMalloc@@YAPAXI@Z
?qFree@@YAXPAX@Z
?shared_null@QVectorData@@2U1@A
?shared_null@QListData@@2UData@1@A
?start@QTimer@@QAEXH@Z
?stop@QTimer@@QAEXXZ
?connect@QObject@@SA_NPBV1@PBD01W4ConnectionType@Qt@@@Z
?fromAscii@QString@@SA?AV1@PBDH@Z
?append@QString@@QAEAAV1@VQChar@@@Z
??0QString@@QAE@ABV0@@Z
?append@QString@@QAEAAV1@ABV1@@Z
?sleep@QThread@@KAXK@Z
??1QThread@@UAE@XZ
??0QThread@@QAE@PAVQObject@@@Z
??0QString@@QAE@XZ
?continueFreeData@QMapData@@QAEXH@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
??0QString@@QAE@PBD@Z
??1QString@@QAE@XZ
?shared_null@QMapData@@2U1@A
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?data@QByteArray@@QAEPADXZ
?tr@QMetaObject@@QBE?AVQString@@PBD0@Z
qtgui4
??1QLabel@@UAE@XZ
??1QHBoxLayout@@UAE@XZ
??1QVBoxLayout@@UAE@XZ
??1QFrame@@UAE@XZ
??0QFont@@QAE@XZ
?show@QWidget@@QAEXXZ
?hide@QWidget@@QAEXXZ
?close@QWidget@@QAE_NXZ
?setCheckState@QCheckBox@@QAEXW4CheckState@Qt@@@Z
??0QColor@@QAE@W4GlobalColor@Qt@@@Z
??4QColor@@QAEAAV0@ABV0@@Z
??4QFont@@QAEAAV0@ABV0@@Z
?event@QCheckBox@@MAE_NPAVQEvent@@@Z
?timerEvent@QAbstractButton@@MAEXPAVQTimerEvent@@@Z
?sizeHint@QCheckBox@@UBE?AVQSize@@XZ
?mouseReleaseEvent@QAbstractButton@@MAEXPAVQMouseEvent@@@Z
?mouseMoveEvent@QCheckBox@@MAEXPAVQMouseEvent@@@Z
?keyPressEvent@QAbstractButton@@MAEXPAVQKeyEvent@@@Z
?keyReleaseEvent@QAbstractButton@@MAEXPAVQKeyEvent@@@Z
?focusInEvent@QAbstractButton@@MAEXPAVQFocusEvent@@@Z
?focusOutEvent@QAbstractButton@@MAEXPAVQFocusEvent@@@Z
?paintEvent@QCheckBox@@MAEXPAVQPaintEvent@@@Z
?changeEvent@QAbstractButton@@MAEXPAVQEvent@@@Z
?hitButton@QCheckBox@@MBE_NABVQPoint@@@Z
?reject@QDialog@@UAEXXZ
?nextCheckState@QCheckBox@@MAEXXZ
?exec@QApplication@@SAHXZ
??1QApplication@@UAE@XZ
??0QApplication@@QAE@AAHPAPAD@Z
?setText@QLabel@@QAEXABVQString@@@Z
?setMinimumHeight@QWidget@@QAEXH@Z
?qt_metacast@QWidget@@UAEPAXPBD@Z
?qt_metacall@QWidget@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?staticMetaObject@QWidget@@2UQMetaObject@@B
??1QWidget@@UAE@XZ
?event@QWidget@@MAE_NPAVQEvent@@@Z
?setVisible@QWidget@@UAEX_N@Z
?sizeHint@QWidget@@UBE?AVQSize@@XZ
?minimumSizeHint@QWidget@@UBE?AVQSize@@XZ
?heightForWidth@QWidget@@UBEHH@Z
?mousePressEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseReleaseEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseDoubleClickEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?mouseMoveEvent@QWidget@@MAEXPAVQMouseEvent@@@Z
?wheelEvent@QWidget@@MAEXPAVQWheelEvent@@@Z
?keyPressEvent@QWidget@@MAEXPAVQKeyEvent@@@Z
?keyReleaseEvent@QWidget@@MAEXPAVQKeyEvent@@@Z
?focusInEvent@QWidget@@MAEXPAVQFocusEvent@@@Z
?focusOutEvent@QWidget@@MAEXPAVQFocusEvent@@@Z
?enterEvent@QWidget@@MAEXPAVQEvent@@@Z
?leaveEvent@QWidget@@MAEXPAVQEvent@@@Z
?paintEvent@QWidget@@MAEXPAVQPaintEvent@@@Z
?moveEvent@QWidget@@MAEXPAVQMoveEvent@@@Z
?resizeEvent@QWidget@@MAEXPAVQResizeEvent@@@Z
?closeEvent@QWidget@@MAEXPAVQCloseEvent@@@Z
?contextMenuEvent@QWidget@@MAEXPAVQContextMenuEvent@@@Z
?tabletEvent@QWidget@@MAEXPAVQTabletEvent@@@Z
?actionEvent@QWidget@@MAEXPAVQActionEvent@@@Z
?dragEnterEvent@QWidget@@MAEXPAVQDragEnterEvent@@@Z
??0QPixmap@@QAE@ABVQString@@PBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?family@QFont@@QBE?AVQString@@XZ
?setPixelSize@QFont@@QAEXH@Z
?setWeight@QFont@@QAEXH@Z
?setStyle@QFont@@QAEXW4Style@1@@Z
?setStyleStrategy@QFont@@QAEXW4StyleStrategy@1@@Z
?invalidate@QColor@@AAEXXZ
?fromRgb@QColor@@SA?AV1@I@Z
?accept@QDialog@@UAEXXZ
?done@QDialog@@UAEXH@Z
?contextMenuEvent@QDialog@@MAEXPAVQContextMenuEvent@@@Z
?closeEvent@QDialog@@MAEXPAVQCloseEvent@@@Z
?resizeEvent@QDialog@@MAEXPAVQResizeEvent@@@Z
?keyPressEvent@QDialog@@MAEXPAVQKeyEvent@@@Z
?minimumSizeHint@QDialog@@UBE?AVQSize@@XZ
?setVisible@QDialog@@UAEX_N@Z
?eventFilter@QDialog@@MAE_NPAVQObject@@PAVQEvent@@@Z
?changeEvent@QFrame@@MAEXPAVQEvent@@@Z
??0QFont@@QAE@ABVQString@@HH_N@Z
?paintEvent@QFrame@@MAEXPAVQPaintEvent@@@Z
?sizeHint@QFrame@@UBE?AVQSize@@XZ
?event@QFrame@@MAE_NPAVQEvent@@@Z
?handle@QFont@@QBEPAUHFONT__@@XZ
?dragMoveEvent@QWidget@@MAEXPAVQDragMoveEvent@@@Z
?dragLeaveEvent@QWidget@@MAEXPAVQDragLeaveEvent@@@Z
?dropEvent@QWidget@@MAEXPAVQDropEvent@@@Z
?showEvent@QWidget@@MAEXPAVQShowEvent@@@Z
?hideEvent@QWidget@@MAEXPAVQHideEvent@@@Z
?winEvent@QWidget@@MAE_NPAUtagMSG@@PAJ@Z
?changeEvent@QWidget@@MAEXPAVQEvent@@@Z
?inputMethodEvent@QWidget@@MAEXPAVQInputMethodEvent@@@Z
?inputMethodQuery@QWidget@@UBE?AVQVariant@@W4InputMethodQuery@Qt@@@Z
?qt_metacall@QFrame@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QFrame@@UAEPAXPBD@Z
?metaObject@QFrame@@UBEPBUQMetaObject@@XZ
?qt_metacall@QVBoxLayout@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QVBoxLayout@@UAEPAXPBD@Z
?metaObject@QVBoxLayout@@UBEPBUQMetaObject@@XZ
?spacerItem@QLayoutItem@@UAEPAVQSpacerItem@@XZ
?layout@QLayout@@UAEPAV1@XZ
?widget@QLayoutItem@@UAEPAVQWidget@@XZ
?invalidate@QBoxLayout@@UAEXXZ
?minimumHeightForWidth@QBoxLayout@@UBEHH@Z
?heightForWidth@QBoxLayout@@UBEHH@Z
?hasHeightForWidth@QBoxLayout@@UBE_NXZ
?isEmpty@QLayout@@UBE_NXZ
?geometry@QLayout@@UBE?AVQRect@@XZ
?setGeometry@QBoxLayout@@UAEXABVQRect@@@Z
?expandingDirections@QBoxLayout@@UBE?AV?$QFlags@W4Orientation@Qt@@@@XZ
?maximumSize@QBoxLayout@@UBE?AVQSize@@XZ
?minimumSize@QBoxLayout@@UBE?AVQSize@@XZ
?sizeHint@QBoxLayout@@UBE?AVQSize@@XZ
?count@QBoxLayout@@UBEHXZ
?indexOf@QLayout@@UBEHPAVQWidget@@@Z
?takeAt@QBoxLayout@@UAEPAVQLayoutItem@@H@Z
?itemAt@QBoxLayout@@UBEPAVQLayoutItem@@H@Z
?addItem@QBoxLayout@@UAEXPAVQLayoutItem@@@Z
?childEvent@QLayout@@MAEXPAVQChildEvent@@@Z
?qt_metacall@QHBoxLayout@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QHBoxLayout@@UAEPAXPBD@Z
?metaObject@QHBoxLayout@@UBEPBUQMetaObject@@XZ
?changeEvent@QLabel@@MAEXPAVQEvent@@@Z
?paintEvent@QLabel@@MAEXPAVQPaintEvent@@@Z
?heightForWidth@QLabel@@UBEHH@Z
?minimumSizeHint@QLabel@@UBE?AVQSize@@XZ
?sizeHint@QLabel@@UBE?AVQSize@@XZ
?event@QLabel@@MAE_NPAVQEvent@@@Z
?qt_metacall@QLabel@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QLabel@@UAEPAXPBD@Z
?metaObject@QLabel@@UBEPBUQMetaObject@@XZ
??0QWidget@@QAE@PAV0@V?$QFlags@W4WindowType@Qt@@@@@Z
??0QPalette@@QAE@XZ
??0QBrush@@QAE@ABVQColor@@W4BrushStyle@Qt@@@Z
?setBrush@QPalette@@QAEXW4ColorGroup@1@W4ColorRole@1@ABVQBrush@@@Z
??1QBrush@@QAE@XZ
??0QLabel@@QAE@ABVQString@@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?setFont@QWidget@@QAEXABVQFont@@@Z
?setPalette@QWidget@@QAEXABVQPalette@@@Z
?setWordWrap@QLabel@@QAEX_N@Z
??0QLabel@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?setScaledContents@QLabel@@QAEX_N@Z
?setFixedSize@QWidget@@QAEXABVQSize@@@Z
?setPixmap@QLabel@@QAEXABVQPixmap@@@Z
??0QHBoxLayout@@QAE@XZ
?addWidget@QBoxLayout@@QAEXPAVQWidget@@HV?$QFlags@W4AlignmentFlag@Qt@@@@@Z
??0QVBoxLayout@@QAE@XZ
?focusNextPrevChild@QWidget@@MAE_N_N@Z
?styleChange@QWidget@@MAEXAAVQStyle@@@Z
?setMargin@QLayout@@QAEXH@Z
?addStretch@QBoxLayout@@QAEXH@Z
?addLayout@QBoxLayout@@QAEXPAVQLayout@@H@Z
??0QFrame@@QAE@PAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z
?setLayout@QWidget@@QAEXPAVQLayout@@@Z
?setFixedSize@QWidget@@QAEXHH@Z
??1QPixmap@@UAE@XZ
??1QFont@@QAE@XZ
??1QPalette@@QAE@XZ
?metric@QWidget@@MBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?releaseDC@QWidget@@UBEXPAUHDC__@@@Z
?getDC@QWidget@@UBEPAUHDC__@@XZ
?paintEngine@QWidget@@UBEPAVQPaintEngine@@XZ
?devType@QWidget@@UBEHXZ
?languageChange@QWidget@@MAEXXZ
?windowActivationChange@QWidget@@MAEX_N@Z
?fontChange@QWidget@@MAEXABVQFont@@@Z
?paletteChange@QWidget@@MAEXABVQPalette@@@Z
?enabledChange@QWidget@@MAEX_N@Z
?checkStateSet@QCheckBox@@MAEXXZ
urlmon
URLDownloadToFileW
hpqcc4
?metaObject@CMessageBoxEx@@UBEPBUQMetaObject@@XZ
??0CMessageBoxEx@@QAE@PAVQWidget@@ABVQString@@0HHH@Z
?setButtonText@CMessageBoxEx@@QAEXHABVQString@@@Z
?enterEvent@CCheckBoxEx@@MAEXPAVQEvent@@@Z
?qt_metacast@CMessageBoxEx@@UAEPAXPBD@Z
?qt_metacall@CMessageBoxEx@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?timerEvent@CMessageBoxEx@@MAEXPAVQTimerEvent@@@Z
?sizeHint@CMessageBoxEx@@MBE?AVQSize@@XZ
?mousePressEvent@CMessageBoxEx@@MAEXPAVQMouseEvent@@@Z
?mouseReleaseEvent@CMessageBoxEx@@MAEXPAVQMouseEvent@@@Z
?mouseMoveEvent@CMessageBoxEx@@MAEXPAVQMouseEvent@@@Z
??1CProgressBarEx@@UAE@XZ
?paintEvent@CProgressBarEx@@MAEXPAVQPaintEvent@@@Z
?timerEvent@CProgressBarEx@@MAEXPAVQTimerEvent@@@Z
?qt_metacall@CProgressBarEx@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@CProgressBarEx@@UAEPAXPBD@Z
?paintEvent@CMessageBoxEx@@MAEXPAVQPaintEvent@@@Z
??0CProgressBarEx@@QAE@PAVQWidget@@@Z
??1CCheckBoxEx@@UAE@XZ
?leaveEvent@CCheckBoxEx@@MAEXPAVQEvent@@@Z
?metaObject@CProgressBarEx@@UBEPBUQMetaObject@@XZ
?mousePressEvent@CCheckBoxEx@@EAEXPAVQMouseEvent@@@Z
?qt_metacall@CCheckBoxEx@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@CCheckBoxEx@@UAEPAXPBD@Z
?metaObject@CCheckBoxEx@@UBEPBUQMetaObject@@XZ
??0CCheckBoxEx@@QAE@ABVQString@@PAVQWidget@@@Z
??1CMessageBoxEx@@UAE@XZ
?showEvent@CMessageBoxEx@@MAEXPAVQShowEvent@@@Z
?moveEvent@CMessageBoxEx@@MAEXPAVQMoveEvent@@@Z
hpqcutil
?LogMessage@CLogger@@SAXHPBG00H@Z
HPDealloc
ExpandMacro
HPAlloc
RetrievePath
GetLanguage
kernel32
GetFileAttributesW
GetExitCodeProcess
WaitForSingleObject
GetStartupInfoW
MultiByteToWideChar
lstrlenW
CreateProcessW
WideCharToMultiByte
DeleteFileW
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
LocalFree
GetCommandLineA
GetCommandLineW
InterlockedExchange
user32
wsprintfW
gdi32
AddFontResourceExW
RemoveFontResourceW
shell32
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ole32
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
oleaut32
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString
msvcp80
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
msvcr80
_unlock
_encode_pointer
__dllonexit
_wsplitpath_s
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_CxxThrowException
__setusermatherr
_adjust_fdiv
__set_app_type
__p__fmode
__p__commode
_wcsupr_s
_wcsicmp
wcstok_s
??_V@YAXPAX@Z
memmove
__argv
mbstowcs_s
memset
wcscpy_s
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
free
_configthreadlocale
wcschr
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_lock
_controlfp_s
Sections
.text Size: 76KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 52KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.irdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE