SkyFlick2[.]1_WIN11[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SkyFlick2.1_WIN11.zip
Size

22.7MB
MD5

6a51cc62a419ff0ce8e402f6078f01fc
SHA1

dac60e7e9cc63b90804674275b729e7bc5c8a1ee
SHA256

e1dcc9c259c78a051ead4ae56f9eabdb829bb7c832fe81af6f65f6b465b7f026
SHA512

a6c7624c3b78bcddd726dfffaeb13db329a4c75e0e91acf6d5fcd85492dacab06fe2644193c40adcb7c30802bbd34f8e6695bec2386b5e8257ab3f3b832b1efe
SSDEEP

393216:7lc13U2VRLLoSkywODQQmdL3aRWtBWH2uNxUMAF9WZNcswyRQojMYWVlHoGTyy2L:7l23r5njzUJdL3ZtB02uTLsucxy+vLHK

Score

7^/10

themida vmprotect

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/SkyFlick2.1_WIN11/ResetHWID.exe	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/SkyFlick2.1_WIN11/data/bin.1	vmprotect

Files

SkyFlick2.1_WIN11.zip
.zip
SkyFlick2.1_WIN11/Readme.txt
SkyFlick2.1_WIN11/RealReboot.exe
.exe windows x64

44c3e6d93a9b3b081417ee44e1715c88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
SetCurrentConsoleFontEx
GetModuleHandleA
GetCurrentConsoleFontEx
GetProcAddress
GetConsoleWindow
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

user32

GetClientRect
MoveWindow
MessageBoxA
GetSystemMetrics
GetWindowRect

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
memset
__current_exception_context
__current_exception
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initialize_onexit_table
_cexit
_c_exit
_register_onexit_function
_register_thread_local_exe_atexit_callback
terminate
__p___argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
__p___argc
_invalid_parameter_noinfo_noreturn
system

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/ResetHWID.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 29KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 347B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 267B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 221B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/SkyFlick2.exe
.exe windows x64

42a154eb168790a845c14a72adc00d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetCurrentConsoleFontEx
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CreateServiceA

shell32

ShellExecuteA

ole32

CoCreateGuid

libcurl

curl_free

msvcp140

??1_Lockit@std@@QEAA@XZ

ws2_32

WSAStartup

ntdll

RtlLookupFunctionEntry

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception

api-ms-win-crt-runtime-l1-1-0

_set_app_type

api-ms-win-crt-string-l1-1-0

strtok

api-ms-win-crt-stdio-l1-1-0

feof

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

O�U,�q �S^V� n.��'0��4�djQ}��P. ��$n$:�`�U܂`��Z��_3�,�!a�j�6�3��b�G��ʳ�I�%��$@n��Y[�@�k�t��V�j�J��o襅��R@c�� 6mS�ײ��^"` 1Dǜ�z��q�8x��1��$x�_L`FQb%�S"��-ʈ��E�� SS Xx�|V��mu�L[}:�ޏ��Dz�@��5��i,p�O�[�$�@!�s>��\q!�9~�"�8�H�#Z��a��k��[[�y%k�1k��\��I��դpC��V:��p%|JI�ݧ� �m]��E�ɚ�Z�o��R",k��7��^�D�� u/�` ��z��.Or�<��g}�c��>zE��LBZ8��9ʯ�a��u��x�兛{��Ŷ��U�+�B�l�7�M�Ч�"e�% _��x;�=U|��,/��y�ظ��Xdk��k��[��E��X/ޞ��#�4�8��hSJU[ 2�J�-Ѹ�(�0�pK��g �~E�o�gH��ø}�ZxXk�]�R G��%�X�<I�Jkh�^��6�j:*��,��i˸�(l��ѺvIMf:F:r8�_��H��J��V_K�V��̵�HFEǶp+hU �Gb��DTG�~��#![��/��W�b��VE�5�[~�6b��;�$��e뽒��,��3�8M�{��sFl�ڗ��Q ��̹�R��e�7Q��Fp��=�͏;��<�=K&&)BQ�2�UO"f��$�ͮ ��K�N�p��eq��7_�MF� z�pB��pGo� LO�l1�B��?�=`rh�h��9Ȃ|:J��s&3�P7��ᦔ�X��d\��T�J�C]|(��J�ފ�㕧�D��2�O�l�=��`�yG+��Z J��Xo"M>E ��N<$��}��˼��a?��S] 1��U��ɬ4A��N�]��i��$˸:J�-*")�t~q��jI�|M>1|��E��<x��Rf,�56 ��g��_+̿��!�\��?�̽��<C%x��J=qB��K��7k�� =ۿ�+�&۾�|HdԢ�E��p;�'=븬�뇢k�{�i>��N�2�O�Ճ��1m� ��T�=��A'n^��iG(��$�pA��LR|��I{Gsj�GCaM�!�~z�X�<%4�� y�b4kL��g�}�,,�٩R@�003��&E�0�0_�rm��P�w<��1Z�o��y^Пg�l�O1'o��8?G:aƨ�t��V��HB��S-��{��N`��Pjjz�MK��N�G�(c©�)�J��!K��F��-��T�L�d�]V}�%79э�7�� m��*�+0�!�M[m�h�k��Fe�O]l'�"��R��T ��q��7,"��s��Oe�j&�UO��>��s:�w�Sl#�SV]Z7��^t2��8��f�=޵��2G�Қ��GլI�z��d6�me��?�о��W�{��'[`��BIk��O0��k�"�T��[��@��u�mEY��\F�S[�63�9�-�5D'^��ӹU�jx�4 �RgD�aD��i�y�k0(Y�36��E�� Tf��L$�B�G��Zr�s2��j��3]͖��Jϋ[z��T��; ��.Z �ڱ��1��%�U��tH}a�-nR#��Gt��Q|с�I��E�OGʾ��]��鬯}P~��0:,��,��K�~ǔa�D R[>�/:-��Zn�{�pE1��K�(�3��,�K��"\��4 �MYf]�ʍ�'܌++,jڝ��Ë��ڇ�>��5��$�/�.k�"*<�e"v�@��.�t�ٵ��jN��0�N�E�m��n{�i��{��Cln;�c,�N��g�^�En�I�+/kg��5�r e�� 9+��*�9`��(F��n�@J��(E�j赇��4��W��A�n��ȔNH8�Rd8�fB�J�p f��^F!�͇~U�u��΁��12��;��v/��7a�d) �X�i\�� 3A8zk�� D��k��x��Vr��(��cy�m�b��#�~��y"�]D=��1I�� Cw�2��F�wb-�A��q��T^5y��򲸐V;�4^Q�$g�H��T��Aa�H�m�ڤ;��KD�?�ř:i��{�b_��e�ݳ�'E��I�n�T�p��8J&#k�|�f��(Ic|!��52Q��t�p.y l��a<�o��IcW��,��g��.,+)�Cs>.K��T!\D��r`TN��/C==��>��_��n{Ѷ`�z�t>,�*C�3��E��;,uo�;A��Ԣ�C��S�!�Sc��@=�`��A̞�#�y�� la�n�� ȓ[�ӹ��}5�m��9{n�T*y-�ԓ�m�čGC�tf��?zu\1�]�fˈꗂ^ߡ9�L0�t�e��Pu��8x~�&��J�=��!�`1��рH~M ;{�kr�u;�M/ F|�h��+� tL'y=��ԭ��o�^�Lh�Q {yhX�G+7t��\��#��:�Aw�+�(�İ#��@�5��3oT��i�j��4V�]��S�ֶC��I ^��ځ�c?� ��_��o��y�>��)��?g%�1��iy"�2�*��l.X�]�v�?��֘u��"�(::��H��g⪅�H��5��p�9�P��6��W��ck�3F�4�|)�QtϠ�6�.�#�m�:�N� Ġ��<��b0�}��1$|W��@�.ׄG��[�k��,��8�O��"�SKбJ�{�]?��>'�N� |T��D��!�:*�h�C��2��ΰ��ݾ�x˟

Sections

.text
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.D5pO9dC
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.D5pO9dC
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/data/Ba6ZtH8y0KbD2.sys
.exe windows x64

a8ac822dcedbf313a2e410b1854730ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

DbgPrintEx
_stricmp
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

KeQueryPerformanceCounter
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1008B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FtA46zN
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FtA46zN
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FtA46zN
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/data/bin.0
.exe windows x64

372bf25726aa116bf4780eeed3cc2563

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

ntdll

RtlLookupFunctionEntry

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-runtime-l1-1-0

__p___argv

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

��o��L�+ k��-�k��) ӪY{m�!��Qz�d'l/L�C&h�J_�~ן�f�=�R�.��uF�)�^謄`�0ޚy 372;G7d�u�s@�1�#b��:&A~T�?�� 2��=+��.r��I��;H�*��_)�d��a��ʤ��5��33f�ެx��*�;9fs�tH�&� �0�/�s�f��,��j�|D'c��dTx�4�A|�OE߱��Uj�N%:{�k��W`�mU�7��֫��y�s��S-b �t�x3{��T�O�X�!����x䖜>SǤ�ynϻ�r:�re/O��R� ��B�p�=��掽"��'��I˵㇄͐~�[��>ԃ߇;;U�> �Y ��-:̨�^��E��u�e-J{d'��*�T��|��%��Mx,,�KK=;q�2 E��'��[s��-��(��U�� |~��4��Z��Ƴg1mb�;0�[��x$�� А��1��uF��z\-N��3(��mx��gz?��۽f�֍��}C ⤯�fy�m^��s�M�pqseۡ�|��'Z�~>u;��㔂o�L��Nv϶�rɵBmziZ �C�$�� <9��K�c�� _�6<"��5��N��\�A]��D�w�C<��˪Up=q�~`�:$2QH�>&�0A_�9,�J7bZ�C��8H��.a��/|m>��;�rAqZ 9Q%.DOڡ fl5��/�K��D\�+��1HhIī py��$�& ��9v�v � 3ܩ�`�֐��3@ʨ�� \B�k\��cFt�U��o��ZE��ד�#��GJ�8��B�#l�1xzPY4�r㔻�EnI�{}\Tz�V��)�?��!��b�n�Rj00�p_�(��&�F�|��RnC��Ά��[�_^�p��B�� h�(w.��!s��Hg��9Z�æJ�?�1�x��V�sțݒ�% �o*�|X,@4�C�Z��%ײ��i��"��f��6��#�R�Z]�u,�Z��}�D4I�0c״\��_�8��:��v�P��N7\��H%��3�C+ 0݂�/5��Ί � #j�6�6��܃��"c��.@��<� n�e]�\y�{�A��3�B,2�RU�Ӵ��&�e��t9A�Ɔq��O9�f��)�D>�NG��()v=2Q�|+;��͝Y�x�iϓG��س��h��[�o�Qw"$�,��ժc��"z�]/��>|��5��[��1s:#��:H��3?0s�6Vo��s.</��D��qs9��u4�jj�,&"�s^P:?"�F6�l�9b�YBʪr��h��8�X$��_*��U��p�l m��,Y�&4��Z"U++{��U8Y��Ye>4?>ړ�2�s8�j��4�2<��p ��v�"�;\�d�d�t��i��I��y>A�_�>K�w�֭�G5�I�dG.q��E�"�I�26�F�%-��Ny��QOY��E�[bzh��0O`rt[� ��,݈�P�g*�E'Rl^Kw1R�|�]�}�68x��\gN$S~>�D�]M�[a��f�q� ��!�kXz��s��C|w1��G��?ZW��!gb#��p��n��\��k�c�$��ǲ�M�,��N��&��F��0@"�ȣ.KKU��a{$�*��<��j�M~�dr��F��~�4��y�T�k���T� \��C� G·��aT�i��3�r �!WA /��R�n��Kf�L��#K�wjxi��z7 &�i�ѫK��<Bk,�،K5-��a�4��?�M|~.`�3�m\�ߤ�2r[��^;�K��߀5��u��'ޑł2Qڠa��ъ^��#E�ZE��Þ��ߺ�W��׵[��Z��H�i}@ �Z �#"�C��I�`��Q_a��j� ��L&K~�<�D�Ux-l�>��7��,-w�('E��&�6!oo�,��fŶ�sץ��6x-�~��R�b��A��2HT�[��EL؊?׀j�c"5N��4W�v��b��~Ax��/ ��ل�S83��dl��3U>6A�{7G��9��@`,A�#c�ň�~ p�#}ʻT$�� s4��5�ͺ��T��y��8g�'{��3c6��X�6��w-��pq|K�9!��Z�u��ٖ�c5�|��89��z�a�g��w��3Ē3I��[��~g��*@0G��t��Lu?��b5S]W��NW8 +Ez�GQ&�m��s��L<q�g&㛵��S��7� ��z)�K$��3�j^ܼ2��,#�N88*3� bߎ_-��\�k��+��'��k�Xf��sh0��c&. �a}�FfE��z�:U�}��A��^,��5ݜG.�u:�;Db� I� "yL1o#N�\w��Ρ��LS��+��fЎ��Z圐.M��¾��C�H9|��P��)S��f��x�7.%� P�sS��U��r�,��P��$�2��xC��J|��.��B� ]��g��O�0-R��N��U��؂"�}+�H�U��W�� 9*��qu��V��q^�`�D��OXu��r�U��<�!hQo��#؛��(�V�b�ހ�֪н�~�D8�{�iUc��Y#H�v�:`#�g�f�$ ��*��ňʹ�2Y��?��+��^��y�7fx(�ֺ��՞�� N��x��k�R��!B��7ojlD8p9EgyN��И�YዟfCu�G��H�ǁE�B'MS� ��~S��F!��l� �EЯ��Jd�L(.2�gs(��>�4S��[���ȭdʦC�Y�-��"�

Sections

.text
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KbZn8R0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KbZn8R0
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/data/bin.1
.exe windows x64

ce18a360eb2c2ca6d25af97151355fb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegDeleteKeyW

ntdll

LdrLockLoaderLock

rpcrt4

UuidCreate

setupapi

SetupDiDestroyDeviceInfoList

newdev

UpdateDriverForPlugAndPlayDevicesW

bcrypt

BCryptEncrypt

msdelta

DeltaFree

wtsapi32

WTSSendMessageW

user32

GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

Exports

Exports

��}��@L�x~f�R��:�Nk��+�A��N^k��Vɶ3�-`�[��F�f6�+z�!Qz6��"�5�yu� {��R't�ם�<[K#��=}��M)M̝�ޢ��>̟��kߤ��e�6HL��6�@�U9ٰ��y��2��1\��^��Tܚ:cSX}��x4�]Hq:}��+n�x� �@yg ��c��L߲��t�ĉ>Q.��#�r�c��A�[�L�z��E�.�b� �fd��ߤEa{_c9��c�Oa��AQ|i��^��OU��-xGV�3��|��FI��귡imLDX��h�N��zl�|J��p^L��L�@�N£8��)��m'UE��R�UtI��~ƥZ��4V��<3��}��/�S��YV�db7��B�KK4�p�RΕȧ6J��&]ixم�r��Ɠ�_�"�u��3/�A�.@��*�f4��x��΁.�ⲍG�69��`�#pua4'��c�4Y��{&*�c(i��ĩ1ߊ��3��n]v��u�)C&��C�ؘR�k�,Z�7Z��vV�A�y)V�� #�Ɯ *��Ĕ��`H�!��!�֗�.�O�=�i�TE�D�i�"�h�ŋp0/��f��i��;x0`��k��'��E��m�/F6��o��g��R>�ɠ�`7��!'Nj�x� �L>cӰg� P�4�3:��}l�xb�|��WN�c�17{9��P�~ ��:��;0�]_�~�:��e�*��g�.>��ʺ�D{�z��Eg��.��6��b��'ڣ�Ehؠ�� p��=�U�h2�5��}*��%(Һu�j��jwH�"T�տ�Tڱ\�<i�U�jX��G�cW~� ��X��K��76��->-�&�4:�N�!��Ua��fCGgN��4��ڄ{��3��v��ѺWu��ۺ��h�GҮ��X�L��<;�ؤub<R��~��tt�Cl��K�Eݩ��qߞ ��)A3��@�JDt}[F�U�u_y�A`��-��w��Q�sd�u��?0I�|��"�s��%C��9�T�,�f��a� ��]��vo�έ�.D�23n]��$�&ژؾ�g�!Ol�7^`�mpC�+�g�_S�w�a1� /=�y� �;�ގ�e�@N f��E)]:@{<�e/�ƛ�� d�̓��8��95;=@��8��Hh5<K��&�jV��OC��\��5}K�dexOV&�� ðld��m��^��?�D��5C�7~��r:~J&�M^ɞ��x�Ω~��?��A~�a��?�$y�W�!��|��0E^b�*<��z�RɆ�V�f!��W��8.��cql��ޭ#�j��NR�r�kb41m;7��1�"-��H�R�\�� V��3�KI�I��T��tYʥ/�]� X�%��5�� h|�w< e� �f��q��Z\f�|��)�2�6�^��x%�\��g�. XdO�Qk��e��g�\@38��%r��wp�F�G�:©]�� :��Fj��^~��V�#��7�4@ڈ��Cwu[9A �0��sy��׮��k*H�Y�[�BȎ��_+�i*-�ha��6�w1��s� \�h��b��11��c:�ɯ=��1LkV��"p�c&p��=�t�9c{�O�l��"%X^�HZX��t�T�i+Ml��C�%�4}L��锭��x� ��{��Rg��+3R��Y��tIG}�R𤕿��"Zn��r%�F��yλP��M��^,�h|/r㿾�}P��3&�Vo?�%e��B�^[,�K�� [֟��/f/f�AQx�:�m� &Ch��{��ۇ�VǮ{��/0$m�e��iL&��#��{�c)�O��[��|&��G�k@�h;�7��a�eL��:�hb~��tu-�]J�x��ZFY~�g�d��md�??"�Mm�Mq��&ah�Х��x&��翿��eJ��7�W�W�Z\��|��܎��ھL��&>�tĨ�N�Ow\�� n[D��Z��F 5z��j��So�� Y�R�p��D�id�r�M�u��OD$l)�#`��ݠ �� Z,��x��12ĭ-l��C��~[�]�� `��2B|ǌgG5^��b��8��Ղ҅��Vo��V��٘,�~��*�p��Y��sk��{o0m:�B<|��lTtݏ�M陌A}d�C��e�� B��:Ц��X��`��mL��`#�T��b��e y�F_�P'�2+r#lY^�o�� JQ4�\�ЁR�@��=��f�`1��?��9��U�-͋��0%b�QH�#-۷M9�A��5��/Jqg~m��w,<�M�~��ƪh�c��l��o�w[��LR��ܡ.�2�5��;�~�o6��@��(��c[�� ev�� !��B��;, ��~0�wBkʢ�H��V�0$�RE&�|��J�E�&��N�BM�~��y/3�z|�5]f ��&X;�\.�<.�L�!V�A5�37e�Cg�o�&�m� �� M�#<��D�J(��rg�u�wA�5]�,�4�w��|��謷L|8��J��gZh��^�0��#!{��o��b��w�o��e�X��%1�fX��P�D��Y(�5��|��R�d��6��&2̇�Q��9�N^͔��ge&d��xcnA.��x̍7C܎��P�Ido��g�kb7��#��RHw�?C&�秳��G�K*�0��Qc̵� ��6hDb&"��K��p��v�_�\�5CkB�^�UKR

Sections

.text
Size: - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/data/drv64.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

gProvTable

Sections

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 859KB - Virtual size: 858KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/extension/Anti-Flag.exe
.exe windows x64

8b777a892a74b0d6219260895a45c52e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
TerminateProcess
DnsHostnameToComputerNameW
OpenProcess
CreateToolhelp32Snapshot
DeleteFileW
Process32Next
GetConsoleScreenBufferInfo
GetConsoleWindow
SetComputerNameExA
GetSystemTime
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindClose
CloseHandle
Process32First
CreateFileW
FormatMessageA
LocalFree
GetTempPathW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

SetWindowLongA
SetWindowPos
GetSystemMetrics
GetWindowLongA
GetWindowRect

advapi32

GetUserNameW

ole32

CoCreateGuid

oleaut32

SysAllocString
VariantClear
SysFreeString

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

shlwapi

PathIsDirectoryA

netapi32

NetRenameMachineInDomain

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__C_specific_handler
__current_exception_context
__current_exception
memset
_CxxThrowException
memmove
memcmp
__std_terminate
memchr
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
__acrt_iob_func
_get_stream_buffer_pointers
fclose
_fseeki64
fread
fsetpos
ungetc
fgetc
setvbuf
fgetpos
__stdio_common_vsprintf
_set_fmode
fwrite
__stdio_common_vfprintf
fflush

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_lock_file

api-ms-win-crt-string-l1-1-0

tolower
strcpy_s

api-ms-win-crt-runtime-l1-1-0

system
_errno
_invalid_parameter_noinfo_noreturn
terminate
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_narrow_environment
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr
floorf

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/libcurl.dll
.dll windows x64

b61662c35c9dd1c5d2c2edac2823b0cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
__WSAFDIsSet
WSACloseEvent
listen
accept
gethostname
freeaddrinfo
getaddrinfo
select
htonl
WSAStartup
WSACleanup
recvfrom
sendto
WSAIoctl
getpeername
connect
bind
WSAGetLastError
send
WSACreateEvent
closesocket
getsockname
getsockopt
htons
ntohs
WSASetLastError
recv
setsockopt
socket
inet_pton

zlib1

inflate
inflateEnd
inflateInit_
inflateInit2_
zlibVersion

advapi32

CryptAcquireContextA
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGenRandom
CryptReleaseContext

crypt32

CertFindCertificateInStore
PFXImportCertStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain

kernel32

GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
MoveFileExA
LoadLibraryA
GetEnvironmentVariableA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CloseHandle
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
Sleep
GetFileSizeEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
MultiByteToWideChar

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memchr
strstr
memcmp
memmove
strrchr
strchr
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

ftell
fgets
fopen
_open
_lseeki64
fwrite
fflush
fclose
__stdio_common_vsprintf
fputc
feof
fputs
fread
_close
fseek
_read
_write
__stdio_common_vsscanf
__acrt_iob_func

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtoll
wcstombs
strtol

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_cexit
_execute_onexit_table
_getpid
_initialize_onexit_table
__sys_errlist
__sys_nerr
_errno
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

isupper
strncpy
strncmp
tolower
_strdup
strpbrk
strcspn
strspn
strcmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_unlink
_access

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
free

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SkyFlick2.1_WIN11/zlib1.dll
.dll windows x64

d879d2294039900ef484e0f01607f882

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memchr
memset
memcpy

api-ms-win-crt-stdio-l1-1-0

_wopen
_write
_read
_close
__stdio_common_vsprintf
_open
_lseeki64

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_errno
strerror
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit

kernel32

DisableThreadLibraryCalls
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine_gen
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44c3e6d93a9b3b081417ee44e1715c88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 648B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 88B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 29KB - Virtual size: 61KB

Size: 5KB - Virtual size: 18KB

Size: 347B - Virtual size: 4KB

Size: 1KB - Virtual size: 3KB

Size: 267B - Virtual size: 480B

Size: 221B - Virtual size: 220B

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 16B - Virtual size: 4KB

42a154eb168790a845c14a72adc00d01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

libcurl

msvcp140

ws2_32

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 133KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 6KB

.D5pO9dC Size: - Virtual size: 3.5MB

.D5pO9dC Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 512B - Virtual size: 220B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 648B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 88B

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: - Virtual size: 133KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 6KB

.D5pO9dC
Size: - Virtual size: 3.5MB

.D5pO9dC
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 512B - Virtual size: 220B

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 64B

.pdata
Size: - Virtual size: 468B

INIT
Size: - Virtual size: 1008B

.FtA46zN
Size: - Virtual size: 2.3MB

.FtA46zN
Size: 512B - Virtual size: 8B

.FtA46zN
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 512B - Virtual size: 196B

.text
Size: - Virtual size: 21KB

.rdata
Size: - Virtual size: 13KB

.data
Size: - Virtual size: 2KB

.pdata
Size: - Virtual size: 1KB

.KbZn8R0
Size: - Virtual size: 3.4MB

.KbZn8R0
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 145KB

.rdata
Size: - Virtual size: 67KB

.data
Size: - Virtual size: 12KB