SHADOW-BYPASS 2[.]8[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

SHADOW-BYPASS 2.8.zip
Size

20.6MB
MD5

8391733a6754d0578c517cf92d914a8b
SHA1

a16aeb137e49e05ee085c9eb43cfa24199db403b
SHA256

fd73b30a5225b5960e1b9f9d5d9e09d0b13acd0bdbe1dcb8265f3c235590cf06
SHA512

2f9f4faf60031efa50aaf933fb37a3a1159302d8fd274d7335792d3ea4482f3ae84ad630f5eefb7979d04f19dbad7f70d40bdbdb56df42aeada2d89d529bbca6
SSDEEP

393216:Fx/lDj7MG1xUBMFS4gPnd5AiHiyx65D9LkFcLrO:f/lDXhxPgPnMiHivjTrO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/SHADOW-BYPASS 2.8/BYPASS/Shadow Bypass_protected.exe	themida

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SHADOW-BYPASS 2.8/BYPASS/Memlib.dll
unpack001/SHADOW-BYPASS 2.8/BYPASS/Shadow Bypass_protected.exe
unpack001/SHADOW-BYPASS 2.8/SETUP/Gameloop 32 Bit.exe
unpack001/SHADOW-BYPASS 2.8/SETUP/Gameloop 64 Bit.exe

Files

SHADOW-BYPASS 2.8.zip
.zip
SHADOW-BYPASS 2.8/BYPASS/Memlib.dll
.dll windows:6 windows x86

d6fe572a2067ff4ea118bd72ce0d5458

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey

msvcp140

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z

kernel32

InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

BlockInput
CharUpperBuffW

shell32

ShellExecuteExA

userenv

UnloadUserProfile

rpcrt4

UuidToStringA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

psapi

GetProcessMemoryInfo

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

system

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

_dclass

normaliz

IdnToAscii

ws2_32

closesocket

wldap32

ord211

crypt32

CertEnumCertificatesInStore

Exports

Exports

@�~�k8�� k�s#�摩D�#�5��T%��j7�GVX\�<k�7ͫ��Ԉ��6��S\��,+.�Ƙ��] GHnbdLmCg�亵NF>�Jd�O,h_��_��j�%[�>�[��Ɍ�>,)��v��MR�(��{��,p��^��<gA ��)�Y"7֚޸{7�I�`r/o��om;�ŠP�z+�_�aBh^�-~E�g��z�K7��'�(�b�-��s�!&:��py��V�?�eOM�<5y�jD��Ҙ��?�� ϊe\\*�mG�Ѓ�- '�&�/�ǯ�I�Z�c�*��H�]9σ\28C��¬]5L��8'��bf-Ž3*��FY^sˢZCR�?�v�gMK�V\J=�N\d��[m}�j��/��ה�+�d� H\ו��M:� &W��a�u��m'��N�Q�*��r��cZ�M��b (r�RQo�^p�'P��%(��W[^U.�&�Ɏ9�T0\U��؃��j>!VN��DjI�D�֒�2 �}��e��=�ڽ��A}�!�&�ue㱕� j��~2~F��o��I�߃�c� �k��o'+��!I��⁩��'�xִ��lX�t��d��Z ۥ4�\��=a*|�V|c?�G��R��p��P�>2�: ��C��$`̎�5�y�OE�c!n��?��R3k�Ns�`$K��W��6�~_�Zr��ϲ��Nӗ��6��_�,b(}�7� ��z-��[�x�.vI�E��R�x_|`��NEO��L\ֿ��p &�u��,�-�'�V)��So��K��G4'�sLL`��uŘ�A$0�L��X0:�40��ha��t�V2U��_}��t��`�� b' %�N �-�J��HQ�0�m\V��ǹ�K�^��*�c?�cMݵ��O��U��8Ǜ�L�=��wX~cZR��:��+� ��0H� �{]�e��7��/,N�k�[�.hr��*[�~�INX��E�C��~~��<�{Y��?j{�� G}�]g %2�wbYsZ�F�c�?m�u6Z& �mt��SeX��a�y�ͦe6/�P�Vt��E��3�r�{�È�S�J�3�!��A8�,O�BF��#T�%�M��m#��D�TJ3A~ a��~m^ExIӖ\ �4��[5�y�$�Sv* ��ARf�F�0D�crh��!]5S�:ST��d�MP[��0;��hlN3_ ��&K��)R{��M�L��PPss��{��0]�av��!��'�ي�k��(z�_!�}{��}ϼ�'/�="�*56U�0Ŧ��"�Z[+`��&�,�C<��ܲ��|��c��&��s*�W�s�X�RF%� z�Q�`zb��%#hmnO��<V�|~/߁S��<�δ��:"��UD �:G�q��C%O+{�v)�w��;xy�Ĵ��x�#>��tr(��1�Ŷ��1J�BC��z4�!��VUsV{𤓌䇇��i�p��T�]�\s�z>�KhC3ԓLZ��5[մ8��5��im_29].g�&��~~��Qj�i��iзث�{!�L��6�>��a��*qD2��'�G3QC�j�y��6�d��s�aЛEa_S>�㈊��m+�j�]"��L��sӓ��6�k)��k�Of[�� Ef � S� O�@�^;��lk�?�G�Z�\�m��7��vgB�X��_{b�_�>;��G]�c��e��L�3�9U��D�U�Y>�뵕+��A�Fo��0.�[��t�5/Kv_�wt�^� q�UgrIn��j�_˚ʆM:��I�>�x�ƖO�y:��|�'D� ��l�!bBٶ]o��ji��P��g�@ʰ��Fz�[3�V��t5�_�`��`�� õ(��a�UٱWQ:�7��D��2��4z�9��I�)R�Q��u��!+�d+sI��~��d�6�9\��!�)��i�p�h�b�Zytfu�6��A)�;�q4Z��0F��VM�G0]�PKJ;GD�5nC�>t�;�U��:��.P��Jq�+?��-��5��(��K��۸�B J�:��,.�7�c��a�T>����Q�1�`l4._��4�쇑�G��߀#ܭ�\F��5�$T��N��C��߃�$��N�g7�I��t2� ��^!��٥�f@sڑ�=G��5ך�Hb�&G;�)p*��4�2{��P`��%=��/7P��4+��+�Z��F��ph9l1a��n�aA�i�o��&H�/M�X�`�FP��SǁT;I�n�W��G� �vM�xx��5��_B~�f��K*<~�ɒ��&+��A8�ڠ�RW�*�q1�'�ZH��`+{��Ga-��W.�ў��"��#�`��ez�%��<�_e�f�RD �^�G�N�@��W��ȡ�\��gq-�� F��Y8�ʺ�&��S�y��m��G}�a��`텗B.�z̚]SSfq�8F��ǌQR�3�?��"�\ڃ� ��E��B\��CzȫVh��fDe��Ny�G>�.UaqS��+�� >�R��8�aD��W�y�-��V|j��D,��*(p'��I/ xw�᚝�30��!^3��}��n��@��'�f�Ϛ�i?Oլ�\��d��bI�*�&`�&wa��cOy%aD��i�0��3��qO��c��Y�nI�?h>l&\9�'1��w�3A2�[%$�#��1�64E�v��#KY�c��P��h#��p�O5o�%ݵ�^�cf�8��z�E|k��5��J�ruk/�L�P�k�_��=s�D[H��i�F��q�`�9�]ŋ$"��-�R?E��7Q��~�i 6 ��L}��؂:"y��7��< �$�
EmuStart
LoggClck
checkkeyok

Sections

.text
Size: - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SUPERMA
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.SUPERMA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SUPERMA
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SHADOW-BYPASS 2.8/BYPASS/Shadow Bypass_protected.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
SHADOW-BYPASS 2.8/SETUP/Clean_Gameloop.bat
SHADOW-BYPASS 2.8/SETUP/Gameloop 32 Bit.exe
.exe windows:5 windows x86

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

ws2_32

htons
WSAStartup
WSAGetLastError
WSACleanup
gethostbyname
closesocket
setsockopt
ioctlsocket
__WSAFDIsSet
select
shutdown
connect
recv
send
htonl
ntohl
socket

kernel32

UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
SetErrorMode
TerminateProcess
RaiseException
GetFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetFileAttributesW
GetFileSizeEx
TerminateThread
FreeResource
GetUserDefaultUILanguage
DecodePointer
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
FindFirstFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
FindClose
GetExitCodeProcess
IsDBCSLeadByte
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
CopyFileW
CreateFileA
SwitchToThread
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
LoadLibraryA
GetSystemDefaultLangID
OpenProcess
SleepEx
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
FlushFileBuffers
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
MulDiv
GetACP
lstrlenW
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
MapViewOfFile
LocalFileTimeToFileTime
GlobalAlloc
lstrcpyW
lstrcmpiW
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
QueryPerformanceFrequency
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
GetStringTypeW
EncodePointer
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GetSystemDirectoryW
CreateFileMappingW
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
GetSystemInfo
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
InterlockedExchangeAdd
GetTickCount
GetFileAttributesExW
GetLocalTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
MoveFileW
DeleteFileW
SetFilePointer
SetEvent
WaitForSingleObject
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Sleep
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentThreadId
GlobalFree
MultiByteToWideChar
GetCurrentProcess
GetFileSize
WriteFile
ReadFile
GetLastError
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GlobalLock

user32

wsprintfW
EnumDisplayDevicesW
GetDC
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
DestroyWindow
DefWindowProcW
GetSystemMetrics
MessageBoxW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
InvalidateRect
IsWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
IsRectEmpty
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
CreateAcceleratorTableW
InflateRect
UnionRect
SendMessageW
GetWindowRect
ScreenToClient
GetKeyState
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
GetMessageW
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
TranslateMessage
DispatchMessageW
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
GetGUIThreadInfo
SetForegroundWindow
MapVirtualKeyExW
GetKeyboardLayout
OffsetRect
CallWindowProcW
SetPropW
CreatePopupMenu
GetCaretBlinkTime
ClientToScreen
SetCaretPos
GetCaretPos
GetKeyNameTextW
GetPropW
HideCaret
ShowCaret
CreateCaret
GetWindowRgn
UpdateLayeredWindow
EqualRect
FillRect
DrawTextW
SetRect
CharPrevW
MoveWindow

gdi32

CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
StretchBlt
CreateCompatibleDC
DeleteDC
ExtSelectClipRgn
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetObjectA
DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
SetStretchBltMode
CreatePatternBrush
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetBitmapBits
SetBitmapBits
CombineRgn
RemoveFontMemResourceEx
CreateDIBSection
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
CreateRectRgn
SelectObject
PtInRegion

advapi32

CryptAcquireContextW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetFolderPathA
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetPathFromIDListW
SHChangeNotify

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateGuid
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipTranslateWorldTransform
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangleI
GdipSetPenMode
GdipMeasureString
GdipCreatePen1
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipDrawString
GdipDrawImageRectI
GdipRotateWorldTransform
GdipStringFormatGetGenericTypographic

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

winhttp

WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveFileSpecA
PathIsDirectoryW

d3d9

Direct3DCreate9

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

Netbios

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SHADOW-BYPASS 2.8/SETUP/Gameloop 64 Bit.exe
.exe windows:5 windows x86

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

ws2_32

htons
WSAStartup
WSAGetLastError
WSACleanup
gethostbyname
closesocket
setsockopt
ioctlsocket
__WSAFDIsSet
select
shutdown
connect
recv
send
htonl
ntohl
socket

kernel32

UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
DuplicateHandle
SetErrorMode
TerminateProcess
RaiseException
GetFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetFileAttributesW
GetFileSizeEx
TerminateThread
FreeResource
GetUserDefaultUILanguage
DecodePointer
ProcessIdToSessionId
OpenMutexW
CreateMutexW
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
FindFirstFileW
RemoveDirectoryW
MoveFileExW
FindNextFileW
FindClose
GetExitCodeProcess
IsDBCSLeadByte
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
CopyFileW
CreateFileA
SwitchToThread
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetVersionExW
LoadLibraryA
GetSystemDefaultLangID
OpenProcess
SleepEx
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
FlushFileBuffers
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
MulDiv
GetACP
lstrlenW
GlobalUnlock
ExitProcess
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
MapViewOfFile
LocalFileTimeToFileTime
GlobalAlloc
lstrcpyW
lstrcmpiW
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
SetEnvironmentVariableA
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
ResetEvent
IsDebuggerPresent
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
QueryPerformanceFrequency
FindFirstFileExW
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
GetStringTypeW
EncodePointer
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GetSystemDirectoryW
CreateFileMappingW
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineW
GetSystemInfo
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
InterlockedExchangeAdd
GetTickCount
GetFileAttributesExW
GetLocalTime
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
MoveFileW
DeleteFileW
SetFilePointer
SetEvent
WaitForSingleObject
CreateEventW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Sleep
InterlockedExchange
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentThreadId
GlobalFree
MultiByteToWideChar
GetCurrentProcess
GetFileSize
WriteFile
ReadFile
GetLastError
GetModuleHandleW
GetProcAddress
CreateFileW
CloseHandle
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GlobalLock

user32

wsprintfW
EnumDisplayDevicesW
GetDC
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
DestroyWindow
DefWindowProcW
GetSystemMetrics
MessageBoxW
InvalidateRgn
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
IsWindowEnabled
InvalidateRect
IsWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
IsRectEmpty
IntersectRect
PtInRect
SetCursor
LoadCursorW
CharNextW
CreateAcceleratorTableW
InflateRect
UnionRect
SendMessageW
GetWindowRect
ScreenToClient
GetKeyState
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
IsIconic
GetActiveWindow
GetWindow
SetFocus
BeginPaint
EndPaint
GetUpdateRect
IsWindowVisible
MapWindowPoints
CreateWindowExW
GetCursorPos
ReleaseCapture
GetSysColor
GetMessageW
DestroyMenu
TrackPopupMenu
EnableMenuItem
AppendMenuW
TranslateMessage
DispatchMessageW
IsZoomed
PostMessageW
GetFocus
SetTimer
KillTimer
SetCapture
GetParent
LoadImageW
SetWindowRgn
ShowWindow
EnableWindow
PostQuitMessage
RegisterClassW
GetClassInfoExW
RegisterClassExW
GetGUIThreadInfo
SetForegroundWindow
MapVirtualKeyExW
GetKeyboardLayout
OffsetRect
CallWindowProcW
SetPropW
CreatePopupMenu
GetCaretBlinkTime
ClientToScreen
SetCaretPos
GetCaretPos
GetKeyNameTextW
GetPropW
HideCaret
ShowCaret
CreateCaret
GetWindowRgn
UpdateLayeredWindow
EqualRect
FillRect
DrawTextW
SetRect
CharPrevW
MoveWindow

gdi32

CreateRectRgnIndirect
GetClipBox
SelectClipRgn
CreateRoundRectRgn
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateDIBitmap
AddFontMemResourceEx
GetTextMetricsW
CloseEnhMetaFile
CreateEnhMetaFileW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SaveDC
StretchBlt
CreateCompatibleDC
DeleteDC
ExtSelectClipRgn
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
GetObjectA
DeleteObject
CreateCompatibleBitmap
GetDeviceCaps
SetStretchBltMode
CreatePatternBrush
CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
GetBitmapBits
SetBitmapBits
CombineRgn
RemoveFontMemResourceEx
CreateDIBSection
SetBkMode
SetTextColor
SetBkColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GdiFlush
CreateRectRgn
SelectObject
PtInRegion

advapi32

CryptAcquireContextW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptReleaseContext
CryptGenRandom
RegQueryValueExA

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetFolderPathA
ord165
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetPathFromIDListW
SHChangeNotify

ole32

RegisterDragDrop
DoDragDrop
OleDuplicateData
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateGuid
ReleaseStgMedium
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal

comctl32

ord17
_TrackMouseEvent

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipTranslateWorldTransform
GdipCloneStringFormat
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawRectangleI
GdipSetPenMode
GdipMeasureString
GdipCreatePen1
GdipFillRectangleI
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipDrawString
GdipDrawImageRectI
GdipRotateWorldTransform
GdipStringFormatGetGenericTypographic

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

winhttp

WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpOpen

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveFileSpecA
PathIsDirectoryW

d3d9

Direct3DCreate9

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

Netbios

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SHADOW-BYPASS 2.8/SETUP/How To Use .txt
SHADOW-BYPASS 2.8/SETUP/Kill_Gameloop.bat

Sharing

General

Malware Config

Signatures

Files

d6fe572a2067ff4ea118bd72ce0d5458

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcp140

kernel32

user32

shell32

userenv

rpcrt4

urlmon

wininet

psapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

normaliz

ws2_32

wldap32

crypt32

Exports

Exports

Sections

.text Size: - Virtual size: 642KB

.rdata Size: - Virtual size: 120KB

.data Size: - Virtual size: 169KB

.SUPERMA Size: - Virtual size: 8.8MB

.SUPERMA Size: 2KB - Virtual size: 2KB

.SUPERMA Size: 12.1MB - Virtual size: 12.1MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.7MB - Virtual size: 1.7MB

Size: 78KB - Virtual size: 77KB

Size: 15B - Virtual size: 12B

.imports Size: 512B - Virtual size: 8KB

.rsrc Size: 78KB - Virtual size: 78KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 2.9MB - Virtual size: 2.9MB

0e2b0c48d5c7e0af756a1d45ad1efe66

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

imm32

winhttp

shlwapi

d3d9

version

netapi32

Sections

.text
Size: - Virtual size: 642KB

.rdata
Size: - Virtual size: 120KB

.data
Size: - Virtual size: 169KB

.SUPERMA
Size: - Virtual size: 8.8MB

.SUPERMA
Size: 2KB - Virtual size: 2KB

.SUPERMA
Size: 12.1MB - Virtual size: 12.1MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.imports
Size: 512B - Virtual size: 8KB

.rsrc
Size: 78KB - Virtual size: 78KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 2.9MB - Virtual size: 2.9MB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 529KB - Virtual size: 529KB

.data
Size: 64KB - Virtual size: 82KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 448KB - Virtual size: 447KB

.reloc
Size: 117KB - Virtual size: 117KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 529KB - Virtual size: 529KB

.data
Size: 64KB - Virtual size: 82KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.QMGuid
Size: 512B - Virtual size: 20B

.rsrc
Size: 448KB - Virtual size: 447KB

.reloc
Size: 117KB - Virtual size: 117KB