ZEROWARE (new build 2020) (1)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

ZEROWARE (new build 2020) (1).rar
Size

1.7MB
MD5

fdf0fde8d943c49a49599e29ae798a34
SHA1

d1546c0ff3c1eccd1387f9cd4393a3c4c7b1d4ed
SHA256

537bb76ab602ae445c3789f8a18d290cf82ae7c61f62bc43a04602b3240ffa4e
SHA512

844212133bdce6e73e9014dad74992f3cce29804e4d5e8b86d704af82c1ea1ba08e6865251e492aac3588b6265af2b1eecb555c8747b8d5d629773adfa4b9e95
SSDEEP

49152:rgh/AHEmLnwALQukJH8kNFGL1wbWVvATkQJkOu8:84HEUtEukJHJy1sQYTk+9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ZEROWARE/Zero.hl.exe	upx

Files

ZEROWARE (new build 2020) (1).rar
.rar
ZEROWARE/Zero.dll
.dll windows x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bubqovme
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wbyphbzh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ZEROWARE/Zero.hl.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ZEROWARE/Zero.ini
ZEROWARE/Zero_orignal.dll
.dll windows x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 165KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ZEROWARE/Zero_orignal.dll.log
ZEROWARE/config/fps+.cfg
ZEROWARE/config/fps-.cfg
ZEROWARE/config/knifebot_attack+.cfg
ZEROWARE/config/knifebot_attack-.cfg
ZEROWARE/config/legit.cfg
ZEROWARE/config/psilent.cfg
ZEROWARE/config/rage.cfg
ZEROWARE/config/zero.cfg
ZEROWARE/injmthd.ini
ZEROWARE/k l a.txt
ZEROWARE/ways/$1000$/ct
ZEROWARE/ways/$1000$/t
ZEROWARE/ways/$2000$/ct
ZEROWARE/ways/$2000$/t
ZEROWARE/ways/$5000$/ct
ZEROWARE/ways/$5000$/t
ZEROWARE/ways/35hp_2/ct
ZEROWARE/ways/35hp_2/ct_long
ZEROWARE/ways/35hp_2/new
ZEROWARE/ways/35hp_2/t
ZEROWARE/ways/35hp_2/t_long
ZEROWARE/ways/aim_deagle/ct
ZEROWARE/ways/aim_deagle/t
ZEROWARE/ways/aim_headshot/ct
ZEROWARE/ways/aim_headshot/t
ZEROWARE/ways/aim_map_usp/ct
ZEROWARE/ways/aim_map_usp/t
ZEROWARE/ways/awp_dust/ct
ZEROWARE/ways/awp_dust/t
ZEROWARE/ways/awp_india/ct
ZEROWARE/ways/awp_india/t
ZEROWARE/ways/awp_map/ct
ZEROWARE/ways/awp_map/t
ZEROWARE/ways/awp_rooftops/ct
ZEROWARE/ways/cs_assault/ct
ZEROWARE/ways/cs_assault/t
ZEROWARE/ways/cs_italy/ct
ZEROWARE/ways/cs_italy/t
ZEROWARE/ways/de_dust2/ct
ZEROWARE/ways/de_dust2/new
ZEROWARE/ways/de_dust2/t
ZEROWARE/ways/de_dust2/tt
ZEROWARE/ways/de_dust2/tt_all
ZEROWARE/ways/de_dust2_2x2/ct
ZEROWARE/ways/de_dust2_2x2/new
ZEROWARE/ways/de_dust2_2x2/t
ZEROWARE/ways/de_dust2_2x2/tt_all
ZEROWARE/ways/de_dust2x2/ct
ZEROWARE/ways/de_dust2x2/t
ZEROWARE/ways/de_dust_32/ct
ZEROWARE/ways/de_inferno/ct
ZEROWARE/ways/de_inferno/new
ZEROWARE/ways/de_inferno/t
ZEROWARE/ways/de_inferno_2x2/t
ZEROWARE/ways/de_mirage/new
ZEROWARE/ways/de_nuke/ct
ZEROWARE/ways/de_nuke/t
ZEROWARE/ways/de_train/ct
ZEROWARE/ways/de_train/new
ZEROWARE/ways/de_train/t
ZEROWARE/ways/de_westwood/ct
ZEROWARE/ways/de_westwood/t
ZEROWARE/ways/fy_pool_day/ct
ZEROWARE/ways/fy_pool_day/t
ZEROWARE/ways/hns_floppytown/ct
ZEROWARE/ways/hvh_lite2/new

Sharing

General

Malware Config

Signatures

Files

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 600KB - Virtual size: 600KB

.rsrc Size: 3KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

bubqovme Size: 2.3MB - Virtual size: 2.3MB

wbyphbzh Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 165KB - Virtual size: 600KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 512B

.rsrc
Size: 3KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

bubqovme
Size: 2.3MB - Virtual size: 2.3MB

wbyphbzh
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 165KB - Virtual size: 600KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B