cs[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cs.rar
Size

570KB
MD5

7b529f57140751b4323f7d1319dff638
SHA1

6db79ebcaaa36ce89d4935744ffb0e1eeb224fb0
SHA256

814807348f921200a62c5faf5cbefbe0e6fab07637f50b4d8ae918a01a4dd678
SHA512

6c4e6899e470ab57b106c8737433a2e1d746d19ecd32feba96fcf594c29f7730762842cb34b6c3f823bb3712bfbb4173bd6c07480b1ef847f6b7dfef6e43c895
SSDEEP

12288:yUKM4/45N6wR9590CzVL+7Yt+lvtsnih8+Olm8:fvQ4z6wX59fzVK7Yt+lSiBOlm8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/zero.hl.exe	upx

Files

cs.rar
.rar

Password: infected
config/alternative.cfg
config/fps+.cfg
config/fps-.cfg
config/knifebot_attack+.cfg
config/knifebot_attack-.cfg
config/legit.cfg
config/psilent.cfg
config/rage.cfg
injmthd.ini
k l a.txt
read me.txt
ways/$1000$/ct
ways/$1000$/t
ways/$2000$/ct
ways/$2000$/t
ways/$5000$/ct
ways/$5000$/t
ways/35hp_2/ct
ways/35hp_2/ct_long
ways/35hp_2/new
ways/35hp_2/t
ways/35hp_2/t_long
ways/aim_deagle/ct
ways/aim_deagle/t
ways/aim_headshot/ct
ways/aim_headshot/t
ways/aim_map_usp/ct
ways/aim_map_usp/t
ways/awp_dust/ct
ways/awp_dust/t
ways/awp_india/ct
ways/awp_india/t
ways/awp_map/ct
ways/awp_map/t
ways/awp_rooftops/ct
ways/cs_assault/ct
ways/cs_assault/t
ways/cs_italy/ct
ways/cs_italy/t
ways/de_dust2/ct
ways/de_dust2/new
ways/de_dust2/t
ways/de_dust2/tt
ways/de_dust2/tt_all
ways/de_dust2_2x2/ct
ways/de_dust2_2x2/new
ways/de_dust2_2x2/t
ways/de_dust2_2x2/tt_all
ways/de_dust2x2/ct
ways/de_dust2x2/t
ways/de_dust_32/ct
ways/de_inferno/ct
ways/de_inferno/new
ways/de_inferno/t
ways/de_inferno_2x2/t
ways/de_mirage/new
ways/de_nuke/ct
ways/de_nuke/t
ways/de_train/ct
ways/de_train/new
ways/de_train/t
ways/de_westwood/ct
ways/de_westwood/t
ways/fy_pool_day/ct
ways/fy_pool_day/t
ways/hns_floppytown/ct
ways/hvh_lite2/new
zero.dll
.dll windows x86

Password: infected

9110c9cc062244e30a4d84956b2b2833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
lstrcpynA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
lstrcpyA
FreeLibraryAndExitThread
Sleep
DisableThreadLibraryCalls
CreateThread
CreateDirectoryA
IsBadReadPtr
VirtualProtect
GetCurrentProcess
TerminateProcess
GetModuleHandleA
FlushInstructionCache
lstrcmpA
lstrcmpiA
FormatMessageA
HeapCreate
HeapFree
Thread32Next
GetProcAddress
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
GetModuleHandleW
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary
LoadLibraryA
Thread32First
GetTickCount
LocalFree

user32

SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetAsyncKeyState
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
SendInput
GetCursorPos
GetForegroundWindow
MessageBoxA
SetWindowLongA
CallWindowProcA
FindWindowA
GetKeyNameTextA
MapVirtualKeyA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild

shell32

ShellExecuteA

msvcp140

_To_wide
_Close_dir
_Open_dir
_Lstat
_Read_dir
_Stat
_To_byte
?_Xinvalid_argument@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Unlink
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_File_size
_Remove_dir

opengl32

glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glTexCoordPointer
glDisableClientState
glColorPointer
glDrawElements
glDisable
glPushMatrix
glPixelStorei
glOrtho
glPushAttrib
glGetIntegerv
glDepthRange
glLineWidth
glClearColor
glTexEnvi
glGetFloatv
glDepthFunc
glScissor
glEnable
glVertexPointer
glGenTextures
glBindTexture
glPolygonMode
glPopAttrib
glEnableClientState
glViewport
glPopMatrix
glMatrixMode
glTexImage2D

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

vcruntime140

__std_terminate
strstr
__std_exception_destroy
__std_exception_copy
__std_type_info_compare
__current_exception
memchr
memcpy
memmove
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
memset
__current_exception_context
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
realloc

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-time-l1-1-0

strftime
_time64
_localtime64

api-ms-win-crt-runtime-l1-1-0

_initterm
terminate
_cexit
_crt_atexit
_execute_onexit_table
_initterm_e
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_wassert
_seh_filter_dll

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-convert-l1-1-0

atoi
atof
strtol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
ftell
fwrite
fread
__acrt_iob_func
fflush
__stdio_common_vsprintf_s
fclose
fseek
__stdio_common_vfprintf
feof
__stdio_common_vsprintf
fgetc
_wfopen

api-ms-win-crt-math-l1-1-0

ceil
_libm_sse2_tan_precise
_dclass
_CIfmod
_libm_sse2_sqrt_precise
_fdclass
_libm_sse2_sin_precise
floor
_libm_sse2_pow_precise
_CIatan2
_libm_sse2_log10_precise
_libm_sse2_cos_precise
ldexp
_libm_sse2_acos_precise
roundf

api-ms-win-crt-string-l1-1-0

_stricmp
strncmp
strncpy

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zero.hl.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9110c9cc062244e30a4d84956b2b2833

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

opengl32

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 449KB - Virtual size: 448KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 222KB - Virtual size: 379KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 28KB - Virtual size: 27KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 196KB

UPX1 Size: 10KB - Virtual size: 12KB

.rsrc Size: 168KB - Virtual size: 168KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 449KB - Virtual size: 448KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 222KB - Virtual size: 379KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 28KB - Virtual size: 27KB

UPX0
Size: - Virtual size: 196KB

UPX1
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 168KB - Virtual size: 168KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 2KB - Virtual size: 1KB