81fd8421dc3ec9a2469ea5966e07cb279a7a233f1f72d90bc263e0ebacd0f959[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

81fd8421dc3ec9a2469ea5966e07cb279a7a233f1f72d90bc263e0ebacd0f959.zip.zip
Size

3.1MB
MD5

0b4a1e706a63882647f0b65cfd505543
SHA1

12ba86d76c5e7ef12227065334514b7f0bc2540e
SHA256

a3b4a39f14d82c0ef5e667884cf4ef0954ca258aa2965f545431eb2242bdc273
SHA512

385978147ece13ae697c5f92020cca5a1c3d7be84e5780b7c1f022e0fe3d555e3c267bbc41bf4b8c55bffce22bf9584f277568814b30ee7fbe8550224df968c9
SSDEEP

98304:PYQLIqQt3u+PlzvXV0tYHpPhgnm5czQaNp:PDs7NLOtYHp2C0QaD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/soldatserver	upx
static1/unpack002/soldatserver.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/BattlEye/BEServer.dll
unpack002/soldatserver.exe
unpack003/out.upx

Files

81fd8421dc3ec9a2469ea5966e07cb279a7a233f1f72d90bc263e0ebacd0f959.zip.zip
.zip

Password: infected
81fd8421dc3ec9a2469ea5966e07cb279a7a233f1f72d90bc263e0ebacd0f959.zip
.zip
BattlEye/BEServer.dll
.dll windows:4 windows x86

ed48b73edbd483f301d814ff9cdcbdd3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
__WSAFDIsSet
closesocket
WSAStartup
recvfrom
select
gethostbyname
send
WSAGetLastError
htons
sendto
WSACleanup
recv
socket
ioctlsocket

kernel32

GetConsoleCP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LCMapStringW
LCMapStringA
ReadFile
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetProcAddress
GetLongPathNameA
EnterCriticalSection
GetTickCount
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
SetLastError
LoadLibraryA
VirtualProtect
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
CloseHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
WriteFile
WideCharToMultiByte
GetConsoleMode
RaiseException
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
HeapSize
SetEndOfFile

Exports

Exports

Init

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BattlEye/BEServer.so
.elf linux x86
Changes.txt
README.txt
anims/barret.poa
anims/bezbroni.poa
anims/biega.poa
anims/biegaranny.poa
anims/biegatyl.poa
anims/bije.poa
anims/celuje.poa
anims/celujeodrzut.poa
anims/change.poa
anims/chat.poa
anims/cieszy.poa
anims/cigar.poa
anims/clipin.poa
anims/clipout.poa
anims/firemode.poa
anims/gora.poa
anims/goraodrzut.poa
anims/kolba.poa
anims/krocze.poa
anims/kuca.poa
anims/kucaidzie.poa
anims/kucaidzietyl.poa
anims/laduje.poa
anims/lezy.poa
anims/lezyidzie.poa
anims/match.poa
anims/odrzut.poa
anims/odrzut2.poa
anims/pistolet.poa
anims/rucha.poa
anims/rzuca.poa
anims/samo.poa
anims/samo2.poa
anims/shotgun.poa
anims/skok.poa
anims/skokdolobrot.poa
anims/skokdolobrottyl.poa
anims/skokwbok.poa
anims/slideback.poa
anims/smoke.poa
anims/spada.poa
anims/stoi.poa
anims/strzala.poa
anims/stunt.poa
anims/szcza.poa
anims/takeoff.poa
anims/template.poa
anims/wipe.poa
anims/wstaje.poa
anims/wyrzuca.poa
anims/zmienbron.poa
bots/Admiral.bot
bots/Billy.bot
bots/Blain.bot
bots/Boogie Man.bot
bots/Commando.bot
bots/D Dave.bot
bots/Danko.bot
bots/Dutch.bot
bots/John.bot
bots/Kruger.bot
bots/Poncho.bot
bots/Roach.bot
bots/Sgt. Mac.bot
bots/Sniper.bot
bots/Stevie.bot
bots/Terminator.bot
lobby_servers.txt
maps/Aero.PMS
maps/Airpirates.PMS
maps/Arena.PMS
maps/Arena2.PMS
maps/Arena3.PMS
maps/Bigfalls.PMS
maps/Blox.PMS
maps/Bridge.PMS
maps/Bunker.PMS
maps/Cambodia.PMS
maps/CrackedBoot.PMS
maps/Daybreak.PMS
maps/DesertWind.PMS
maps/Factory.PMS
maps/Flashback.PMS
maps/HH.PMS
maps/Island2k5.PMS
maps/Jungle.PMS
maps/Krab.PMS
maps/Lagrange.PMS
maps/Leaf.PMS
maps/MrSnowman.PMS
maps/RatCave.PMS
maps/Rok.PMS
maps/Shau.PMS
maps/Tropiccave.PMS
maps/Unlim.PMS
maps/Veoto.PMS
maps/ctf_Ash.PMS
maps/ctf_B2b.PMS
maps/ctf_Blade.PMS
maps/ctf_Cobra.PMS
maps/ctf_Death2.PMS
maps/ctf_Division.PMS
maps/ctf_Dropdown2.PMS
maps/ctf_Equinox.PMS
maps/ctf_Guardian.PMS
maps/ctf_Hormone.PMS
maps/ctf_IceBeam.PMS
maps/ctf_Kampf.PMS
maps/ctf_Lanubya.PMS
maps/ctf_Laos.PMS
maps/ctf_MFM2.PMS
maps/ctf_Maya.PMS
maps/ctf_Maya2.PMS
maps/ctf_Nuubia.PMS
maps/ctf_Raspberry.PMS
maps/ctf_Rotten.PMS
maps/ctf_Ruins.PMS
maps/ctf_Run.PMS
maps/ctf_Snakebite.PMS
maps/ctf_Steel.PMS
maps/ctf_Viet.PMS
maps/ctf_Voland.PMS
maps/ctf_X.PMS
maps/htf_Arch.PMS
maps/htf_Baire.PMS
maps/htf_Boxed.PMS
maps/htf_Desert.PMS
maps/htf_Dusk.PMS
maps/htf_Erbium.PMS
maps/htf_Muygen.PMS
maps/htf_Niall.PMS
maps/htf_Nuclear.PMS
maps/htf_Prison.PMS
maps/htf_Rubik.PMS
maps/htf_Star.PMS
maps/htf_Void.PMS
maps/htf_Vortex.PMS
maps/htf_Zajacz.PMS
maps/inf_Abel.PMS
maps/inf_Argy.PMS
maps/inf_Biologic.PMS
maps/inf_Fortress.PMS
maps/inf_Industrial.PMS
maps/inf_Messner.PMS
maps/inf_Moonshine.PMS
maps/inf_Outpost.PMS
maps/inf_Rescue.PMS
maps/inf_Rise.PMS
maps/inf_Warehouse.PMS
objects/flag.po
objects/gostek.po
objects/karabin.po
objects/kit.po
objects/para.po
objects/stat.po
remote.txt
scripts/README.txt
scripts/default/AdminCore.pas
scripts/default/Core.pas
scripts/default/Includes.txt
scripts/default/NetworkCore.pas
scripts/default/SocketCore.pas
server.ini
serverscript
soldat.ini
soldatserver
.elf linux x86
soldatserver.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 352KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 941KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6.8MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
weapons.ini
weapons_realistic.ini

Sharing

General

Malware Config

Signatures

Files

Password: infected

ed48b73edbd483f301d814ff9cdcbdd3

Headers

File Characteristics

Imports

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 37KB

.reloc Size: 8KB - Virtual size: 7KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 7.5MB

UPX1 Size: 352KB - Virtual size: 356KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 941KB - Virtual size: 940KB

DATA Size: 24KB - Virtual size: 24KB

BSS Size: - Virtual size: 6.8MB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 67KB - Virtual size: 67KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 37KB

.reloc
Size: 8KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 7.5MB

UPX1
Size: 352KB - Virtual size: 356KB

.rsrc
Size: 2KB - Virtual size: 4KB

CODE
Size: 941KB - Virtual size: 940KB

DATA
Size: 24KB - Virtual size: 24KB

BSS
Size: - Virtual size: 6.8MB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 67KB - Virtual size: 67KB

.rsrc
Size: 20KB - Virtual size: 20KB