ZEROHOOK-FOLDER[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

ZEROHOOK-FOLDER.7z
Size

75.5MB
MD5

cde8e6f03fb91d8e5ec7becb75c5fb0c
SHA1

d0e3aea38cd6e170f775535c841a900798cc3803
SHA256

8d299db8be411142ab3a35c7815857ea421595fe607d4cd1526f2e8758013f78
SHA512

2f35480a5245f7449daceee869cffbd64b8791143a71624025d42e0208d21738bccce8b4b7bf1c4e15f21f449448abf3ce2e3e646422c068a9bc489914271034
SSDEEP

1572864:NmIKIXxM2lBCKCzen53ayMD+/1ZEPWYN39RCRGmL2YZOhPA9lW:cIVxVKXzmqjDurEPWARCRPL20OhP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZEROHOOK-FOLDER/WQMYJURTH961S7QWY6U7OG1T5.exe

Files

ZEROHOOK-FOLDER.7z
.7z
ZEROHOOK-FOLDER/!WARNING!.txt
ZEROHOOK-FOLDER/1. setupGuide.txt
ZEROHOOK-FOLDER/2. Config Issues.txt
ZEROHOOK-FOLDER/3.5 AMD ISSUES!!!!.txt
ZEROHOOK-FOLDER/4 INJECT FROM A USB READ THIS.txt
ZEROHOOK-FOLDER/SYLVIES CONFIG/1.Player ESP.png
.png
ZEROHOOK-FOLDER/SYLVIES CONFIG/2. Item ESP.png
.png
ZEROHOOK-FOLDER/SYLVIES CONFIG/3. Exfil ESP.png
.png
ZEROHOOK-FOLDER/SYLVIES CONFIG/4. Aimbot.png
.png
ZEROHOOK-FOLDER/SYLVIES CONFIG/5.Weapon.png
.png
ZEROHOOK-FOLDER/SYLVIES CONFIG/6. MISC.png
.png
ZEROHOOK-FOLDER/WQMYJURTH961S7QWY6U7OG1T5.exe
.exe windows:6 windows x64 arch:x64

f09eced69b31ea1adff2180ca7fa1a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

closesocket
bind
getsockopt
__WSAFDIsSet
gethostbyname
htons
ioctlsocket
inet_ntoa
ntohs
recv
select
send
connect
inet_addr
getsockname
inet_pton
setsockopt
socket
shutdown
WSAStartup
WSAGetLastError

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString

kernel32

MoveFileExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTickCount
FormatMessageA
GetComputerNameW
GetACP
GetOEMCP
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSize
GetFileTime
ReadFile
SetEndOfFile
WriteFile
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetVersionExA
FreeLibrary
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ResumeThread
CreateProcessW
GetExitCodeProcess
MultiByteToWideChar
LocalFree
GetModuleHandleW
WideCharToMultiByte
CreateActCtxW
UnmapViewOfFile
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
MapViewOfFile
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetWindowsDirectoryW
GetNativeSystemInfo
DuplicateHandle
GetTickCount64
ResetEvent
Thread32Next
Thread32First
CreateNamedPipeW
TerminateThread
FindNextFileW
GetExitCodeThread
IsWow64Process
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
MoveFileW
CreateRemoteThread
VirtualFreeEx
SetThreadContext
VirtualQueryEx
LoadLibraryW
SuspendThread
GetThreadTimes
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetModuleFileNameW
GetTempPathW
SetFilePointer
SetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetCurrentDirectoryA
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
CompareFileTime
GlobalUnlock
GetConsoleWindow
GetProcessHeap
GlobalLock
HeapAlloc
GlobalSize
VirtualProtect
SetConsoleCursorPosition
FillConsoleOutputAttribute
CreateThread
WriteConsoleW
LoadLibraryA
GetCurrentThread
CreateFileA
Sleep
OpenProcess
TerminateProcess
SetConsoleTitleA
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
GetModuleFileNameA
CreateFileW
DeviceIoControl
GetComputerNameA
GetSystemTime
DeleteCriticalSection
DecodePointer
GetSystemInfo
GetLastError
InitializeCriticalSectionEx
VirtualAlloc
GetStdHandle
GetFileSizeEx
GetFileType
HeapFree
GetCommandLineW
GetFullPathNameW
ReadProcessMemory
GetFileAttributesW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetTimeZoneInformation
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
SetEvent
InitializeCriticalSectionAndSpinCount
VirtualFree
SetConsoleTextAttribute
GetCurrentProcessId
Process32Next
CreateToolhelp32Snapshot
Module32First
K32GetDeviceDriverBaseNameA
QueryDosDeviceA
Module32Next
Process32First
K32EnumDeviceDrivers
IsBadReadPtr
GetProcAddress
GetModuleHandleA
CheckRemoteDebuggerPresent
IsDebuggerPresent
OpenThread
GetThreadContext
RaiseException
CloseHandle
GetCurrentThreadId
GetCurrentProcess
SetStdHandle
HeapReAlloc
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
GetCPInfo
GetLocaleInfoEx
FindFirstFileExW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
GetStringTypeW
WaitForSingleObjectEx
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

wsprintfW
OpenClipboard
EmptyClipboard
GetDC
GetClientRect
GetDesktopWindow
ReleaseDC
GetClassNameA
ShowWindow
EnumWindows

gdi32

CreateCompatibleBitmap
DeleteDC
CreateCompatibleDC
BitBlt
DeleteObject
SelectObject

advapi32

CryptCreateHash
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegSetValueExA
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptSetHashParam
CryptDestroyHash
CryptSignHashA
RegSetValueExW
CryptGetProvParam
CryptEnumProvidersA
CryptDeriveKey
RegOpenKeyExW
OpenThreadToken
RegQueryValueExW
RegCreateKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyW
RegEnumValueW
CryptGetUserKey
CryptHashData
CryptImportKey
CryptExportKey
CryptDestroyKey
RegOpenKeyExA

oleaut32

SysFreeString

shlwapi

SHDeleteKeyW

iphlpapi

SendARP
GetIpForwardTable

d3d9

Direct3DCreate9

ntdll

RtlCaptureContext
RtlImageNtHeader
RtlImageDirectoryEntryToData
NtQuerySystemInformation
NtLoadDriver
RtlInitAnsiString
NtUnloadDriver
RtlAnsiStringToUnicodeString
RtlLookupFunctionEntry
RtlVirtualUnwind

gdiplus

GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToStream
GdiplusStartup
GdiplusShutdown
GdipFree

crypt32

CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CryptMsgControl
CertOpenStore
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptEncryptMessage
CryptEncodeObject
CryptDecodeObject
CertDuplicateCertificateContext
CertCreateCertificateContext
CertSetCertificateContextProperty
CertNameToStrW
CertEnumCertificatesInStore
CryptDecryptMessage

Sections

_X/d<.0Z
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

C#0YK5vl
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

AYW)S32c
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

&?"?CCbn
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

+W%>&@(R
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

:WmlvzM?
Size: - Virtual size: 61.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

M'G$i4oj
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

'i;g!/u6
Size: 88.6MB - Virtual size: 88.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

yd-Jq1M_
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f09eced69b31ea1adff2180ca7fa1a75

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

ole32

kernel32

user32

gdi32

advapi32

oleaut32

shlwapi

iphlpapi

d3d9

ntdll

gdiplus

crypt32

Sections

_X/d<.0Z Size: - Virtual size: 2.4MB

C#0YK5vl Size: - Virtual size: 1.0MB

AYW)S32c Size: - Virtual size: 100KB

&?"?CCbn Size: - Virtual size: 84KB

+W%>&@(R Size: - Virtual size: 348B

:WmlvzM? Size: - Virtual size: 61.7MB

M'G$i4oj Size: 9KB - Virtual size: 9KB

'i;g!/u6 Size: 88.6MB - Virtual size: 88.6MB

yd-Jq1M_ Size: 265KB - Virtual size: 264KB

_X/d<.0Z
Size: - Virtual size: 2.4MB

C#0YK5vl
Size: - Virtual size: 1.0MB

AYW)S32c
Size: - Virtual size: 100KB

&?"?CCbn
Size: - Virtual size: 84KB

+W%>&@(R
Size: - Virtual size: 348B

:WmlvzM?
Size: - Virtual size: 61.7MB

M'G$i4oj
Size: 9KB - Virtual size: 9KB

'i;g!/u6
Size: 88.6MB - Virtual size: 88.6MB

yd-Jq1M_
Size: 265KB - Virtual size: 264KB