FullZone[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

FullZone.rar
Size

37.4MB
MD5

bcc6d2e7ba2b94547ede44ba77f0917e
SHA1

aadcbdaa233cf22e656cc484d195d87a660b4a0d
SHA256

c3046e52912de9995b52ed1a171289b8d48f16a2de11c960eb289ca069c5347f
SHA512

06793e3b875b2e1510f47f3297e04a88957685a588874539ce386ddc03877a973ac9465d0844f66de7a3c4c5ad618d4d6712b6dcf7eb34f2a6d9939c1b47adcf
SSDEEP

786432:DM8ZIHePyiNK8SfKSFdrpXbevCoQExiqjONS823HR:DMP+PthSCSFhpXa6ICIB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/FullZone/pawno/pawno.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FullZone/announce.exe
unpack001/FullZone/pawno/pawnc.dll
unpack001/FullZone/pawno/pawncc.exe
unpack001/FullZone/pawno/pawno.exe
unpack001/FullZone/samp-npc.exe
unpack001/FullZone/samp-server.exe

Files

FullZone.rar
.rar
FullZone/announce.exe
.exe windows:4 windows x86 arch:x86

5df40cb9994dcacb42f25de3fe7d92db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
htons
socket
bind
connect
recv
send
closesocket
WSACleanup
WSAStartup

kernel32

GetFileType
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
GetLastError
CloseHandle
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetFilePointer
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FullZone/base de datos fullzone (500 usuarios pass y user) xd/marcosl_4097.sql
FullZone/filterscripts/Mapas.amx
FullZone/filterscripts/ls_elevator.amx
FullZone/gamemodes/FullZone.amx
FullZone/gamemodes/FullZone.pwn
FullZone/gamemodes/includes_fullzone/Acciones.pwn
FullZone/gamemodes/includes_fullzone/Defines.pwn
FullZone/gamemodes/includes_fullzone/Dialogs.pwn
FullZone/gamemodes/includes_fullzone/Fowards.pwn
FullZone/gamemodes/includes_fullzone/Graffitis.pwn
FullZone/gamemodes/includes_fullzone/MapeosOptimizados.pwn
FullZone/gamemodes/includes_fullzone/Textdraws.pwn
FullZone/gamemodes/includes_fullzone/Variables.pwn
FullZone/logs/errors.log
FullZone/logs/log-core.log
FullZone/logs/plugins/mysql.log
FullZone/pawno/include/CleoFuck.inc
FullZone/pawno/include/Dini.inc
FullZone/pawno/include/Double-O-Bits.inc
FullZone/pawno/include/Double-O-Files.inc
FullZone/pawno/include/Double-O-Files_2.inc
.vbs
FullZone/pawno/include/Double-O-Pickups.inc
FullZone/pawno/include/FCNPC.inc
FullZone/pawno/include/ForEachPlayer.inc
FullZone/pawno/include/GPS.inc
FullZone/pawno/include/OPA.inc
FullZone/pawno/include/Pawn.CMD.inc
FullZone/pawno/include/Pawn.RakNet.inc
FullZone/pawno/include/Pawn.Regex.inc
FullZone/pawno/include/SpeedVehicle.inc
FullZone/pawno/include/YSI/extra/y_extra.inc
FullZone/pawno/include/YSI/extra/y_extra_languages.inc
FullZone/pawno/include/YSI/extra/y_extra_other.inc
FullZone/pawno/include/YSI/extra/y_extra_users.inc
FullZone/pawno/include/YSI/internal/y_automasters.inc
FullZone/pawno/include/YSI/internal/y_classgroups.inc
FullZone/pawno/include/YSI/internal/y_colourparse.inc
FullZone/pawno/include/YSI/internal/y_formatin.inc
FullZone/pawno/include/YSI/internal/y_formatout.inc
FullZone/pawno/include/YSI/internal/y_funcinc.inc
FullZone/pawno/include/YSI/internal/y_globaltags.inc
FullZone/pawno/include/YSI/internal/y_groupfirst.inc
FullZone/pawno/include/YSI/internal/y_grouponce.inc
FullZone/pawno/include/YSI/internal/y_grouprevert.inc
FullZone/pawno/include/YSI/internal/y_groupsecond.inc
FullZone/pawno/include/YSI/internal/y_groupsingle.inc
FullZone/pawno/include/YSI/internal/y_incognitostreamer.inc
FullZone/pawno/include/YSI/internal/y_inttest.inc
.vbs
FullZone/pawno/include/YSI/internal/y_inttest2.inc
.vbs
FullZone/pawno/include/YSI/internal/y_masteronce.inc
FullZone/pawno/include/YSI/internal/y_natives.inc
FullZone/pawno/include/YSI/internal/y_nogroups.inc
FullZone/pawno/include/YSI/internal/y_overridemaster.inc
FullZone/pawno/include/YSI/internal/y_plugins.inc
FullZone/pawno/include/YSI/internal/y_renative.inc
FullZone/pawno/include/YSI/internal/y_scripttrace.inc
FullZone/pawno/include/YSI/internal/y_shortfunc.inc
FullZone/pawno/include/YSI/internal/y_stripnumbers.inc
FullZone/pawno/include/YSI/internal/y_styles.inc
FullZone/pawno/include/YSI/internal/y_textint.inc
FullZone/pawno/include/YSI/internal/y_textload.inc
FullZone/pawno/include/YSI/internal/y_textprovider.inc
FullZone/pawno/include/YSI/internal/y_textrender - Copy.inc
FullZone/pawno/include/YSI/internal/y_textrender.inc
FullZone/pawno/include/YSI/internal/y_unique - Copy.inc
FullZone/pawno/include/YSI/internal/y_unique.inc
FullZone/pawno/include/YSI/internal/y_version.inc
FullZone/pawno/include/YSI/internal/y_x11def.inc
FullZone/pawno/include/YSI/internal/y_x11parse.inc
FullZone/pawno/include/YSI/internal/y_x11switch.inc
FullZone/pawno/include/YSI/y_als.inc
FullZone/pawno/include/YSI/y_als/impl.inc
FullZone/pawno/include/YSI/y_als/tests.inc
FullZone/pawno/include/YSI/y_amx.inc
FullZone/pawno/include/YSI/y_areas.inc
.vbs
FullZone/pawno/include/YSI/y_bintree.inc
FullZone/pawno/include/YSI/y_bit.inc
FullZone/pawno/include/YSI/y_bitmap.inc
FullZone/pawno/include/YSI/y_bitmap/blending.inc
FullZone/pawno/include/YSI/y_bitmap/fonts.inc
FullZone/pawno/include/YSI/y_bitmap/impl.inc
FullZone/pawno/include/YSI/y_bitmap/patterns.inc
FullZone/pawno/include/YSI/y_bitmap/shapes.inc
FullZone/pawno/include/YSI/y_bitmap/subpixel.inc
FullZone/pawno/include/YSI/y_bitmap/tests.inc
FullZone/pawno/include/YSI/y_bitmap/write.inc
FullZone/pawno/include/YSI/y_cell.inc
FullZone/pawno/include/YSI/y_classes.inc
FullZone/pawno/include/YSI/y_colors.inc
FullZone/pawno/include/YSI/y_colours.inc
.vbs
FullZone/pawno/include/YSI/y_commands.inc
.vbs
FullZone/pawno/include/YSI/y_debug.inc
FullZone/pawno/include/YSI/y_dialog.inc
FullZone/pawno/include/YSI/y_extra.inc
FullZone/pawno/include/YSI/y_files.inc
FullZone/pawno/include/YSI/y_flooding.inc
FullZone/pawno/include/YSI/y_groups.inc
FullZone/pawno/include/YSI/y_gui.inc
FullZone/pawno/include/YSI/y_gui2.inc
FullZone/pawno/include/YSI/y_hooks.inc
FullZone/pawno/include/YSI/y_hooks/impl.inc
FullZone/pawno/include/YSI/y_hooks/tests.inc
FullZone/pawno/include/YSI/y_ini.inc
FullZone/pawno/include/YSI/y_inline - Copy.inc
FullZone/pawno/include/YSI/y_inline.inc
FullZone/pawno/include/YSI/y_iterate.inc
FullZone/pawno/include/YSI/y_jaggedarray.inc
FullZone/pawno/include/YSI/y_languages.inc
FullZone/pawno/include/YSI/y_lock.inc
FullZone/pawno/include/YSI/y_malloc.inc
FullZone/pawno/include/YSI/y_master.inc
FullZone/pawno/include/YSI/y_master/_auto.inc
FullZone/pawno/include/YSI/y_master/_cleanup.inc
FullZone/pawno/include/YSI/y_master/_impl1.inc
FullZone/pawno/include/YSI/y_master/_impl2.inc
.vbs
FullZone/pawno/include/YSI/y_master/_override.inc
FullZone/pawno/include/YSI/y_master/_resolve.inc
FullZone/pawno/include/YSI/y_master/once.inc
FullZone/pawno/include/YSI/y_mini.inc
FullZone/pawno/include/YSI/y_mouse.inc
FullZone/pawno/include/YSI/y_php.inc
FullZone/pawno/include/YSI/y_player.inc
FullZone/pawno/include/YSI/y_playerarray.inc
.vbs
FullZone/pawno/include/YSI/y_players.inc
FullZone/pawno/include/YSI/y_playerset.inc
FullZone/pawno/include/YSI/y_profile.inc
FullZone/pawno/include/YSI/y_races.inc
FullZone/pawno/include/YSI/y_races/groups.inc
FullZone/pawno/include/YSI/y_races/impl.inc
.vbs
FullZone/pawno/include/YSI/y_races/tests.inc
FullZone/pawno/include/YSI/y_remote.inc
FullZone/pawno/include/YSI/y_scripting.inc
FullZone/pawno/include/YSI/y_scriptinit.inc
FullZone/pawno/include/YSI/y_stringhash.inc
FullZone/pawno/include/YSI/y_svar.inc
FullZone/pawno/include/YSI/y_svar/ini.inc
FullZone/pawno/include/YSI/y_svar/tests.inc
FullZone/pawno/include/YSI/y_td.inc
.vbs
FullZone/pawno/include/YSI/y_tdmorph.h
FullZone/pawno/include/YSI/y_testing.inc
FullZone/pawno/include/YSI/y_text.inc
FullZone/pawno/include/YSI/y_text2.inc
FullZone/pawno/include/YSI/y_timers.inc
FullZone/pawno/include/YSI/y_timers/impl.inc
FullZone/pawno/include/YSI/y_timers/tests.inc
FullZone/pawno/include/YSI/y_timers/v2.inc
FullZone/pawno/include/YSI/y_timers/v3.inc
FullZone/pawno/include/YSI/y_users.inc
FullZone/pawno/include/YSI/y_users/blueg7.inc
FullZone/pawno/include/YSI/y_users/ini.inc
FullZone/pawno/include/YSI/y_users/tests.inc
FullZone/pawno/include/YSI/y_utils.inc
FullZone/pawno/include/YSI/y_uvar.inc
FullZone/pawno/include/YSI/y_va.inc
FullZone/pawno/include/YSI/y_va/impl.inc
FullZone/pawno/include/YSI/y_va/tests.inc
FullZone/pawno/include/YSI/y_writemem.inc
FullZone/pawno/include/YSI/y_xml.inc
FullZone/pawno/include/YSI/y_zonenames.inc
FullZone/pawno/include/YSI/y_zonepulse.inc
FullZone/pawno/include/YSI/y_zonepulse/impl.inc
FullZone/pawno/include/YSI/y_zonepulse/tests.inc
FullZone/pawno/include/a_actor.inc
FullZone/pawno/include/a_angles.inc
FullZone/pawno/include/a_gametext.inc
FullZone/pawno/include/a_http.inc
FullZone/pawno/include/a_mysql.inc
FullZone/pawno/include/a_npc.inc
FullZone/pawno/include/a_objects.inc
.vbs
FullZone/pawno/include/a_players.inc
FullZone/pawno/include/a_samp.inc
FullZone/pawno/include/a_sampdb.inc
FullZone/pawno/include/a_vehicles.inc
FullZone/pawno/include/a_zones.inc
FullZone/pawno/include/audio.inc
FullZone/pawno/include/cargasgm.inc
FullZone/pawno/include/colandreas.inc
.vbs
FullZone/pawno/include/core.inc
FullZone/pawno/include/crashdetect.inc
FullZone/pawno/include/custom-query-flood-check.inc
FullZone/pawno/include/datagram.inc
FullZone/pawno/include/dof2.inc
.vbs
FullZone/pawno/include/dynamicobject.inc
.vbs
FullZone/pawno/include/file.inc
FullZone/pawno/include/float.inc
FullZone/pawno/include/foreach.inc
FullZone/pawno/include/g_cars.inc
FullZone/pawno/include/geolocation.inc
FullZone/pawno/include/mSelection.inc
FullZone/pawno/include/mSelection2.inc
FullZone/pawno/include/mailer.inc
FullZone/pawno/include/mapandreas.inc
FullZone/pawno/include/newcallbacks.inc
FullZone/pawno/include/no-reload.inc
FullZone/pawno/include/optud.inc
FullZone/pawno/include/pause.inc
FullZone/pawno/include/player.inc
.vbs
FullZone/pawno/include/playerprogress.inc
FullZone/pawno/include/progress.inc
FullZone/pawno/include/rotation.inc
FullZone/pawno/include/rotation_extra.inc
FullZone/pawno/include/rotation_misc.inc
FullZone/pawno/include/rotations_version.inc
FullZone/pawno/include/seif_walk.inc
FullZone/pawno/include/sii.inc
FullZone/pawno/include/sscanf2.inc
FullZone/pawno/include/streamer.inc
FullZone/pawno/include/string.inc
FullZone/pawno/include/time.inc
FullZone/pawno/include/timers.inc
FullZone/pawno/include/utils.inc
FullZone/pawno/include/vehicles.inc
FullZone/pawno/include/vfunc.inc
FullZone/pawno/include/y_hooks.inc
FullZone/pawno/include/yom_buttons.inc
FullZone/pawno/include/zcmd.inc
FullZone/pawno/pawn.cfg
FullZone/pawno/pawn.ico
FullZone/pawno/pawnc.dll
.dll windows:6 windows x86 arch:x86

4bb63c7d554e66293d1dbd99140c58e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

IsWindow
RegisterWindowMessageA
PostMessageA

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memcpy
memset
strchr
strrchr
longjmp
_setjmp3
memmove

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

fgetc
__stdio_common_vsscanf
fwrite
setvbuf
_tempnam
__stdio_common_vfprintf
__acrt_iob_func
fgets
fopen
fputs
fsetpos
fseek
__stdio_common_vsprintf
fread
fgetpos
fflush
feof
ftell
fclose

api-ms-win-crt-filesystem-l1-1-0

_access
remove
_stat64i32
_chdrive
_chdir

api-ms-win-crt-string-l1-1-0

isalnum
isdigit
toupper
isalpha
_strdup
strncmp
strtok
isupper
tolower
isspace
_stricmp

api-ms-win-crt-convert-l1-1-0

strtol
atoi

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_except1

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

Exports

Exports

Compile
pc_addconstant
pc_addtag
pc_compile
pc_enablewarning

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FullZone/pawno/pawncc.exe
.exe windows:5 windows x86 arch:x86

5112ae7ecd22cb9686812ec8f533297a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pawnc

pc_compile

msvcr100

_unlock
__dllonexit
_lock
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_onexit

kernel32

IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FullZone/pawno/pawno.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 540KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FullZone/pawno/settings.ini
FullZone/plugins/GPS.so
.elf linux x86
FullZone/plugins/crashdetect.so
.elf linux x86
FullZone/plugins/linux/crashdetect.so
.elf linux x86
FullZone/plugins/linux/mysql.so
.elf linux x86
FullZone/plugins/linux/nativechecker.so
.elf linux x86
FullZone/plugins/linux/pawncmd.so
.elf linux x86
FullZone/plugins/linux/pawnraknet.cfg
FullZone/plugins/linux/pawnraknet.so
.elf linux x86
FullZone/plugins/linux/sscanf.so
.elf linux x86
FullZone/plugins/linux/streamer.so
.elf linux x86
FullZone/plugins/mysql.so
.elf linux x86
FullZone/plugins/nativechecker.so
.elf linux x86
FullZone/plugins/pawncmd.so
.elf linux x86
FullZone/plugins/pawnraknet.cfg
FullZone/plugins/pawnraknet.so
.elf linux x86
FullZone/plugins/sscanf.so
.elf linux x86
FullZone/plugins/streamer.so
.elf linux x86
FullZone/samp-npc.exe
.exe windows:4 windows x86 arch:x86

e3571dd5a9e9b81772c8cabcd924caff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
CharLowerA

kernel32

CreateThread
QueryPerformanceCounter
QueryPerformanceFrequency
CloseHandle
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetProcAddress
LoadLibraryA
FreeLibrary
SetConsoleMode
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
GetEnvironmentVariableA
SetLocalTime
GetLocalTime
OutputDebugStringA
GetConsoleMode
ReadConsoleInputA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
SetEndOfFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCPInfo
LCMapStringW
MultiByteToWideChar
LCMapStringA
VirtualQuery
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
GetLastError
DeleteFileA
ExitThread
GetCurrentThreadId
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
WriteFile
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlushFileBuffers
GetCurrentProcessId
GetFileAttributesA
CreateFileA
WideCharToMultiByte
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedExchange

wsock32

getsockname
gethostname
sendto
WSAGetLastError
recvfrom
gethostbyname
socket
setsockopt
inet_ntoa
bind
htons
WSACleanup
WSAStartup
closesocket
ioctlsocket
inet_addr
htonl
ntohs

winmm

timeGetTime
timeBeginPeriod

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FullZone/samp-server.exe
.exe windows:4 windows x86 arch:x86

0eed331a13471baad6960f2d6a40f2de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

kernel32

GetTimeZoneInformation
SetConsoleMode
GetStdHandle
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleWindowInfo
SetConsoleScreenBufferSize
AllocConsole
GetEnvironmentVariableA
SetLocalTime
GetLocalTime
Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
CloseHandle
ReadFile
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
UnmapViewOfFile
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CreateFileW
MapViewOfFile
CreateFileMappingA
QueryPerformanceFrequency
Module32Next
Module32First
CreateToolhelp32Snapshot
CreateThread
SetEvent
ReadConsoleA
WaitForSingleObject
TerminateThread
SetUnhandledExceptionFilter
CreateEventA
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetCurrentDirectoryA
GetConsoleMode
ReadConsoleInputA
CompareStringW
CompareStringA
IsBadCodePtr
IsBadReadPtr
TlsGetValue
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetStringTypeW
GetStringTypeA
InterlockedExchange
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
VirtualQuery
GetSystemInfo
VirtualProtect
UnhandledExceptionFilter
HeapAlloc
HeapFree
HeapReAlloc
RtlUnwind
ExitThread
GetCurrentThreadId
RaiseException
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetTimeFormatA
GetDateFormatA
MoveFileA
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
HeapSize

user32

CharToOemA
CharUpperA
CharLowerA

wsock32

recv
getsockname
gethostname
WSAGetLastError
inet_ntoa
connect
bind
ntohs
inet_addr
htons
htonl
sendto
closesocket
WSAStartup
socket
setsockopt
ioctlsocket
gethostbyname
send
recvfrom
WSACleanup

winmm

timeGetTime
timeBeginPeriod

Sections

.text
Size: 684KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FullZone/scriptfiles/SkinDineroMujer.txt
FullZone/scriptfiles/SkinsZRMujer.txt
FullZone/scriptfiles/avionesar.txt
FullZone/scriptfiles/botesar.txt
FullZone/scriptfiles/botesbitcoins.txt
FullZone/scriptfiles/boteszr.txt
FullZone/scriptfiles/c_prendas.txt
FullZone/scriptfiles/geoip.db
FullZone/scriptfiles/geoip_city.db
FullZone/scriptfiles/helicopterosbitcoins.txt
FullZone/scriptfiles/heliszr.txt
FullZone/scriptfiles/motosar.txt
FullZone/scriptfiles/motoszr.txt
FullZone/scriptfiles/policia.txt
FullZone/scriptfiles/policia2.txt
FullZone/scriptfiles/roadblocks.txt
FullZone/scriptfiles/signs.txt
FullZone/scriptfiles/skinDineroHombre.txt
FullZone/scriptfiles/skinhombrear.txt
FullZone/scriptfiles/skinhombrears.txt
FullZone/scriptfiles/skinmujerar.txt
FullZone/scriptfiles/skinmujerars.txt
FullZone/scriptfiles/skins.txt
FullZone/scriptfiles/skinsZRHombre.txt
FullZone/scriptfiles/vehiculosar.txt
FullZone/scriptfiles/vehiculosbitcoins.txt
FullZone/scriptfiles/vehiculoszr.txt
FullZone/server.cfg
FullZone/vcruntime140.dll
.dll windows:6 windows x86 arch:x86

6a84b7445ccacd5d29ac27de2745f356

Code Sign

33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-08-2018 20:20

Not After

23-11-2019 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:08

Not After

26-07-2019 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2
Signer

Actual PE Digest

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2

Digest Algorithm

sha256

PE Digest Matches

true

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a
Signer

Actual PE Digest

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5df40cb9994dcacb42f25de3fe7d92db

Headers

File Characteristics

Imports

wsock32

kernel32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

4bb63c7d554e66293d1dbd99140c58e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 10KB - Virtual size: 9KB

5112ae7ecd22cb9686812ec8f533297a

Headers

DLL Characteristics

File Characteristics

Imports

pawnc

msvcr100

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 908B

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 430B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 540KB

UPX1 Size: 287KB - Virtual size: 288KB

.rsrc Size: 9KB - Virtual size: 12KB

e3571dd5a9e9b81772c8cabcd924caff

Headers

File Characteristics

Imports

user32

kernel32

wsock32

winmm

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 24KB - Virtual size: 233KB

.rsrc Size: 4KB - Virtual size: 760B

0eed331a13471baad6960f2d6a40f2de

Headers

File Characteristics

Imports

shell32

kernel32

user32

wsock32

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 908B

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 430B

UPX0
Size: - Virtual size: 540KB

UPX1
Size: 287KB - Virtual size: 288KB

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 24KB - Virtual size: 233KB

.rsrc
Size: 4KB - Virtual size: 760B

.text
Size: 684KB - Virtual size: 681KB

.rdata
Size: 96KB - Virtual size: 93KB

.data
Size: 140KB - Virtual size: 333KB

.rsrc
Size: 4KB - Virtual size: 880B

33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7c:83:07:f2:ab:ac:ee:45:72:8a:94:b8:52:1c:71:d9:cf:2a:02:0f:3d:2a:40:23:c8:ae:be:94:e0:2b:de:b2
Signer

69:f0:3a:b3:d3:e2:76:74:1b:68:d7:40:21:2e:c8:f1:01:72:80:8a
Signer

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 3KB - Virtual size: 2KB