DDoS-main[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

DDoS-main.zip
Size

3.7MB
MD5

0f2ad3fb4412c3320cbadd62556913cc
SHA1

7764fa3c8ac03852aa39f9504e72b34def9df801
SHA256

3737e6cc008d52a0957cc96440bfa5c99545d983e62c24ea193996af8e1cfef7
SHA512

7f863ff704b48579f30be857920b904abf45642d17884dfbcd023bce4b0e6df039a161495ed12750729923f3c6f22b427abb7e21646f80b30f20b877f9598717
SSDEEP

98304:YL0UG+k4rT9S4fIo6TC6Frtpd6MBTTVu1Wi:YL0UG+XrZS4UC6FRpAkHUP

Score

10^/10

botnet

Malware Config

Signatures

Contains strings common to LOLSquad DDoS tools 4 IoCs

Resembles a range of public tools written in C intended for DDoS attacks.

botnet

resource	yara_rule
static1/unpack001/DDoS-main/Bypasses/2k	lolsquad_ddos
static1/unpack001/DDoS-main/Bypasses/dominatev2	lolsquad_ddos
static1/unpack001/DDoS-main/Bypasses/nfo-game	lolsquad_ddos
static1/unpack001/DDoS-main/Bypasses/wra	lolsquad_ddos

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Evader-main/rcedit.exe
unpack002/Evader-main/result/Evader_4444.exe

Files

DDoS-main.zip
.zip
DDoS-main/Bypasses/2k
.elf linux x64
DDoS-main/Bypasses/78tcp
.elf linux x86
DDoS-main/Bypasses/browser.js
.js
DDoS-main/Bypasses/cpu
.elf linux x64
DDoS-main/Bypasses/dominatev2
.elf linux x64
DDoS-main/Bypasses/fivem
.elf linux x64
DDoS-main/Bypasses/getengine.js
.js
DDoS-main/Bypasses/hexrail.c
DDoS-main/Bypasses/https.js
.js
DDoS-main/Bypasses/nfo-game
.elf linux x64
DDoS-main/Bypasses/proxy.txt
DDoS-main/Bypasses/tcp-drank
.elf linux x64
DDoS-main/Bypasses/tcp-primacy
.elf linux x64
DDoS-main/Bypasses/udp-drank
.elf linux x64
DDoS-main/Bypasses/wra
.elf linux x64
DDoS-main/Bypasses/yellowsynv2
DDoS-main/Evader-main.zip
.zip
Evader-main/README.md
Evader-main/evader.py
.py .sh linux
Evader-main/icon/best-icons/Femfoyou-Angry-Birds-Angry-bird-black.ico
Evader-main/icon/best-icons/GenPhish.ico
Evader-main/icon/best-icons/JPEG-black.ico
Evader-main/icon/best-icons/JPEG-camera.ico
Evader-main/icon/best-icons/JPEG-orange.ico
Evader-main/icon/best-icons/JPEG-white.ico
Evader-main/icon/best-icons/JPG-Ios7.ico
Evader-main/icon/best-icons/JPG-black.ico
Evader-main/icon/best-icons/JPG-green.ico
Evader-main/icon/best-icons/JPG-white.ico
Evader-main/icon/best-icons/Microsoft-Excel.ico
Evader-main/icon/best-icons/Microsoft-Word.ico
Evader-main/icon/best-icons/PNG-black.ico
Evader-main/icon/best-icons/PNG-simple.ico
Evader-main/icon/best-icons/PNG-white.ico
Evader-main/icon/best-icons/Steam-logo.ico
Evader-main/icon/best-icons/Windows-Logo.ico
Evader-main/icon/best-icons/Windows-Store.ico
Evader-main/icon/best-icons/accdb.ico
Evader-main/icon/best-icons/chrome.ico
Evader-main/icon/best-icons/doc.ico
Evader-main/icon/best-icons/docx.ico
Evader-main/icon/best-icons/dropbox.ico
Evader-main/icon/best-icons/evil.ico
Evader-main/icon/best-icons/exe.ico
Evader-main/icon/best-icons/explorer10.ico
Evader-main/icon/best-icons/explorer8.1.ico
Evader-main/icon/best-icons/favicon.ico
Evader-main/icon/best-icons/firefox.ico
Evader-main/icon/best-icons/icon.ico
Evader-main/icon/best-icons/lock.ico
Evader-main/icon/best-icons/mp3.ico
Evader-main/icon/best-icons/mp4.ico
Evader-main/icon/best-icons/pdf.ico
Evader-main/icon/best-icons/ppt.ico
Evader-main/icon/best-icons/rar.ico
Evader-main/icon/best-icons/txt.ico
Evader-main/icon/best-icons/xlsx.ico
Evader-main/icon/icon.ico
Evader-main/install.sh
.sh linux
Evader-main/rcedit.exe
.exe windows:5 windows x86 arch:x86

f6373a3ff07839e0cf1095730fa9ee53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\rcedit\Default\rcedit.pdb

Imports

kernel32

DecodePointer
FreeResource
LockResource
FreeLibrary
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
ReadFile
SetFilePointer
CloseHandle
LoadLibraryExW
FindResourceW
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
ReadConsoleW
GetCurrentDirectoryW
SetCurrentDirectoryW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetFullPathNameW
GetFullPathNameA
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentThread
GetDriveTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringA
CreateThread
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile

user32

UnregisterClassW

Sections

.text
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evader-main/result/Evader_4444.exe
.exe windows:4 windows x64 arch:x64

94357957e4a3875a4bb93ae041a05c97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
GetConsoleWindow
GetLastError
GetStartupInfoA
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
vfprintf

user32

ShowWindow

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 416B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Evader-main/result/none
Evader-main/template.exe.manifest
.xml
DDoS-main/HTTP-SENPAI-main/HTTP-SENPAI-main/README.md
DDoS-main/HTTP-SENPAI-main/HTTP-SENPAI-main/hentai.js
.js
DDoS-main/HTTP-SENPAI-main/HTTP-SENPAI-main/http.txt
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/LICENSE.md
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/README.md
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/aes.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/bfcrypt.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/blazingfast.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/browser_engine.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/cloudflare.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/ddosguard.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/index.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/ovh.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/pipeguard.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/privacypass.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/stormwall.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/bypasses/sucuri.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/client.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/flood.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/method.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/package.json
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/privacypass.json
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/proxies.txt
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/random-words.js
.js
DDoS-main/Layer7-MultiBypass-main/Layer7-MultiBypass-main/ua.txt
DDoS-main/Layer7-MultiBypass-main/how to use/howtouse.txt
DDoS-main/Methods/Methods/Embed-JS/bypass/aes.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/bfcrypt.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/blazingfast.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/browser_engine.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/cloudflare.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/ddos-guard.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/ovh.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/pipeguard.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/privacypass.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypass/privacypass.json
DDoS-main/Methods/Methods/Embed-JS/bypasses/aes.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/bfcrypt.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/blazingfast.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/browser_engine.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/cloudflare.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/ddosguard.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/index.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/ovh.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/pipeguard.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/privacypass.js
.js
DDoS-main/Methods/Methods/Embed-JS/bypasses/sucuri.js
.js
DDoS-main/Methods/Methods/Embed-JS/clear.js
.js
DDoS-main/Methods/Methods/Embed-JS/client.js
.js
DDoS-main/Methods/Methods/Embed-JS/flood.js
.js
DDoS-main/Methods/Methods/Embed-JS/layer7.js
.js
DDoS-main/Methods/Methods/Embed-JS/main.js
.js
DDoS-main/Methods/Methods/Embed-JS/privacypass.json
DDoS-main/Methods/Methods/Embed-JS/random-words.js
.js
DDoS-main/Methods/Methods/Embed-JS/ua.txt
DDoS-main/Methods/Methods/Embed-JS/usage.txt
DDoS-main/Methods/Methods/Embed-JS/x.js
DDoS-main/Methods/Methods/tcpbypass
.elf linux x64
DDoS-main/Methods/Methods/udpbypass
.elf linux x64
DDoS-main/Methods/key.txt
DDoS-main/fivem
.elf linux x64
DDoS-main/hex
.elf linux x64
DDoS-main/ovh-slavic.c
DDoS-main/vlayer7.pl
.pl .sh linux

Sharing

General

Malware Config

Signatures

Files

f6373a3ff07839e0cf1095730fa9ee53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 742KB - Virtual size: 741KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 9KB - Virtual size: 16KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

94357957e4a3875a4bb93ae041a05c97

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 176B

.rdata Size: 114KB - Virtual size: 113KB

.pdata Size: 1024B - Virtual size: 564B

.xdata Size: 512B - Virtual size: 416B

.bss Size: - Virtual size: 416B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 40KB - Virtual size: 39KB

/31 Size: 7KB - Virtual size: 6KB

/45 Size: 8KB - Virtual size: 8KB

/57 Size: 2KB - Virtual size: 2KB

/70 Size: 1KB - Virtual size: 1KB

/81 Size: 12KB - Virtual size: 11KB

/92 Size: 2KB - Virtual size: 1KB

.text
Size: 742KB - Virtual size: 741KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 9KB - Virtual size: 16KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 176B

.rdata
Size: 114KB - Virtual size: 113KB

.pdata
Size: 1024B - Virtual size: 564B

.xdata
Size: 512B - Virtual size: 416B

.bss
Size: - Virtual size: 416B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 40KB - Virtual size: 39KB

/31
Size: 7KB - Virtual size: 6KB

/45
Size: 8KB - Virtual size: 8KB

/57
Size: 2KB - Virtual size: 2KB

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 12KB - Virtual size: 11KB

/92
Size: 2KB - Virtual size: 1KB