Intro
Original project name is ZEROKIT.
Somewhere in sources you can find sig ZPAG. It's mean: Zerokit Powerful As Gog. What is in little-endian mean: GAPZ.
Warning
The purpose of the project is not to stimulate malicious projects, but only laid out for the community concerned for academic purposes.
I am not responsible for the malicious use of this code, neither before nor now nor in the future.
It's my own research and development during 2010-2012 years. But some parts, like PowerLoader is not mine.
Whitepapers and articles
- https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf
- https://recon.cx/2013/slides/Recon2013-Aleksandr%20Matrosov%20and%20Eugene%20Rodionov-Reconstructing-Gapz%20Position-Independent%20Code%20Analysis%20Problem.pdf
- https://www.welivesecurity.com/wp-content/uploads/2013/05/CARO_2013.pdf
- https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-RodionovMatrosov.pdf
- https://www.sba-research.org/wp-content/uploads/publications/Bootkit_EuroSec_2014.pdf
- https://habr.com/ru/company/eset/blog/169131/
- https://habr.com/ru/company/eset/blog/174169/
- https://habr.com/ru/company/eset/blog/175911/
Donations are welcome
Now the code is not structured. It takes a lot of time and effort. Any donations can stimulate this work, as well as the publication of other interesting projects.
Ethereum: 0x96165B292200b60D3fB694872C94A4934db7989f
Bitcoin: 376Dj2c89iLMzfkpH7PXpEfh9B1Bj8MyNJ
(c) 2019 Thank you!