reborn_release[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

reborn_release.zip
Size

479KB
MD5

4cfea47a62d1251769c1e940446c59fe
SHA1

6ea647897cfc24a3fc8a82f7f1f222c362de0ddd
SHA256

fa14d06c9051cc094a3b861b24465be3a94f1c42c0abd52b3a7178c1bfe25051
SHA512

1c6fc638fb866d7d599559d475795ccb602926719710bc4adeab238509ce7092ab593472aa01de80ad9a4d17d17e71deda34d3f900d02ea7b7a702a5f8976c52
SSDEEP

12288:fG/S0Q2lVOi/OoYTb8OLM9yxZkEoFJMCiACFPy8uo3A15prX:faf37Oowb5g9YZ6JM2Cly8V3A1Tr

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ReBorn.dll
unpack001/rebornlauncher_scuffed.exe

Files

reborn_release.zip
.zip
ReBorn.dll
.dll windows:6 windows x64

25a36cd918b1ce97c8f86fa2550fdc5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
VirtualProtect
AllocConsole
FreeConsole
CloseHandle
DisableThreadLibraryCalls
GetModuleHandleA
GetCurrentProcess
CreateToolhelp32Snapshot
GetLastError
ReleaseSRWLockExclusive
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetProcAddress
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
SetThreadStackGuarantee
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetFilePointerEx
GetStdHandle
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter
GetProcessHeap
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetConsoleMode
FormatMessageW
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
IsProcessorFeaturePresent

psapi

GetModuleInformation

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initterm_e
_initterm
_execute_onexit_table
_cexit
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

DllMain

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rebornlauncher_scuffed.exe
.exe windows:6 windows x64

445318f4a8fc31b7cad3ff8cd0fc8347

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlNtStatusToDosError
NtReadFile
RtlCaptureContext
NtQuerySystemInformation
NtWriteFile
RtlPcToFileHeader
RtlUnwindEx
RtlGetVersion
RtlLookupFunctionEntry
NtQueryInformationProcess
RtlVirtualUnwind

advapi32

GetLengthSid
LookupAccountSidW
CopySid
IsValidSid
GetTokenInformation
OpenProcessToken
SystemFunction036

iphlpapi

GetIfTable2
FreeMibTable
GetIfEntry2
GetAdaptersAddresses

kernel32

FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
CloseHandle
GetProcessId
GetExitCodeProcess
IsWow64Process
GetModuleHandleW
GetCurrentProcess
GetProcAddress
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
OpenProcess
DuplicateHandle
TerminateProcess
VirtualAllocEx
GetSystemInfo
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualQueryEx
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetModuleFileNameW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCurrentProcessId
GetDriveTypeW
GetVolumeInformationW
CreateFileW
DeviceIoControl
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
TryAcquireSRWLockExclusive
QueryPerformanceFrequency
HeapReAlloc
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseMutex
GetModuleHandleA
FindNextFileW
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
GetConsoleMode
GetFileType
FormatMessageW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FlsAlloc
GetStringTypeW
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

netapi32

NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetApiBufferFree

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString

pdh

PdhRemoveCounter
PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

psapi

EnumProcessModulesEx
GetModuleBaseNameW
GetModuleFileNameExW
GetPerformanceInfo

secur32

LsaGetLogonSessionData
LsaEnumerateLogonSessions
LsaFreeReturnBuffer

shell32

CommandLineToArgvW

bcrypt

BCryptGenRandom

Sections

.text
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25a36cd918b1ce97c8f86fa2550fdc5d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 282KB - Virtual size: 281KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 17KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 1KB

445318f4a8fc31b7cad3ff8cd0fc8347

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

iphlpapi

kernel32

netapi32

ole32

oleaut32

pdh

powrprof

psapi

secur32

shell32

bcrypt

Sections

.text Size: 525KB - Virtual size: 524KB

.rdata Size: 239KB - Virtual size: 238KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 21KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 282KB - Virtual size: 281KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 17KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 525KB - Virtual size: 524KB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 21KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 5KB - Virtual size: 5KB