Reboot_Ultimate[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Reboot_Ultimate.dll
Size

2.7MB
MD5

ec9c0da3832735eee4f86e36a75c71b5
SHA1

d6a16a7eae3e9e63b3f027d16ae45cdc6e0dce12
SHA256

636887e8f907085df611a4d8b29683865b6c1ef8213b83ecabdc123657dc51db
SHA512

1743497fb5d7f1b4c1f443dd22254c52b03903f9905db730927cde37cff728b4c7015d0fdbe7ee7ca392183dd9129df5fc0ab06f974a8129b378a85357cc5cce
SSDEEP

49152:wiKFGkJoJhYuW0lGnkhKb66wXGvGyb9M7CuF4z4YDKjnoWINaTjhhY+Xc9hilBKx:hPMkJr4uU0t4NdarEEC/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Reboot_Ultimate.dll

Files

Reboot_Ultimate.dll
.dll windows:6 windows x64 arch:x64

18e27c542f926716288a489b951e2e44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\User\Pictures\Reboot-Ultimate-rewrite\x64\Release\Reboot Ultimate.pdb

Imports

user32

CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
PostQuitMessage
UpdateWindow
MessageBoxA
GetKeyState
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetWindowRect
DefWindowProcW
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
ScreenToClient
SetClipboardData

kernel32

GetConsoleScreenBufferInfo
SetConsoleTextAttribute
VirtualFree
GetStdHandle
WriteConsoleA
WriteFile
VirtualAlloc
GetDynamicTimeZoneInformation
GetCurrentThreadId
GetConsoleMode
GetCurrentProcessId
SuspendThread
GetCurrentThread
GetModuleHandleW
GetModuleFileNameA
HeapCreate
VirtualProtect
SetConsoleTitleA
HeapAlloc
GetThreadContext
Sleep
GetFileAttributesA
RtlCaptureContext
QueryPerformanceCounter
CloseHandle
RtlLookupFunctionEntry
CreateThread
SetThreadContext
HeapReAlloc
HeapFree
RtlVirtualUnwind
GetModuleHandleA
FlushInstructionCache
GetSystemTimeAsFileTime
CreateToolhelp32Snapshot
Thread32First
Thread32Next
AllocConsole
VirtualQuery
FreeLibrary
IsBadReadPtr
GetLocaleInfoEx
FormatMessageA
LocalFree
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
AreFileApisANSI
SleepEx
GetSystemDirectoryA
GetCurrentDirectoryW
GetLastError
SetLastError
FormatMessageW
MoveFileExA
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
WaitForSingleObjectEx
VerSetConditionMask
GetCurrentProcess
GetProcAddress
ResumeThread
QueryPerformanceFrequency
GetSystemInfo
GlobalUnlock
WideCharToMultiByte
GlobalLock
LoadLibraryA
GlobalFree
GlobalAlloc
SleepConditionVariableSRW
WakeAllConditionVariable
GetEnvironmentVariableA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
MultiByteToWideChar
AcquireSRWLockExclusive
OpenThread
ReleaseSRWLockExclusive

ws2_32

WSACleanup
WSAStartup
socket
inet_pton
WSAIoctl
setsockopt
ntohs
send
htons
gethostname
ioctlsocket
sendto
recvfrom
recv
getsockopt
freeaddrinfo
getsockname
getaddrinfo
WSACloseEvent
ntohl
getpeername
WSACreateEvent
listen
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
__WSAFDIsSet
htonl
connect
select
bind
closesocket
WSASetLastError
accept

advapi32

CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDestroyHash

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptQueryObject
CertFindExtension
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertGetNameStringA

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmSetCandidateWindow
ImmAssociateContextEx

msvcp140

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@PEAV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?_Random_device@std@@YAIXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_signal
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Thrd_id
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock
_Cnd_destroy_in_situ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?uncaught_exceptions@std@@YAHXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

d3d9

Direct3DCreate9

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
__std_terminate
strstr
strchr
__std_exception_destroy
__std_exception_copy
_purecall
strrchr
memcpy
memset
memmove
memcmp
memchr
__current_exception
__current_exception_context
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

_wfopen
fseek
__stdio_common_vfprintf
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
fclose
_lseeki64
_open
fopen
fflush
__acrt_iob_func
fgets
_close
_write
__stdio_common_vsnprintf_s
_read
feof
fputs
ftell
freopen_s
fwrite
_fsopen
__stdio_common_vsprintf_s
fputc
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
__stdio_common_vswprintf
fgetc
__stdio_common_vswprintf_s

api-ms-win-crt-string-l1-1-0

isupper
isdigit
strncpy
strpbrk
strcmp
strspn
strcspn
tolower
toupper
strncmp
_strdup

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
realloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_register_onexit_function
_initterm
_initterm_e
_initialize_onexit_table
terminate
__sys_errlist
_initialize_narrow_environment
__sys_nerr
_configure_narrow_argv
_invalid_parameter_noinfo
_beginthreadex
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_getpid
_errno
_execute_onexit_table

api-ms-win-crt-convert-l1-1-0

strtof
strtod
strtoul
strtoll
atoi
wcstombs
strtoull
atof
strtol

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
strftime
_gmtime64
_gmtime64_s

api-ms-win-crt-math-l1-1-0

_dclass
_fdclass
_ldclass
acosf
ceilf
cosf
floor
_fdsign
fmaf
sqrtf
fmodf
_dsign
powf
roundf
_ldsign
floorf
sinf
fminf

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_access
_unlock_file
_lock_file
_unlink
_mkdir

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18e27c542f926716288a489b951e2e44

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

ws2_32

advapi32

crypt32

imm32

msvcp140

d3d9

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 627KB - Virtual size: 626KB

.data Size: 45KB - Virtual size: 68KB

.pdata Size: 57KB - Virtual size: 57KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 627KB - Virtual size: 626KB

.data
Size: 45KB - Virtual size: 68KB

.pdata
Size: 57KB - Virtual size: 57KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 9KB - Virtual size: 8KB