xenorat | Rebound cleaned[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Rebound cleaned.rar
Size

7.1MB
MD5

36b500a94e380648d5600f1a3c9e7e18
SHA1

3d4c1d094ceea523af5140fe01c4e45c346dcb8c
SHA256

e632f6bb10cf0c3aa84bb2cddf770d25c887c8e0c213e4cde12edce6f5c3a4de
SHA512

58145d9d87c04e427d82daf3819deb5ba279916ec679333bc816727b0c30c5a5894274451854671b1901539a8a789ad04766a2b10ee5a9de2c753e1f09ddec30
SSDEEP

196608:EbsOSrF7vviY8PGJTwvWRhrlFzyQmlxcv2d4pq+:zOSrhxZTFRjsQmmp7

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

Detect XenoRat Payload 19 IoCs

resource	yara_rule
static1/unpack001/Rebound/Rebound/plugins/Chat.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/File manager.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/Fun.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/Hvnc.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/InfoGrab.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/KeyLogger.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/KeyLoggerOffline.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/LiveMicrophone.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/ProcessManager.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/Registry Manager.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/ReverseProxy.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/ScreenControl.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/Shell.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/Startup.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/SystemPower.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/Uacbypass.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/WebCam.dll	family_xenorat
static1/unpack001/Rebound/Rebound/plugins/xeno rat client.exe	family_xenorat
static1/unpack001/Rebound/Rebound/stub/xeno rat client.exe	family_xenorat

Xenorat family
xenorat

Unsigned PE 20 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rebound/Rebound/Rebound Server.exe
unpack001/Rebound/Rebound/plugins/Chat.dll
unpack001/Rebound/Rebound/plugins/File manager.dll
unpack001/Rebound/Rebound/plugins/Fun.dll
unpack001/Rebound/Rebound/plugins/Hvnc.dll
unpack001/Rebound/Rebound/plugins/InfoGrab.dll
unpack001/Rebound/Rebound/plugins/KeyLogger.dll
unpack001/Rebound/Rebound/plugins/KeyLoggerOffline.dll
unpack001/Rebound/Rebound/plugins/LiveMicrophone.dll
unpack001/Rebound/Rebound/plugins/ProcessManager.dll
unpack001/Rebound/Rebound/plugins/Registry Manager.dll
unpack001/Rebound/Rebound/plugins/ReverseProxy.dll
unpack001/Rebound/Rebound/plugins/ScreenControl.dll
unpack001/Rebound/Rebound/plugins/Shell.dll
unpack001/Rebound/Rebound/plugins/Startup.dll
unpack001/Rebound/Rebound/plugins/SystemPower.dll
unpack001/Rebound/Rebound/plugins/Uacbypass.dll
unpack001/Rebound/Rebound/plugins/WebCam.dll
unpack001/Rebound/Rebound/plugins/xeno rat client.exe
unpack001/Rebound/Rebound/stub/xeno rat client.exe

Files

Rebound cleaned.rar
.rar

Password: 123
Rebound/Rebound/Config.json
Rebound/Rebound/Rebound Server.config
Rebound/Rebound/Rebound Server.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/country_flags/GeoLite2-Country.mmdb
Rebound/Rebound/country_flags/ad.png
.png

Password: 123
Rebound/Rebound/country_flags/ae.png
.png

Password: 123
Rebound/Rebound/country_flags/af.png
.png

Password: 123
Rebound/Rebound/country_flags/ag.png
.png

Password: 123
Rebound/Rebound/country_flags/ai.png
.png

Password: 123
Rebound/Rebound/country_flags/al.png
.png

Password: 123
Rebound/Rebound/country_flags/am.png
.png

Password: 123
Rebound/Rebound/country_flags/ao.png
.png
Rebound/Rebound/country_flags/aq.png
.png
Rebound/Rebound/country_flags/ar.png
.png
Rebound/Rebound/country_flags/as.png
.png
Rebound/Rebound/country_flags/at.png
.png
Rebound/Rebound/country_flags/au.png
.png
Rebound/Rebound/country_flags/aw.png
.png
Rebound/Rebound/country_flags/ax.png
.png
Rebound/Rebound/country_flags/az.png
.png
Rebound/Rebound/country_flags/ba.png
.png
Rebound/Rebound/country_flags/bb.png
.png
Rebound/Rebound/country_flags/bd.png
.png
Rebound/Rebound/country_flags/be.png
.png
Rebound/Rebound/country_flags/bf.png
.png
Rebound/Rebound/country_flags/bg.png
.png
Rebound/Rebound/country_flags/bh.png
.png
Rebound/Rebound/country_flags/bi.png
.png
Rebound/Rebound/country_flags/bj.png
.png
Rebound/Rebound/country_flags/bl.png
.png
Rebound/Rebound/country_flags/bm.png
.png
Rebound/Rebound/country_flags/bn.png
.png
Rebound/Rebound/country_flags/bo.png
.png
Rebound/Rebound/country_flags/bq.png
.png
Rebound/Rebound/country_flags/br.png
.png
Rebound/Rebound/country_flags/bs.png
.png
Rebound/Rebound/country_flags/bt.png
.png
Rebound/Rebound/country_flags/bv.png
.png
Rebound/Rebound/country_flags/bw.png
.png
Rebound/Rebound/country_flags/by.png
.png
Rebound/Rebound/country_flags/bz.png
.png
Rebound/Rebound/country_flags/ca.png
.png
Rebound/Rebound/country_flags/cc.png
.png
Rebound/Rebound/country_flags/cd.png
.png
Rebound/Rebound/country_flags/cf.png
.png
Rebound/Rebound/country_flags/cg.png
.png
Rebound/Rebound/country_flags/ch.png
.png
Rebound/Rebound/country_flags/ci.png
.png
Rebound/Rebound/country_flags/ck.png
.png
Rebound/Rebound/country_flags/cl.png
.png
Rebound/Rebound/country_flags/cm.png
.png
Rebound/Rebound/country_flags/cn.png
.png
Rebound/Rebound/country_flags/co.png
.png
Rebound/Rebound/country_flags/cr.png
.png
Rebound/Rebound/country_flags/cu.png
.png
Rebound/Rebound/country_flags/cv.png
.png
Rebound/Rebound/country_flags/cw.png
.png
Rebound/Rebound/country_flags/cx.png
.png
Rebound/Rebound/country_flags/cy.png
.png
Rebound/Rebound/country_flags/cz.png
.png
Rebound/Rebound/country_flags/de.png
.png
Rebound/Rebound/country_flags/dj.png
.png
Rebound/Rebound/country_flags/dk.png
.png
Rebound/Rebound/country_flags/dm.png
.png
Rebound/Rebound/country_flags/do.png
.png
Rebound/Rebound/country_flags/dz.png
.png
Rebound/Rebound/country_flags/ec.png
.png
Rebound/Rebound/country_flags/ee.png
.png
Rebound/Rebound/country_flags/eg.png
.png
Rebound/Rebound/country_flags/eh.png
.png
Rebound/Rebound/country_flags/er.png
.png
Rebound/Rebound/country_flags/es.png
.png
Rebound/Rebound/country_flags/et.png
.png
Rebound/Rebound/country_flags/fi.png
.png
Rebound/Rebound/country_flags/fj.png
.png
Rebound/Rebound/country_flags/fk.png
.png
Rebound/Rebound/country_flags/fm.png
.png
Rebound/Rebound/country_flags/fo.png
.png
Rebound/Rebound/country_flags/fr.png
.png
Rebound/Rebound/country_flags/ga.png
.png
Rebound/Rebound/country_flags/gb-eng.png
.png
Rebound/Rebound/country_flags/gb-nir.png
.png
Rebound/Rebound/country_flags/gb-sct.png
.png
Rebound/Rebound/country_flags/gb-wls.png
.png
Rebound/Rebound/country_flags/gb.png
.png
Rebound/Rebound/country_flags/gd.png
.png
Rebound/Rebound/country_flags/ge.png
.png
Rebound/Rebound/country_flags/gf.png
.png
Rebound/Rebound/country_flags/gg.png
.png
Rebound/Rebound/country_flags/gh.png
.png
Rebound/Rebound/country_flags/gi.png
.png
Rebound/Rebound/country_flags/gl.png
.png
Rebound/Rebound/country_flags/gm.png
.png
Rebound/Rebound/country_flags/gn.png
.png
Rebound/Rebound/country_flags/gp.png
.png
Rebound/Rebound/country_flags/gq.png
.png
Rebound/Rebound/country_flags/gr.png
.png
Rebound/Rebound/country_flags/gs.png
.png
Rebound/Rebound/country_flags/gt.png
.png
Rebound/Rebound/country_flags/gu.png
.png
Rebound/Rebound/country_flags/gw.png
.png
Rebound/Rebound/country_flags/gy.png
.png
Rebound/Rebound/country_flags/hk.png
.png
Rebound/Rebound/country_flags/hm.png
.png
Rebound/Rebound/country_flags/hn.png
.png
Rebound/Rebound/country_flags/hr.png
.png
Rebound/Rebound/country_flags/ht.png
.png
Rebound/Rebound/country_flags/hu.png
.png
Rebound/Rebound/country_flags/id.png
.png
Rebound/Rebound/country_flags/ie.png
.png
Rebound/Rebound/country_flags/il.png
.png
Rebound/Rebound/country_flags/im.png
.png
Rebound/Rebound/country_flags/in.png
.png
Rebound/Rebound/country_flags/io.png
.png
Rebound/Rebound/country_flags/iq.png
.png
Rebound/Rebound/country_flags/ir.png
.png
Rebound/Rebound/country_flags/is.png
.png
Rebound/Rebound/country_flags/it.png
.png
Rebound/Rebound/country_flags/je.png
.png
Rebound/Rebound/country_flags/jm.png
.png
Rebound/Rebound/country_flags/jo.png
.png
Rebound/Rebound/country_flags/jp.png
.png
Rebound/Rebound/country_flags/ke.png
.png
Rebound/Rebound/country_flags/kg.png
.png
Rebound/Rebound/country_flags/kh.png
.png
Rebound/Rebound/country_flags/ki.png
.png
Rebound/Rebound/country_flags/km.png
.png
Rebound/Rebound/country_flags/kn.png
.png
Rebound/Rebound/country_flags/kp.png
.png
Rebound/Rebound/country_flags/kr.png
.png
Rebound/Rebound/country_flags/kw.png
.png
Rebound/Rebound/country_flags/ky.png
.png
Rebound/Rebound/country_flags/kz.png
.png
Rebound/Rebound/country_flags/la.png
.png
Rebound/Rebound/country_flags/lb.png
.png
Rebound/Rebound/country_flags/lc.png
.png
Rebound/Rebound/country_flags/li.png
.png
Rebound/Rebound/country_flags/lk.png
.png
Rebound/Rebound/country_flags/lr.png
.png
Rebound/Rebound/country_flags/ls.png
.png
Rebound/Rebound/country_flags/lt.png
.png
Rebound/Rebound/country_flags/lu.png
.png
Rebound/Rebound/country_flags/lv.png
.png
Rebound/Rebound/country_flags/ly.png
.png
Rebound/Rebound/country_flags/ma.png
.png
Rebound/Rebound/country_flags/mc.png
.png
Rebound/Rebound/country_flags/md.png
.png
Rebound/Rebound/country_flags/me.png
.png
Rebound/Rebound/country_flags/mf.png
.png
Rebound/Rebound/country_flags/mg.png
.png
Rebound/Rebound/country_flags/mh.png
.png
Rebound/Rebound/country_flags/missing.png
.png
Rebound/Rebound/country_flags/mk.png
.png
Rebound/Rebound/country_flags/ml.png
.png
Rebound/Rebound/country_flags/mm.png
.png
Rebound/Rebound/country_flags/mn.png
.png
Rebound/Rebound/country_flags/mo.png
.png
Rebound/Rebound/country_flags/mp.png
.png
Rebound/Rebound/country_flags/mq.png
.png
Rebound/Rebound/country_flags/mr.png
.png
Rebound/Rebound/country_flags/ms.png
.png
Rebound/Rebound/country_flags/mt.png
.png
Rebound/Rebound/country_flags/mu.png
.png
Rebound/Rebound/country_flags/mv.png
.png
Rebound/Rebound/country_flags/mw.png
.png
Rebound/Rebound/country_flags/mx.png
.png
Rebound/Rebound/country_flags/my.png
.png
Rebound/Rebound/country_flags/mz.png
.png
Rebound/Rebound/country_flags/na.png
.png
Rebound/Rebound/country_flags/nc.png
.png
Rebound/Rebound/country_flags/ne.png
.png
Rebound/Rebound/country_flags/nf.png
.png
Rebound/Rebound/country_flags/ng.png
.png
Rebound/Rebound/country_flags/ni.png
.png
Rebound/Rebound/country_flags/nl.png
.png
Rebound/Rebound/country_flags/no.png
.png
Rebound/Rebound/country_flags/np.png
.png
Rebound/Rebound/country_flags/nr.png
.png
Rebound/Rebound/country_flags/nu.png
.png
Rebound/Rebound/country_flags/nz.png
.png
Rebound/Rebound/country_flags/om.png
.png
Rebound/Rebound/country_flags/pa.png
.png
Rebound/Rebound/country_flags/pe.png
.png
Rebound/Rebound/country_flags/pf.png
.png
Rebound/Rebound/country_flags/pg.png
.png
Rebound/Rebound/country_flags/ph.png
.png
Rebound/Rebound/country_flags/pk.png
.png
Rebound/Rebound/country_flags/pl.png
.png
Rebound/Rebound/country_flags/pm.png
.png
Rebound/Rebound/country_flags/pn.png
.png
Rebound/Rebound/country_flags/pr.png
.png
Rebound/Rebound/country_flags/ps.png
.png
Rebound/Rebound/country_flags/pt.png
.png
Rebound/Rebound/country_flags/pw.png
.png
Rebound/Rebound/country_flags/py.png
.png
Rebound/Rebound/country_flags/qa.png
.png
Rebound/Rebound/country_flags/re.png
.png
Rebound/Rebound/country_flags/ro.png
.png
Rebound/Rebound/country_flags/rs.png
.png
Rebound/Rebound/country_flags/ru.png
.png
Rebound/Rebound/country_flags/rw.png
.png
Rebound/Rebound/country_flags/sa.png
.png
Rebound/Rebound/country_flags/sb.png
.png
Rebound/Rebound/country_flags/sc.png
.png
Rebound/Rebound/country_flags/sd.png
.png
Rebound/Rebound/country_flags/se.png
.png
Rebound/Rebound/country_flags/sg.png
.png
Rebound/Rebound/country_flags/sh.png
.png
Rebound/Rebound/country_flags/si.png
.png
Rebound/Rebound/country_flags/sj.png
.png
Rebound/Rebound/country_flags/sk.png
.png
Rebound/Rebound/country_flags/sl.png
.png
Rebound/Rebound/country_flags/sm.png
.png
Rebound/Rebound/country_flags/sn.png
.png
Rebound/Rebound/country_flags/so.png
.png
Rebound/Rebound/country_flags/sr.png
.png
Rebound/Rebound/country_flags/ss.png
.png
Rebound/Rebound/country_flags/st.png
.png
Rebound/Rebound/country_flags/sv.png
.png
Rebound/Rebound/country_flags/sx.png
.png
Rebound/Rebound/country_flags/sy.png
.png
Rebound/Rebound/country_flags/sz.png
.png
Rebound/Rebound/country_flags/tc.png
.png
Rebound/Rebound/country_flags/td.png
.png
Rebound/Rebound/country_flags/tf.png
.png
Rebound/Rebound/country_flags/tg.png
.png
Rebound/Rebound/country_flags/th.png
.png
Rebound/Rebound/country_flags/tj.png
.png
Rebound/Rebound/country_flags/tk.png
.png
Rebound/Rebound/country_flags/tl.png
.png
Rebound/Rebound/country_flags/tm.png
.png
Rebound/Rebound/country_flags/tn.png
.png
Rebound/Rebound/country_flags/to.png
.png
Rebound/Rebound/country_flags/tr.png
.png
Rebound/Rebound/country_flags/tt.png
.png
Rebound/Rebound/country_flags/tv.png
.png
Rebound/Rebound/country_flags/tw.png
.png
Rebound/Rebound/country_flags/tz.png
.png
Rebound/Rebound/country_flags/ua.png
.png
Rebound/Rebound/country_flags/ug.png
.png
Rebound/Rebound/country_flags/um.png
.png
Rebound/Rebound/country_flags/us.png
.png
Rebound/Rebound/country_flags/uy.png
.png
Rebound/Rebound/country_flags/uz.png
.png
Rebound/Rebound/country_flags/va.png
.png
Rebound/Rebound/country_flags/vc.png
.png
Rebound/Rebound/country_flags/ve.png
.png
Rebound/Rebound/country_flags/vg.png
.png
Rebound/Rebound/country_flags/vi.png
.png
Rebound/Rebound/country_flags/vn.png
.png
Rebound/Rebound/country_flags/vu.png
.png
Rebound/Rebound/country_flags/wf.png
.png
Rebound/Rebound/country_flags/ws.png
.png
Rebound/Rebound/country_flags/xk.png
.png
Rebound/Rebound/country_flags/ye.png
.png
Rebound/Rebound/country_flags/yt.png
.png
Rebound/Rebound/country_flags/za.png
.png
Rebound/Rebound/country_flags/zm.png
.png
Rebound/Rebound/country_flags/zw.png
.png
Rebound/Rebound/plugins/Chat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Chat\obj\Release\Chat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Chat.pdb
Rebound/Rebound/plugins/File manager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\File manager\obj\Release\File manager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/File manager.pdb
Rebound/Rebound/plugins/Fun.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Fun\obj\Release\Fun.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Fun.pdb
Rebound/Rebound/plugins/Hvnc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Hvnc\obj\Release\Hvnc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Hvnc.pdb
Rebound/Rebound/plugins/InfoGrab.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\PassGrab\obj\Release\InfoGrab.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 969KB - Virtual size: 968KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/InfoGrab.dll.config
Rebound/Rebound/plugins/InfoGrab.pdb
Rebound/Rebound/plugins/KeyLogger.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\KeyLogger\obj\Release\KeyLogger.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/KeyLogger.pdb
Rebound/Rebound/plugins/KeyLoggerOffline.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\KeyLoggerOffline\obj\Release\KeyLoggerOffline.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/KeyLoggerOffline.pdb
Rebound/Rebound/plugins/LiveMicrophone.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\LiveMicrophone\obj\Release\LiveMicrophone.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/LiveMicrophone.pdb
Rebound/Rebound/plugins/ProcessManager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\ProcessManager\obj\Release\ProcessManager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/ProcessManager.pdb
Rebound/Rebound/plugins/Registry Manager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Registry Manager\obj\Release\Registry Manager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Registry Manager.pdb
Rebound/Rebound/plugins/ReverseProxy.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\ReverseProxy\obj\Release\ReverseProxy.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/ReverseProxy.pdb
Rebound/Rebound/plugins/ScreenControl.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\ScreenControl\obj\Release\ScreenControl.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/ScreenControl.pdb
Rebound/Rebound/plugins/Shell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Shell\obj\Release\Shell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Shell.pdb
Rebound/Rebound/plugins/Startup.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Startup\obj\Release\Startup.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Startup.pdb
Rebound/Rebound/plugins/System.Diagnostics.DiagnosticSource.xml
.xml
Rebound/Rebound/plugins/SystemPower.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\System\obj\Release\SystemPower.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/SystemPower.pdb
Rebound/Rebound/plugins/Uacbypass.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\Uacbypass\obj\Release\Uacbypass.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/Uacbypass.pdb
Rebound/Rebound/plugins/WebCam.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\miles\Downloads\ok\Plugins\WebCam\obj\Release\WebCam.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/WebCam.pdb
Rebound/Rebound/plugins/xeno rat client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\miles\Downloads\ok\xeno rat client\obj\Release\xeno rat client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/plugins/xeno rat client.exe.config
.xml
Rebound/Rebound/plugins/xeno rat client.pdb
Rebound/Rebound/stub/xeno rat client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\miles\Downloads\ok\xeno rat client\obj\Release\xeno rat client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebound/Rebound/stub/xeno rat client.exe.config
.xml
Rebound/Rebound/stub/xeno rat client.pdb
Rebound/Rebound/xeno rat server.exe.config

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: 123

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 512B - Virtual size: 12B

Password: 123

Password: 123

Password: 123

Password: 123

Password: 123

Password: 123

Password: 123

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 969KB - Virtual size: 968KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 4.6MB - Virtual size: 4.6MB

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 969KB - Virtual size: 968KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 491KB - Virtual size: 491KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B