redline | installer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

installer.zip
Size

793KB
MD5

ac1d2251fbe8c47026ce5db0a9c3091f
SHA1

5881324645ff6bc88df5c2aec9d159848aacb573
SHA256

2b721a1815d469437424aa89d9eeb0a8e2498a6979a68d1fc8b1fde0655e1a16
SHA512

0e58491f36c20da469e1faeeb73389b58d8e24b60eefae66730a675e398bb7eb0bd50fa140e47525b28cf2acaf57eb93004696820485bb422d6b4b2d59b7552b
SSDEEP

12288:kAr7cG5M+XhVjp3F3C3JbPIYIc1jLuB2XwjGQjf+kNLJywRTBpkj:ZjNZzC3JbIYI+OB+wxwj

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Files

installer.zip
.rar

Password: 2022
hack/DirectX2D.dll
.dll windows x86

Password: 2022

01b62986414563f843fca13d7f8ffe1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileA
Sleep
TlsGetValue
GetModuleFileNameA
GetStartupInfoA
GetLocaleInfoW
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetLastError
CloseHandle
ReadFile
SetFilePointer
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
OutputDebugStringA
SetHandleCount
GetStdHandle
GetFileType
GetLocaleInfoA
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
LCMapStringW
InterlockedIncrement
SetStdHandle
FlushFileBuffers
CreateFileA
LCMapStringA
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile

user32

ShowCursor
DestroyWindow
LoadImageA
SetFocus
UpdateWindow
ShowWindow
DefWindowProcA
RegisterClassA
GetSystemMetrics
CreateWindowExA

gdi32

DeleteObject
GetObjectA

ddraw

DirectDrawCreate
DirectDrawEnumerateA

Exports

Exports

?_reDisplaySetFillMode@@YIKW4reFILLMODE@@@Z
@_reBitmapBlitToBitmap@36
@_reBitmapBlitToLFB@36
@_reBitmapClear@24
@_reBitmapCreate@20
@_reBitmapDestroy@4
@_reBitmapGetColourKey@12
@_reBitmapGetReadPtr@12
@_reBitmapGetWritePtr@12
@_reBitmapLoad@16
@_reBitmapLoadRaw@24
@_reBitmapLoadToLFB@8
@_reBitmapReleaseReadPtr@8
@_reBitmapReleaseWritePtr@8
@_reBitmapRemap@8
@_reBitmapSetColourKey@12
@_reDisplayAddState@8
@_reDisplayClearBuffer@20
@_reDisplayCloseVideo@0
@_reDisplayCopyLFBtoLFB@12
@_reDisplayCreate@4
@_reDisplayDestroy@4
@_reDisplayDrawIndexedTri@8
@_reDisplayDrawNativeTri@4
@_reDisplayDrawTri@4
@_reDisplayEndFrame@0
@_reDisplayFlipToGDI@0
@_reDisplayGetDeviceName@12
@_reDisplayGetLFBDC@8
@_reDisplayGetLFBReadPtr@12
@_reDisplayGetLFBWritePtr@12
@_reDisplayGetNaughtyData@8
@_reDisplayGetNumDevices@4
@_reDisplayGetPalette@8
@_reDisplayHWAcc3D@0
@_reDisplayHWAccBlit@0
@_reDisplayInitFrame@4
@_reDisplayOpenVideo@20
@_reDisplayQueryVideoMode@12
@_reDisplayReleaseLFBDC@8
@_reDisplayReleaseLFBReadPtr@8
@_reDisplayReleaseLFBWritePtr@8
@_reDisplayRemoveState@8
@_reDisplayRenderFrame@4
@_reDisplaySetDevice@4
@_reDisplaySetPalette@8
@_reDisplaySetViewport@24
@_reDisplayStartFrame@0
@_reDisplaySwapBuffers@0
@_reDisplayWaitTOF@0
@_rePaletteCreate332Pal@4
@_rePaletteCreate@8
@_rePaletteDestroy@4
@_rePaletteGetPalEntries@16
@_rePaletteLoadPalFile@8
@_rePaletteLoadPalRes@8
@_rePaletteSetPalEntries@16
@_reStateActivate@4
@_reStateAddIndexedTri@24
@_reStateAddTri@12
@_reStateCreate@4
@_reStateDestroy@4
@_reStateInit@4
@_reStateSetAlpha@8
@_reStateSetCalcScreenCoords@8
@_reStateSetClipRect@20
@_reStateSetColour@16
@_reStateSetCullMode@8
@_reStateSetDepthBufferMode@8
@_reStateSetFOV@12
@_reStateSetGlobalPointList@8
@_reStateSetRenderMode@8
@_reStateSetSoftwareClip@8
@_reStateSetTexture@12
ghOwnerInstance
ghOwnerWindow
pgLastError

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hack/Environment.ini
hack/Other/Settings/Environment.ini
hack/Other/Settings/OBSettings.json
hack/Other/Settings/RLSettings.json
hack/Serilog.dll
.dll windows x86

Password: 2022

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hack/Setup.exe
.exe windows x86

Password: 2022

347f5c87243da517983cf28ef9192dbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetCurrentProcess
FreeConsole
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
WriteConsoleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hack/archivelog.dll
.dll windows x86

Password: 2022

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hack/d2patch.dll
.dll windows x86

Password: 2022

760e19b379614e8d7247a171d264ee1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d2cmp

ord10079

d2common

ord10385
ord10596
ord10085
ord10295
ord10424
ord10313
ord10315
ord10316
ord10314
ord10296
ord10057
ord10034
ord10045
ord10336
ord10037
ord11205
ord10513
ord10426
ord10666
ord10298
ord10519
ord10077
ord10062
ord10066
ord10342
ord10521
ord10425
ord10099
ord10035
ord10329
ord10326
ord10487
ord10920
ord10039
ord11073
ord10074
ord10075
ord10931
ord10924
ord10076
ord10071
ord10081
ord10073
ord10056
ord10078
ord10582
ord10626
ord10600
ord10068
ord10067
ord10079
ord10080
ord10229
ord10137
ord11229
ord11230
ord10038
ord10001
ord10391
ord10189
ord10187
ord10178
ord10177
ord11029
ord10963
ord10968
ord10947
ord10948
ord10397
ord10368
ord10304
ord10755
ord10305
ord10277
ord10754
ord10810
ord10881
ord10708
ord10709
ord10442
ord10331
ord10328
ord10720
ord10853
ord10719
ord10175
ord10176
ord10707
ord10826
ord11114
ord10564
ord10427
ord10311
ord10312
ord10280
ord10710
ord10711
ord10281
ord10690
ord10357
ord11012
ord11011
ord10518
ord10949
ord10731
ord10618
ord10701
ord10751
ord10954
ord10514
ord10523
ord10535
ord10462
ord10524
ord10258
ord10871
ord10695
ord11107
ord10283
ord10261
ord10386
ord10352
ord10348
ord10262
ord10517
ord10439
ord10750
ord10781
ord10782
ord10257
ord10756
ord10839
ord10736
ord10520
ord10759
ord10765
ord10840
ord10242
ord10270
ord10770
ord10768
ord10299
ord10785
ord10767
ord10265
ord10376
ord10872
ord10855
ord10820
ord10616
ord10811
ord10795
ord10833
ord10263
ord10264
ord10783
ord10246
ord10409
ord10250
ord10243
ord10854
ord10284
ord10384
ord10351
ord10350
ord10332
ord10249
ord10282
ord10307
ord10964
ord10566
ord10565
ord10289
ord10689
ord10369
ord10290
ord10322
ord10957
ord10321
ord10253
ord10455
ord10444
ord10443
ord10447
ord10448
ord10254
ord10835
ord10255
ord10267
ord10271
ord10638
ord10367
ord10276
ord10446
ord10445
ord10449
ord10450
ord10722
ord10601
ord11108
ord11109
ord10771
ord10266
ord10749
ord10525
ord10822
ord10619
ord10816
ord10821
ord10746
ord10567
ord10735
ord10516
ord10918
ord10693
ord10717
ord10828
ord10260
ord10697
ord10699
ord10655
ord10300
ord10240
ord10475
ord10470
ord10526
ord10138
ord10042
ord10599
ord10602
ord10732
ord10623
ord10604
ord10866
ord10870
ord11231
ord10608
ord10875
ord10607
ord10868
ord10873
ord10913
ord10694
ord10733
ord10874
ord10914
ord10691
ord10793
ord10772
ord10792
ord10773
ord10791
ord10696
ord10812
ord10706
ord10704
ord10702
ord10700
ord10698
ord10715
ord10713
ord10863
ord10865
ord10817
ord10815
ord10864
ord10869
ord10753
ord10728
ord10789
ord10862
ord10799
ord10797
ord10882
ord10726
ord10724
ord10718
ord10876
ord10631
ord10802
ord10082
ord10527
ord10241
ord10725
ord10723
ord10883
ord10659
ord11115
ord11116
ord11126
ord10992
ord11034
ord11128
ord10415
ord11119
ord11218
ord11217
ord10398
ord10148
ord10150
ord11129
ord10142
ord10184
ord10182
ord10170
ord10179
ord10146
ord11136
ord11123
ord11121
ord10466
ord10480
ord10589
ord11127
ord11120
ord11124
ord10562
ord11095
ord10118
ord11098
ord11096
ord11094
ord11117
ord11135
ord10990
ord10437
ord10997
ord10996
ord10991
ord11140
ord11141
ord10402
ord10403
ord10401
ord11143
ord11005
ord11004
ord10594
ord11220
ord10465
ord10998
ord10127
ord10147
ord10234
ord10128
ord11142
ord11125
ord10994
ord10995
ord10201
ord10486
ord10528
ord10463
ord10477
ord10478
ord10476
ord10102
ord11036
ord10188
ord10185
ord11122
ord11003
ord11002
ord10473
ord11006
ord10976
ord10407
ord10119
ord10198
ord11137
ord10124
ord11130
ord11062
ord10945
ord11075
ord10960
ord10893
ord10344
ord11056
ord11068
ord10583
ord11082
ord11086
ord11084
ord10629
ord10902
ord10909
ord10901
ord10468
ord10481
ord10471
ord10472
ord10559
ord10917
ord10912
ord11050
ord10324
ord10134
ord10106
ord10161
ord10143
ord10557
ord10493
ord11060
ord10469
ord10363
ord10378
ord10373
ord11057
ord10154
ord10323
ord10984
ord10985
ord10190
ord10186
ord10180
ord10217
ord10222
ord10895
ord10530
ord10490
ord11067
ord10206
ord10191
ord10158
ord10163
ord10162
ord10095
ord10046
ord10025
ord10113
ord10096
ord10592
ord11063
ord11074
ord10059
ord10097
ord10090
ord11072
ord11025
ord11064
ord10122
ord10210
ord10030
ord10974
ord10515
ord10590
ord11017
ord10121
ord10560
ord10136
ord10668
ord10396
ord10624
ord10458
ord10394
ord10120
ord10625
ord10919
ord10047
ord11182
ord11181
ord11183
ord11186
ord11185
ord11189
ord10627
ord10087
ord10060
ord10459
ord10933
ord10428
ord10393
ord10395
ord10337
ord10285
ord11088
ord11065
ord10563
ord10291
ord10434
ord10581
ord10966
ord11023
ord10432
ord10431
ord10892
ord10400
ord10399
ord11147
ord11152
ord11177
ord11151
ord10086
ord11146
ord10429
ord10485
ord10474
ord10660
ord10420

d2net

ord10011
ord10019
ord10021
ord10020
ord10016
ord10006
ord10014
ord10012
ord10010
ord10015
ord10024

fog

ord10046
ord10023
ord10050
ord10029
ord10030
ord10045
ord10137
ord10086
ord10025
ord10024
ord10055
ord10142
ord10143
ord10147
ord10042
ord10127
ord10128
ord10126
gdwBitMasks
ord10118
ord10119
ord10120
ord10115
ord10018

storm

ord501
ord403
ord405
ord502
ord506
ord491
ord423
ord509
ord401

kernel32

RtlUnwind
InterlockedIncrement
GetProcAddress
GetStringTypeW
GetModuleHandleA
LoadLibraryA
GetStringTypeA
GetACP
CreateFileA
GetTickCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
IsBadCodePtr
EnterCriticalSection
Sleep
QueryPerformanceCounter
OutputDebugStringA
QueryPerformanceFrequency
GetLocalTime
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapFree
HeapReAlloc
HeapAlloc
HeapSize
HeapDestroy
GetOEMCP
InterlockedDecrement
VirtualFree
CloseHandle
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
IsBadWritePtr
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
VirtualAlloc
GetCPInfo
MultiByteToWideChar
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers

user32

PtInRect
wsprintfA
CopyRect

winmm

timeGetTime

Sections

.text
Size: 804KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hack/jsscriptforpatch.pdb

Sharing

General

Malware Config

Signatures

Files

Password: 2022

Password: 2022

01b62986414563f843fca13d7f8ffe1c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ddraw

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 14KB - Virtual size: 96KB

.reloc Size: 4KB - Virtual size: 4KB

Password: 2022

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 122KB - Virtual size: 122KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 2022

347f5c87243da517983cf28ef9192dbe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 350KB - Virtual size: 349KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 177KB - Virtual size: 179KB

.reloc Size: 15KB - Virtual size: 15KB

Password: 2022

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 47KB - Virtual size: 46KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

Password: 2022

760e19b379614e8d7247a171d264ee1e

Headers

File Characteristics

Imports

d2cmp

d2common

d2net

fog

storm

kernel32

user32

winmm

Sections

.text Size: 804KB - Virtual size: 801KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 112KB - Virtual size: 157KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 14KB - Virtual size: 96KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 350KB - Virtual size: 349KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 177KB - Virtual size: 179KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 47KB - Virtual size: 46KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 804KB - Virtual size: 801KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 112KB - Virtual size: 157KB

.reloc
Size: 32KB - Virtual size: 28KB