redline | 528381d70c7a6c64e148ff4cdc6c4d5a68c8dee75772537d3476bfc5509f261e[.]zip

General

Target

528381d70c7a6c64e148ff4cdc6c4d5a68c8dee75772537d3476bfc5509f261e.zip
Size

1.4MB
MD5

06868f4ca1422c0e9f4feb9f9f65eb43
SHA1

de208e31aa393a3b98f096bd867150b4286bab2a
SHA256

6470d2c5d83d395932d099554aa673e45f7cedc3d4f6fdf57ea1af6ba9c9b76c
SHA512

160aafbd2c0090e9d1d13e659c4d22640ae48ab4c765895cbeee9b838e44b069337b2853b427fee5c63e1623ef0ce7e1e3c2f5a0ef18e071795a8d09a6d58ff4
SSDEEP

24576:6/dWnYMfTfTmn3jY993eFxVTmpljMUKg6sTtUFDJ0fFSm92dEIAncIhFSwSRE:AWnY8g3jY3kej9jZM0fFt927s0E

Score

10^/10

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/528381d70c7a6c64e148ff4cdc6c4d5a68c8dee75772537d3476bfc5509f261e	family_redline

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

resource	yara_rule
static1/unpack001/528381d70c7a6c64e148ff4cdc6c4d5a68c8dee75772537d3476bfc5509f261e	pdf_with_link_action

528381d70c7a6c64e148ff4cdc6c4d5a68c8dee75772537d3476bfc5509f261e.zip
.zip

Password: infected
528381d70c7a6c64e148ff4cdc6c4d5a68c8dee75772537d3476bfc5509f261e
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

CODE
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ