Behavioral task
behavioral1
Sample
1388-76-0x0000000000950000-0x0000000000990000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1388-76-0x0000000000950000-0x0000000000990000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
1388-76-0x0000000000950000-0x0000000000990000-memory.dmp
-
Size
256KB
-
MD5
6c5658efa286fcca8ce3cf2f23675ccf
-
SHA1
a5cbd27d542b30b14f98b358e122373e1ee72cf4
-
SHA256
a47a00101ac0c39338131b0cb7f3cbb6f12c408d3e07096d842d458ac126008a
-
SHA512
49d04cfb9721fedd2c20e26e587298948a771ebb9d4c1a982804037f2fd4be2007891c3b83d0f8c3416bb4f0ea3097e1176352a214435167556ae2e32d0b1d2a
-
SSDEEP
3072:t8e8hR+V6D3GtzD263qVeUESwxS8e8hR:tdV66t3R3MwxS
Malware Config
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1388-76-0x0000000000950000-0x0000000000990000-memory.dmp
Files
-
1388-76-0x0000000000950000-0x0000000000990000-memory.dmp.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorDllMain
Sections
.text Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ