redline | 05476999[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05476999.dmp
Size

192KB
MD5

1182068e24e3d02dc6fe06a6cb8e03a9
SHA1

9bfb541d11aa5c7b9bf436859ef012bf1ee2be98
SHA256

55d5a384f1f022576ac539cdb9fe8f4c30b18246e8cdcff6db48aa8185b571dd
SHA512

3d448475729e403a7edcefdfbe95f42f256d9274f93ab940c3cd624fc0a62e5ad30ee7a885a98a9671c41770e234e84efe14aca3572650545ef9eae6449308d1
SSDEEP

3072:2ytDiwyqSVghBGfAGtTjxNKifvWPxnS8e8hy:FibuhM5ZmnPxnS

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05476999.dmp

Files

05476999.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ