RedLine[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

RedLine.7z
Size

156KB
MD5

14e7f7ca6e2fc0ea90cd279e7d37e01c
SHA1

29d3ea34277b658a14ea8ddf4fab3aafd5762f98
SHA256

6fe45a865fc252ceb3a3f0bbe2f812ff09610a3714dae21de0f378ba11896582
SHA512

3ea810c6a45362494486fe4e205596da7a49acbc260e50db1673424ddd2cb3302302b6428ace355f1be5db1c11c460202400c07460547b12bdd93f316375cc24
SSDEEP

3072:uJq3CB95wDg6/ksHL+3PBtR3ruWAnvYlX4Xmaj9RbTXonQTdxTa8VlbQ+hC7:uJd95wDg6csr+3ptR3ruWq5Jj95TY+1s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RedLine/RedLine.exe

Files

RedLine.7z
.7z

Password: infected
RedLine/DotHelp.dll
RedLine/RedLine.exe
.exe windows x86

a7110a33d5dd1963b0903a98c276ac8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteConsoleW

msvcrt

__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_iob
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
tolower
vfprintf
wcslen

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a7110a33d5dd1963b0903a98c276ac8d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 2KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 192B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 596B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 2KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 192B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 596B