redline | 1508-53-0x0000000000DA0000-0x0000000000E52000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1508-53-0x0000000000DA0000-0x0000000000E52000-memory.dmp
Size

712KB
MD5

82a0250dd15dcdb759dbb5c96856acc0
SHA1

e26008e28c01e1e42a9ec30184edc57a435f2b4d
SHA256

ef0205ee1a8cc59196edd9868dffd84120b3aa0eb7aa49a7d2eb5e20e6a92cb6
SHA512

ee5ece24fa2de78503be0ea532b69b6d3f71acb8fe55fbfa108bd5ee60b871d4e1ef902e78c14058adf94b7cb4b3f0539e3edd6d9999326275051a26ad2760b0
SSDEEP

12288:SBDUJ+GAfVS0xPwg/xrYNpzthuAMHAxAI7V78R1neboZ:+8+GAfXrYl9xineb

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1508-53-0x0000000000DA0000-0x0000000000E52000-memory.dmp

Files

1508-53-0x0000000000DA0000-0x0000000000E52000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HAWKe
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ