redline | 2096-56-0x00000000040D0000-0x0000000004108000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2096-56-0x00000000040D0000-0x0000000004108000-memory.dmp
Size

224KB
MD5

cf11767719ae6ce142284639b7865020
SHA1

f972669bd2b39d7b17c50300b6158c25bcd7f6cd
SHA256

925717fe75110b5b7867dfe550888d6f0507f5ff2dfc8e41ec13b9eb43ff0758
SHA512

0d0c29b904177426b2888f9a5daeebdcdea97124216f489dd0d0c298e59fbef3a03a948036ed459b26d14d1caa81e99a58f141e6d3cfb98ec2fa2e6d9795ba94
SSDEEP

3072:R5rrs690Gg877NFEk42BufCdNXOvwenR2hO2m4+wGze+z8e8hBM:jrs6k877zNOoenR2o2mvJ

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2096-56-0x00000000040D0000-0x0000000004108000-memory.dmp

Files

2096-56-0x00000000040D0000-0x0000000004108000-memory.dmp
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ