redline | 3c42b93801f02696487de64bb623f81cf7baf73a379a46e1459ca19ae7dc2454[.]zip

General

Target

3c42b93801f02696487de64bb623f81cf7baf73a379a46e1459ca19ae7dc2454.zip
Size

129KB
MD5

29fb4cfb99720d938fb34560a06bc1a4
SHA1

b5e42704e3ad720e133fd1a86acfb144c10f5c52
SHA256

cf83a7004254fdfe8dd7e4b1a5df2f8a7461a9c2bf2ca31ba8e1c536fb93cc07
SHA512

2a9a352238b170dfa68416efe5674f0949005aa259d417db6c2c9733618258168fb95e7d999dcf7044a59ddc0e9389909be75398020b15526d65b7b5ec17ab26
SSDEEP

3072:httESYCAtJeAp4h2ByShkN/+q2TUSqi3cseArwGPhXGM1IHEzsy:httaVtJe7Gyek0JUPi3cd2hXGnkJ

Score

10^/10

redline

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/3c42b93801f02696487de64bb623f81cf7baf73a379a46e1459ca19ae7dc2454.exe	family_redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3c42b93801f02696487de64bb623f81cf7baf73a379a46e1459ca19ae7dc2454.exe

3c42b93801f02696487de64bb623f81cf7baf73a379a46e1459ca19ae7dc2454.zip
.zip

Password: infected
3c42b93801f02696487de64bb623f81cf7baf73a379a46e1459ca19ae7dc2454.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ