redline | 932-53-0x0000000000220000-0x00000000003C4000-memory[.]dmp | Triage

Sharing

General

Target

932-53-0x0000000000220000-0x00000000003C4000-memory.dmp
Size

1.6MB
MD5

a898cd38202125810dec696057639a68
SHA1

8fa9f1d782cdf90150e270d0b9b9b16c010d25ba
SHA256

7c19896aee552a94e2c4378f26482e68097b421290f414c916bc57eda404125a
SHA512

8cff0eb985df93cfd0cfac2f70c6a36c51b853b4710c0b5300811f83ede56df76e9581d920f51dd3b774d987f65124691f4bda2c79a22dc502a792bc0721780c
SSDEEP

12288:VkznAzAlW8Eq7NOeOZxarl6/GS1UKwNIRNYwNE+M+uu6ohhVoK/tWT8F5FbX:GnAzOW8Eq7g/wNIRNbRM+Fl15Fb

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
932-53-0x0000000000220000-0x00000000003C4000-memory.dmp

Files

932-53-0x0000000000220000-0x00000000003C4000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Sa2day
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.Scorpy
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_MEM_READ