redline | 2588-54-0x0000000000130000-0x0000000000246000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2588-54-0x0000000000130000-0x0000000000246000-memory.dmp
Size

1.1MB
MD5

d53b4d3c5e13bd710ec797133fb951f5
SHA1

0a7fd1bdd3d683dee5c2fef42a1eb5a26e467863
SHA256

4002c424306d8116372e9cb688688898c51ae90c340bf27d341c96b32260ddfe
SHA512

a0064073bcdbddf83a6ecd06bb59598e2587dd2789cb085594010cf19b8c4de96d717ca47bee4373b93bb3d223267ceee7bc981332150ce9ca13ce0ac06a8bfb
SSDEEP

12288:mGhK4flM07CTIex/ju0BmwZ9k/VHGpP0iN3mdArYiuPSvnG37NI0XjsGFqF:mUa07CTIex/ju0SGpPdS9/37NI0fqF

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2588-54-0x0000000000130000-0x0000000000246000-memory.dmp

Files

2588-54-0x0000000000130000-0x0000000000246000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vergt
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ