redline | 1140-311-0x0000000000DC0000-0x0000000000ED5000-memory[.]dmp | Triage

Sharing

General

Target

1140-311-0x0000000000DC0000-0x0000000000ED5000-memory.dmp
Size

1.1MB
MD5

4a7579e440e1c6b679941f5101769fa0
SHA1

ad2262ae03290c7067fa0bfe73dee1105fc277c7
SHA256

48cbe7a84ec66d0364ea441f183d92e9cfa56ebde558a3186fadcaa251e8e53e
SHA512

007ba5803e9c171f2bfa7fae40cce7aae0279d4de52fc97dd4c6103dd668da3f5a38ea0a93f641b1dee05414b2d4bf82944f76071479b613e69ea0c34e3afc6c
SSDEEP

24576:lip6JExg5VTBYshwFCzH5KUscW67I0rNPa:Me5VTBYshjRRa

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1140-311-0x0000000000DC0000-0x0000000000ED5000-memory.dmp

Files

1140-311-0x0000000000DC0000-0x0000000000ED5000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 737KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vergt
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ