redline | 1368-0-0x0000000001160000-0x000000000127C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1368-0-0x0000000001160000-0x000000000127C000-memory.dmp
Size

1.1MB
MD5

d928723c5b8b1c54c45401d10041c988
SHA1

9d64ccb47d156b029a82375a3e7b4da3edabb4c1
SHA256

a2abd19db1addb253fd6af1a1279fe9d5d58d45d42374eebfe6cdf46174f6e01
SHA512

4d32b1a3a50f83640f72946d3a4f8695bf1a1d0f3b63fbede9c750c27e3c211340ad001f6868ae238e9a93a2c81af60ed816b5bb250eb646488b80722034e16c
SSDEEP

24576:kjfsF5JOm+53qXb8iJ3CmuDfMXMg7XI0PX7AbVs:kji43qXb8IgkXMQs+

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1368-0-0x0000000001160000-0x000000000127C000-memory.dmp

Files

1368-0-0x0000000001160000-0x000000000127C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.snake
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_MEM_READ