redline | 560-148-0x0000000000350000-0x00000000004AD000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

560-148-0x0000000000350000-0x00000000004AD000-memory.dmp
Size

1.4MB
MD5

ca0e50ba2a335acf3c8a2f2634fb215d
SHA1

b2147a2607e3c57a8cbc18bfa784e51a67596e1f
SHA256

aa3ca0883957ed5fff057c5d27f850cd38ea389702ded169780fe6c78a998558
SHA512

7b78fa92352ce11043110d94eacfe6fbc175cf6ca1d5907a0af2d8d8b1276d291d27e4caca53d39ad17d47e31eb22e6e94057417dc85934315fd3950936ad46e
SSDEEP

24576:CMCu+gvYzc6w8HGh5gnQFiawIP0MC3I0rKfboV:CMCu+gQw8HGh2fiNjo

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
560-148-0x0000000000350000-0x00000000004AD000-memory.dmp

Files

560-148-0x0000000000350000-0x00000000004AD000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.euro
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ