redline | 5268-385-0x0000000000B80000-0x0000000000CDD000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5268-385-0x0000000000B80000-0x0000000000CDD000-memory.dmp
Size

1.4MB
MD5

930a165aca394189dce72141c27c6faf
SHA1

791ccad4e4d30e3617d8b6802a42a16f9beb1628
SHA256

78afe312d4c63c190db4a9dfa1af3c590e51ad11c5e161bd5ebe1c547babf61c
SHA512

5ac46055b25e9e15f18e19cd8e26f5a7888928e7764b65ea60c2cac02209ab1bf68e7196b09203f9b74b8ee40de5f6bea12e7397363fd5c0e31f6b86d1094eef
SSDEEP

24576:nMx75IwChIbIyV9ggyUPIia8wXzpp3C3I0rKfbmV:nMx75IwqyV9ggbpGLTjm

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5268-385-0x0000000000B80000-0x0000000000CDD000-memory.dmp

Files

5268-385-0x0000000000B80000-0x0000000000CDD000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 693KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.euro
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ