Yash-redline[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Yash-redline.zip
Size

937KB
MD5

ec5e42615e18ecf68ac6844e01432682
SHA1

1e756b3c2c38efa237c20bd4f0ef6a393c2293a3
SHA256

77b9af72d399b64cf4f82df8d90f4d7426a85f683d10999bea93a26cabf704ed
SHA512

f83ca69cac5b83eebe098b0429227404c382c98f03c887a764f462da62f72a1122ae57d4b7d1bae0e928d76ca098237ceb2fa772845365eb9a6ed62f2606fc2f
SSDEEP

24576:QvjMqfwIfQuuMlxcDaRSejCeGCnz0zB434Rqjce:ujMRIfYDaZCe5fIze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/442c84401115d8b4f9e8e582313364135a467dc63505e7f06734a05b1b352405

Files

Yash-redline.zip
.zip

Password: infected
442c84401115d8b4f9e8e582313364135a467dc63505e7f06734a05b1b352405
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ