redline | 2620-302-0x00007FFF05590000-0x00007FFF06051000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2620-302-0x00007FFF05590000-0x00007FFF06051000-memory.dmp
Size

10.8MB
MD5

281bc971e1a0e7cbb5c041f8fb1dfb1b
SHA1

b382f0990696762eb4e4f59feda2d0ea91411490
SHA256

efbd458c82ed4e0c0c0a2761356aef24be8ea7e946ac6f044b510c9cebe92cef
SHA512

9256e77039d230fcbbcb496551e4888b3ebd3c6add5c6cb3a762549c5eeb6cea0def1993284b70bfcb09e69ec2791c8545181106d29820addfc31f856fb97bf1
SSDEEP

98304:Xj1TlKsHiBXLGJgNrctLBsa3N09tRLThGpOS1Z1yFSJZfWNA2:Tdk4iBXLGOmLBsa3NIpvS1Z1DJNWNN

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2620-302-0x00007FFF05590000-0x00007FFF06051000-memory.dmp

Files

2620-302-0x00007FFF05590000-0x00007FFF06051000-memory.dmp
.dll windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ