redline | 2744-74-0x0000000077570000-0x0000000077680000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

2744-74-0x0000000077570000-0x0000000077680000-memory.dmp
Size

1.1MB
MD5

a2b45b9faa969958a162706b4af56d51
SHA1

2d273a926bd1fbb94d4453952cd6f4af2a39c793
SHA256

9a41ba7edd4afb506495ca95e04609721f9c186d70d9f51a83aaab7210ac271d
SHA512

52ef3812b1b8fe3a73faa06dabc462d53676b732acc4cff3835ba2c5737ba76f61609bac7d52e782d1056e06e0ee8deca031bceb947e278d9658b310e96b358e
SSDEEP

24576:/6QMmcN0ul99cMpLxlV+mbOYpMNNgcCmx:/6QdcVLnVuh

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2744-74-0x0000000077570000-0x0000000077680000-memory.dmp

Files

2744-74-0x0000000077570000-0x0000000077680000-memory.dmp
.dll windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
ActivateActCtx
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AddDllDirectory
AddIntegrityLabelToBoundaryDescriptor
AddLocalAlternateComputerNameA
AddLocalAlternateComputerNameW
AddRefActCtx
AddSIDToBoundaryDescriptor
AddSecureMemoryCacheCallback
AddVectoredContinueHandler
AddVectoredExceptionHandler
AdjustCalendarDate
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
ApplicationRecoveryFinished
ApplicationRecoveryInProgress
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
BackupRead
BackupSeek
BackupWrite
BaseCheckAppcompatCache
BaseCheckAppcompatCacheEx
BaseCheckRunApp
BaseCleanupAppcompatCacheSupport
BaseDllReadWriteIniFile
BaseDumpAppcompatCache
BaseFlushAppcompatCache
BaseFormatObjectAttributes
BaseFormatTimeOut
BaseGenerateAppCompatData
BaseGetNamedObjectDirectory
BaseInitAppcompatCacheSupport
BaseIsAppcompatInfrastructureDisabled
BaseQueryModuleData
BaseSetLastNTError
BaseThreadInitThunk
BaseUpdateAppcompatCache
BaseVerifyUnicodeString
Basep8BitStringToDynamicUnicodeString
BasepAllocateActivationContextActivationBlock
BasepAnsiStringToDynamicUnicodeString
BasepCheckAppCompat
BasepCheckBadapp
BasepCheckWinSaferRestrictions
BasepFreeActivationContextActivationBlock
BasepFreeAppCompatData
BasepMapModuleHandle
Beep
BeginUpdateResourceA
BeginUpdateResourceW
BindIoCompletionCallback
BuildCommDCBA
BuildCommDCBAndTimeoutsA
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallNamedPipeA
CallNamedPipeW
CallbackMayRunLong
CancelDeviceWakeupRequest
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelTimerQueueTimer
CancelWaitableTimer
ChangeTimerQueueTimer
CheckElevation
CheckElevationEnabled
CheckForReadOnlyResource
CheckNameLegalDOS8Dot3A
CheckNameLegalDOS8Dot3W
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseConsoleHandle
CloseHandle
ClosePrivateNamespace
CloseProfileUserMapping
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CmdBatNotification
CommConfigDialogA
CommConfigDialogW
CompareCalendarDates
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ConsoleMenuControl
ContinueDebugEvent
ConvertCalDateTimeToSystemTime
ConvertDefaultLocale
ConvertFiberToThread
ConvertNLSDayOfWeekToWin32DayOfWeek
ConvertSystemTimeToCalDateTime
ConvertThreadToFiber
ConvertThreadToFiberEx
CopyContext
CopyFileA
CopyFileExA
CopyFileExW
CopyFileTransactedA
CopyFileTransactedW
CopyFileW
CopyLZFile
CreateActCtxA
CreateActCtxW
CreateBoundaryDescriptorA
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExA
CreateDirectoryExW
CreateDirectoryTransactedA
CreateDirectoryTransactedW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFiber
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingNumaA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileTransactedA
CreateFileTransactedW
CreateFileW
CreateHardLinkA
CreateHardLinkTransactedA
CreateHardLinkTransactedW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectA
CreateJobObjectW
CreateJobSet
CreateMailslotA
CreateMailslotW
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceA
CreatePrivateNamespaceW
CreateProcessA
CreateProcessAsUserW
CreateProcessInternalA
CreateProcessInternalW
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreA
CreateSemaphoreExA
CreateSemaphoreExW
CreateSemaphoreW
CreateSocketHandle
CreateSymbolicLinkA
CreateSymbolicLinkTransactedA
CreateSymbolicLinkTransactedW
CreateSymbolicLinkW
CreateTapePartition
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateWaitableTimerA
CreateWaitableTimerExA
CreateWaitableTimerExW
CreateWaitableTimerW
CtrlRoutine
DeactivateActCtx
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DebugBreakProcess
DebugSetProcessKillOnExi

Sections

.text
Size: 832KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 832KB - Virtual size: 768KB

.data Size: 64KB - Virtual size: 4KB

.rsrc Size: 64KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 43KB

.text
Size: 832KB - Virtual size: 768KB

.data
Size: 64KB - Virtual size: 4KB

.rsrc
Size: 64KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 43KB