redline | 3036-11-0x0000000000ED0000-0x000000000122D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3036-11-0x0000000000ED0000-0x000000000122D000-memory.dmp
Size

3.4MB
MD5

c279772a11abb4404ad3a761235ab311
SHA1

b3064e6919e4e803d8f4fa45ba16a3a906ac3d46
SHA256

e46df39e2255d472d4f8f09ea55c8478e1ca013c25cb7fcafd67d836b07dac0c
SHA512

1bfca974682cb5f5b15552d9a0b286ea9974b6f632573b8280a83926d317d5b7aed1513f30af747f723ee279b230ff139ceb298e717df5815c22801d22b9b85c
SSDEEP

98304:Cxlmy4RLt36hKszEN8Mn8FORnKdi2TARSzSW+x:lPQM8boKFzSZ

Score

10^/10

themida redline

Malware Config

Signatures

Redline family
redline

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3036-11-0x0000000000ED0000-0x000000000122D000-memory.dmp

Files

3036-11-0x0000000000ED0000-0x000000000122D000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BSS
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE