redline | winPEASx64[.]exe | Triage

Sharing

General

Target

winPEASx64.exe
Size

2.3MB
MD5

1b5296a9e0a85a6844c580a97bd8259c
SHA1

7f6fde511a00becdf32c3087e167be46a7783205
SHA256

d01792b1ae73080ae4983d7d1016fd6927718b5c9543810b5daa9f2b75520928
SHA512

20c1d4afc2d7fc185e647bdab7fcbcc85f9d02c00347ebc5ce428944fca4db3df170dde533317b1288e1e50157965fdc108eb6478ab9accd52ebd627b80bed2e
SSDEEP

24576:wcjmPTjtzOkZ/hN56mNXeF4WhtOlnYfjNKkThXHf5gTyD7:/mPFHthX6mNL8tXr4kBHf5g2

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winPEASx64.exe

Files

winPEASx64.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\PEASS-ng\PEASS-ng\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ