redline | winpeas[.]exe | Triage

Sharing

General

Target

winpeas.exe
Size

2.3MB
MD5

951893d6e36e860aec2d8e507cbb7376
SHA1

a4540853df5e557d79a08df2b139a5a1bc4da088
SHA256

ac4c718585074fc324b85bd3cc54c9bdbef6425e87ffc64c5c670b9992ba5847
SHA512

f522d47e8d70c31a61f5dcf82d6b9fe65b6acad309f83ee7148c8e31c5c9f3d84764d8fd68a5e5369e4b5df3e51eea1e91caa08eba75b26226315a182dfb07fe
SSDEEP

24576:BcjmcTjtzOkZ/YAhLsPx/KPqti36hBzNKkThXHf5gDL09:KmcFHtY4LsPk+x94kBHf5gP

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winpeas.exe

Files

winpeas.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\PEASS-ng\PEASS-ng\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ