redline | ad35468fc8f5d333a9dd07fe8d5c46c6e0e5ef301d3cb83f7d159607d27aa3b1

General

Target

ad35468fc8f5d333a9dd07fe8d5c46c6e0e5ef301d3cb83f7d159607d27aa3b1
Size

179KB
MD5

3ab4e5375e7dd7f35b6047672692b287
SHA1

d43afaf6995050a5b37f5a6e954bffdc902e4b5a
SHA256

ad35468fc8f5d333a9dd07fe8d5c46c6e0e5ef301d3cb83f7d159607d27aa3b1
SHA512

a902e6e88f77a25ce3474b7d68472e95a1d94ed50e9efd0fd8c504b208460326dceda3c1b36583eca51c25d630bf127872db6338a58d8360f21ba7549aa066bc
SSDEEP

3072:JEFl3WpYdWxb5CqljlerztX1JMr4eyKZ9fq1zKW2tZFx2QjFojAKjuMRES4Vnd:JOWpYgb59ervmMeR9fW8ZFdj3ERE/Vnd

Score

10^/10

redline

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/d44a2e9c7678f4bcac865a90001c2dab150987dd61b343a1f18f84aa35e2ad78.exe	family_redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d44a2e9c7678f4bcac865a90001c2dab150987dd61b343a1f18f84aa35e2ad78.exe

ad35468fc8f5d333a9dd07fe8d5c46c6e0e5ef301d3cb83f7d159607d27aa3b1
.zip

Password: infected
d44a2e9c7678f4bcac865a90001c2dab150987dd61b343a1f18f84aa35e2ad78.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ