redline | 2160-0-0x00000000012C0000-0x00000000013F7000-memory[.]dmp | Triage

Sharing

General

Target

2160-0-0x00000000012C0000-0x00000000013F7000-memory.dmp
Size

1.2MB
MD5

2dc995bb2516637d84006e091c16f4c1
SHA1

f6f1051378d6fdab57f19c8a7fa1b53350ba5665
SHA256

c4a43d6639ef49567848a0608cc6c57f48b0257151255815701f4920518f4e34
SHA512

60f28ef87dce8cdb03927bccfcbc316650b81763e5809d7a226a903023365fb1e72fe780f926f89d6bb8e07860f740a8c13b25ee2a3926c77f5395e3d07ad389
SSDEEP

24576:080kK43x1uN/pTOagOHIgRavqDcvdJrBU:0/wuN/pTOa4dvdVB

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2160-0-0x00000000012C0000-0x00000000013F7000-memory.dmp

Files

2160-0-0x00000000012C0000-0x00000000013F7000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 738KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 375KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ