redline | 2920-0-0x00000000010C0000-0x00000000011F3000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp
Size

1.2MB
MD5

4c3dcf2e710edf1feb022f7dc74a005f
SHA1

447041b6b0ba8701b10b11313a4373a85353c038
SHA256

6fad997c2c6332aa5fc1dda6ddcb373849fce841f8da30b46245164b11dcad9c
SHA512

77cb7f7a24aa8ebc45713c96e7459bd1a1a33d1f633c554a012d1c61d4ccb8cf6ee3a327fa33861c00990b5b24e4893961ff2c4e947709ac2bc3c3d27cb71747
SSDEEP

12288:gq3Q4EYXRffMSf/vPY+8RvvfyAqvpV3uCMFLIvuSzjYz2Zu6wPOyr08scUzsfmfE:gq3WYXRffjHvPY+8Rv4vz+jImJrBU

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp

Files

2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 375KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ