redline | 5fd7337d3a0e12f4ae6f626eaa2a5a90N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5fd7337d3a0e12f4ae6f626eaa2a5a90N.exe
Size

2.3MB
MD5

5fd7337d3a0e12f4ae6f626eaa2a5a90
SHA1

876e72f2570089165d1da5666e30991e92b9dccc
SHA256

398264767a873860f360db7e714daeecd04b1cacb0655adc75cda14bcc3b4947
SHA512

ab50cd67f4d7764a02b5ac133fb6c2c9f29772761e7c4267a2115c56cf9855cdeb5384c9500c1f8ebb9ed8aecc876a4d2b3e1fcd5911500b8c0fd251f4c8e3b7
SSDEEP

24576:xmhVNthfzNX8l29eUJolzjdi0gNKkThXHL5gPbG4:2VRRX8s9eU+ng4kBHL5gz

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fd7337d3a0e12f4ae6f626eaa2a5a90N.exe

Files

5fd7337d3a0e12f4ae6f626eaa2a5a90N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\PEASS-ng\PEASS-ng\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ