Redware[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Redware.exe
Size

3.8MB
MD5

ec2d17f0ea7925f40efb81fce543b282
SHA1

2684ce4b218e058fe29332af1ee5df0c5ad8c825
SHA256

9a942dc7f3a7142ea0294672c9186f8454a0850dffbc45414fd5fa5a22f2e35d
SHA512

4451c1585e9356fe964a27af4ed93df1be27fe8a261ae4520c9c2038dd7c72fc824e24edbb289a16f79b0eae7b2eb6c7679293642d454d36efbc42fb9c1a69fa
SSDEEP

98304:AGZTPPBHz5p7ToABaKiVg5f3Ym5daZdjObRPkqXf0F:AGNPBHzf7pBwV0f3YmOZdgkSI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Redware.exe

Files

Redware.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sigma0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sigma1
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ