redline | 1188-120-0x0000000000400000-0x000000000050D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1188-120-0x0000000000400000-0x000000000050D000-memory.dmp
Size

1.1MB
MD5

eeff1eb20fd2bb93164a8973ebb5468f
SHA1

0551dd698aa0abc7ac91270b3f6404b69faca4aa
SHA256

60c00b7432173be49842537198ed951fca59281a6b424fc210dbc1c3348e6e1a
SHA512

c0ab760bc510de3734f769b55e207d5e7a4dcbd713e439ff7e5383f62f2f380fb8e724402e4f21cd0c977e2e4b144e57a956395ed62760b384c8e0db2abe6af4
SSDEEP

12288:KzkFZcZw0tLXwPeyTUblcUzsv89DfW68ugNus+qgZ1zLlDly2bNsAS:KqZEl96TnUZfWjSHZ3HbNF

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1188-120-0x0000000000400000-0x000000000050D000-memory.dmp

Files

1188-120-0x0000000000400000-0x000000000050D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cSs
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ