redline | 748-122-0x0000000000400000-0x000000000050D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

748-122-0x0000000000400000-0x000000000050D000-memory.dmp
Size

1.1MB
MD5

678af35d7a1b77a962189ebb179ea640
SHA1

9ab69fa90931ac28e37f2bc52b05b7a2dbbf47f6
SHA256

fa786e787f4d6031acfce9f03d5d52993da7bb95c558b5ad61a8957a0f7c77a8
SHA512

b585a4fa264233046e1bfa8c12369a5325465bc1636675593204a31645a26eafc04da75738a1188f58da81aa8468e4c1995c18f2c5dd23dca326af8f324d5738
SSDEEP

12288:KzkFZcZt0tYXwPeyTUblcUzsv89DfW68ugNus+qgZ1zLlDly2bNsAS:KqZE2a6TnUZfWjSHZ3HbNF

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
748-122-0x0000000000400000-0x000000000050D000-memory.dmp

Files

748-122-0x0000000000400000-0x000000000050D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cSs
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ