redline | 28fb6b2de2cd059803841028b25808a687ba991ca647a3c4295a0a75201dad83

General

Target

28fb6b2de2cd059803841028b25808a687ba991ca647a3c4295a0a75201dad83
Size

43KB
MD5

2050a8a514b80b84f8d3c2202aea15be
SHA1

88bc4d939e0d98cd702f66a0e7ac103f5404554d
SHA256

28fb6b2de2cd059803841028b25808a687ba991ca647a3c4295a0a75201dad83
SHA512

faff60003a08bc2d5870670dc5a34ff11f18aaacc8a097c588d18934a499f8a205ab980d3d9ff02e74dd49747c5d690a771d3622b8f8c62f953eb6eda3777e76
SSDEEP

768:fDq7FEqJ9OoJpONDMNJ8cmJBF48MN3L82Oot++Lk833viZ:f0FbJooJpONOJ8cmv2C1/Yo

Score

10^/10

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/919b77af42852ca9f7a7a2314d9a6a66287720f62a0af1c74dad286075aff171.exe	family_redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/919b77af42852ca9f7a7a2314d9a6a66287720f62a0af1c74dad286075aff171.exe	family_sectoprat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/919b77af42852ca9f7a7a2314d9a6a66287720f62a0af1c74dad286075aff171.exe

28fb6b2de2cd059803841028b25808a687ba991ca647a3c4295a0a75201dad83
.zip

Password: infected
919b77af42852ca9f7a7a2314d9a6a66287720f62a0af1c74dad286075aff171.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ