redline | d2492d0b3533c34aab9d822f2c962e27 | Triage

Sharing

General

Target

d2492d0b3533c34aab9d822f2c962e27
Size

192KB
MD5

d2492d0b3533c34aab9d822f2c962e27
SHA1

0fc80b22e4eb48dd2ba26cee2c23446e80f593e3
SHA256

1b9952e0858e34fcded768a4fc68cb8160255f4e66bad13b5453491602f89e0e
SHA512

1b28aed08672bcdc70d8b4a8cc9b53af0f664c691372535503e68102aebfe89e8dfa7865896ff9c181df2eb56509cbfd17c27411d2cfaede1401e09bbbfa72bc
SSDEEP

3072:QAXyST73urD54K2m8ztnD4fLerCEsV60b+RyF3zJb6KgB:7urD5f2PzKSc6

Score

10^/10

redline

Malware Config

Signatures

RedLine payload 1 IoCs

resource	yara_rule
sample	family_redline

Redline family
redline

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2492d0b3533c34aab9d822f2c962e27

Files

d2492d0b3533c34aab9d822f2c962e27
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

_.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ