RedLine.A | b860e12c6881

Classifications

Spyware

Threat Names

RedLine.A Mal/Generic-S

Dynamic Analysis Report

Created on 2024-06-30T05:56:23+00:00

Implosions.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\Implosions.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	95.50 KB
MD5	22ac2938948bec490d47e6f24661cb6b
SHA1	89f47675e22b0aff7b9eeea56d316b3e0d6b7389
SHA256	b860e12c6881da7071cdce615aa6fbaef8b6794078f4524eb636b5df19adf9ed
SSDeep	1536:0qsIOqJGlbG6jejoigIj43Ywzi0Zb78ivombfexv0ujXyyed2O3teulgS6p8l:yTuOYj+zi0ZbYe1g0ujyzd48
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x74E07CEF
Size Of Code	0x00017400
Size Of Initialized Data	0x00000800
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2097-08-14 23:34 (UTC)

Version Information (7)

FileDescription
FileVersion	0.0.0.0
InternalName	Implosions.exe
LegalCopyright
OriginalFilename	Implosions.exe
ProductVersion	0.0.0.0
Assembly Version	0.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00017344	0x00017400	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.02
.rsrc	0x0041A000	0x000004DE	0x00000600	0x00017600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.72
.reloc	0x0041C000	0x0000000C	0x00000200	0x00017C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0001930C	0x0001750C	0x00000000

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
RedLine_A	RedLine Stealer, RedLine.A variant	Spyware	5/5	... Actions Show Ruleset Show Match

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information