RedLine.E,RedLine.Ev1 | 6b11e77eee3f

Classifications

Injector Spyware

Threat Names

RedLine.Ev1 RedLine.E

Dynamic Analysis Report

Created on 2023-08-25T08:41:18+00:00

6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe

Windows Exe (x86-32)

Remarks (1/1)

Anti-Sleep Triggered (0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes, 10 seconds" to "20 seconds" to reveal dormant functionality.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	7.34 MB
MD5	7278b6ce3ddda7dba2473e0392e54ea6
SHA1	3b406f221237fe9bfce48daa9033eda93ecc9b94
SHA256	6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49
SSDeep	196608:+dgX4LVznF3zQgkIRflnOzSc4pGRo9Jvy:3UzdzqIRtnYSi6zvy
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Malicious

PE Information

Image Base	0x00400000
Entry Point	0x00AF21A7
Size Of Code	0x006F0200
Size Of Initialized Data	0x00066E00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2023-08-24 23:37 (UTC)

Version Information (7)

Comments	GOM Player Setup File (2020-07-21 10:57:52)
CompanyName	GOM & Company
FileDescription	GOM Player Setup File
FileVersion	2.3
LegalCopyright	Copyright 2003 GOM & Company All Rights Reserved.
ProductName	GOM Player
ProductVersion	2.3.55.5319

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x006F01AD	0x006F0200	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	8.0
.rsrc	0x00AF4000	0x00066AAF	0x00066C00	0x006F0400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.57
.reloc	0x00B5C000	0x0000000C	0x00000200	0x00757000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x006F2185	0x006F0385	0x00000000

Memory Dumps (2)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe	1	0x00870000	0x00FCDFFF	Relevant Image		32-bit	-		... Actions Go to Process Download Dump
6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe	1	0x00870000	0x00FCDFFF	Process Termination		32-bit	-		... Actions Go to Process Download Dump

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".

Before

After

WHOIS Domain Information

Screenshot

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information