Malicious
Classifications
Injector Spyware
Threat Names
RedLine.Ev1 RedLine.E
Dynamic Analysis Report
Created on 2023-08-25T08:41:18+00:00
6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes, 10 seconds" to "20 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x00AF21A7 |
Size Of Code | 0x006F0200 |
Size Of Initialized Data | 0x00066E00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2023-08-24 23:37 (UTC) |
Version Information (7)
»
Comments | GOM Player Setup File (2020-07-21 10:57:52) |
CompanyName | GOM & Company |
FileDescription | GOM Player Setup File |
FileVersion | 2.3 |
LegalCopyright | Copyright 2003 GOM & Company All Rights Reserved. |
ProductName | GOM Player |
ProductVersion | 2.3.55.5319 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x006F01AD | 0x006F0200 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 8.0 |
.rsrc | 0x00AF4000 | 0x00066AAF | 0x00066C00 | 0x006F0400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.57 |
.reloc | 0x00B5C000 | 0x0000000C | 0x00000200 | 0x00757000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x006F2185 | 0x006F0385 | 0x00000000 |
Memory Dumps (2)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe | 1 | 0x00870000 | 0x00FCDFFF | Relevant Image | 32-bit | - |
...
|
||
6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49.exe | 1 | 0x00870000 | 0x00FCDFFF | Process Termination | 32-bit | - |
...
|