redline4.exe

First submission 2023-01-23 16:40:09

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1824.0 KB (1867776 bytes)
Compile time: 2022-05-27 18:00:18
MD5: 01c418020bd02b62e7f8629b0b59b119
SHA1: 0fe4c12083e1c61c396836173b4b4ddd99cf8b14
SHA256: b62f5066357d2dfc94dec4d902f68f6e9e98a19a9aea6fb70d2811de384fd7a1
Import Hash : b8388c4af61e6ca4e78048b4b09a8cbe
Sections 3 .text .data .rsrc
Directories 3 debug resource import
Virus Total: 40/70 VT report date: 2023-01-23 04:21:42

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://62.204.41.88/lend/redline4.exe VirusTotal Report 62.204.41.88 VirusTotal Report 2023-01-23 16:40:13

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1945c 103936 0d5945cef8d2c79075e87cd9fdfc1609109cd9d7 1facaebb8eac674a604db2991fad1991
.data 0x1b000 0x2913a90 1751040 51ad27401274f93222ae7887f3157f8f2d3d0469 7a380c6d05344fe1e375ef9b3e0cb375
.rsrc 0x292f000 0x2cb0 11776 4b298860c3f077b4290548235168c3caa91e0acf 54ef7bb6e697c86c80c33db38dcc9c18

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x2931490 304
RT_ICON LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x2930fd8 1128
RT_STRING LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x2931a10 670
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x29315c0 20
RT_GROUP_ICON LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x2931440 62
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x29315d8 336
None LANG_SPANISH SUBLANG_SPANISH_MEXICAN 0x2931480 10

Meta infos 1

Translation: 0x070e 0x0152

Packers detected 2

VC8 -> Microsoft Corporation
Microsoft Visual C++ 8

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
GDI32.dll
MSIMG32.dll
USER32.dll
SHELL32.dll
mscoree.dll
KERNEL32.dll

Strings analysis - Possible IPs found 1

17.94.97.89

Import functions

Name Latest seen MD5
romas.exe 2023-01-22 18:36:13 a3fc8ed520059d6108feeb90dd5bf9bc