Malware RedLine Malware Analysis

Online Virus Checkerv.1.0.138.174
DB Version:2023-09-15 07:02:35
Available languages:ENESBRFRDEUACN

Scan Your File

Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).

Malware.Win32.RedLine.bot

RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.

Checked:2023-09-15 04:52:50
MD5:e71b28e3bf543500ed2bffd58a5d3193
SHA1:5514aa60f3f9b8d9772aa46482e26873400ac286
SHA256:2724af8206b8d7a960bebb0f79de8afdf65db65b99057a05bd9257191957aed0
SHA512:6d77023f16c10b781f9bffeccba27175fd29f36f97cb6d6febd5cedbe809cc463b46930025c8006ec1774be1e9965fa194323c1f5fc7cbdb53675ff86265b960
Imphash:35646f486d46399590ccfc4635584429
File Size:759808 bytes

Malware.Win32.RedLine.bot Removal

Gridinsoft has the capability to identify and eliminate Malware.Win32.RedLine.bot without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Portable Executable Info

Image Base:0x00400000
Entry Point:0x00409e4f
Compilation:2023-09-14 03:03:43
Checksum:0x00000000 (Actual: 0x000c4bd7)
OS Version:6.0
PEiD:PE32 executable (console) Intel 80386, for MS Windows
Sign:The PE file does not contain a certificate table.
Sections:6
Imports: KERNEL32,
Exports: 0
Resources:1

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x0002178b 0x00021800 fd8431f15c9a94cc61160caf69138009 6.66
.rdata 0x00023000 0x0000cfc2 0x0000d000 9089e57e548b12b061ef0c9c9449e334 5.38
.data 0x00030000 0x00002028 0x00001000 cff8bfe7a1966b794ca460b80a41044a 3.30
.bsp 0x00033000 0x00087a10 0x00087c00 71e5c5312730d5335361bb6f5eac6384 7.84
.rsrc 0x000bb000 0x000001e0 0x00000200 485e8ed8b860706f5089de5f4f806a30 4.72
.reloc 0x000bc000 0x00001cf8 0x00001e00 521f6059310c2726605fef451bbad5b2 6.48

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware