Malware RedLine Malware Analysis
| Online Virus Checker | v.1.0.138.174 |
| DB Version: | 2023-09-13 18:04:54 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Malware.Win32.RedLine.bot
RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.
| Checked: | 2023-09-13 15:10:13 |
| MD5: | 4f31c6d06b709d02171faa87661b8643 |
| SHA1: | 2e1009ccca971cd0041b149314b11c2ac6522732 |
| SHA256: | 52a739dd0e8220be711b3938accc43e9236672b993a3ca486bf73adbeaf1c063 |
| SHA512: | 2fb7f560479f3c7ea95b440ad3b3428f78334361f8e9ccc4275d0f1d5bdf01cc13e6255173bf1e1eacbc89da1ba0f8cce6cf3739b35ec5ecc01f97d147a00208 |
| Imphash: | 14439469d68da61f7d1704f96a5f0b5c |
| File Size: | 4561624 bytes |
Malware.Win32.RedLine.bot Removal
Gridinsoft has the capability to identify and eliminate Malware.Win32.RedLine.bot without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Signers
| DigiCert Trusted Root G4 | DigiCert, Inc. (US) |
| DigiCert Trusted Root G4 | DigiCert, Inc. (US) |
| DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA | DigiCert, Inc. (US) |
| DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 | Lamantine Software a.s. (CZ) |
| Verification | The expected hash does not match the digest in SpcInfo |
File Version Information
| CompanyName | Lamantine Software a.s. |
| FileDescription | Sticky Password UI Automation Manager |
| FileVersion | 8.4.4.920 |
| InternalName | UIA Manager |
| LegalCopyright | © 2001 - 2022 Lamantine Software. All rights reserved. |
| LegalTrademarks | |
| OriginalFilename | spUIAManager.exe |
| ProductName | Sticky Password |
| ProductVersion | 8.4.4.920 |
| Homepage | http://www.stickypassword.com |
| Translation | 0x0409 0x04e4 |
Portable Executable Info
 |
270a949ba41a343603c64ee6f9236f6c eff8e14ae1d2ce73e49a4807dc8fafd3 e8b2330f0f33b2e8 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x007b31cc |
| Compilation: | 2022-04-21 10:13:39 |
| Checksum: | 0x00464a14 (Actual: 0x0046322d) |
| OS Version: | 5.0 |
| PEiD: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| Sign: | The expected hash does not match the digest in SpcInfo |
| Sections: | 11 |
| Imports: | winmm, oleacc, shlwapi, wininet, winspool, comctl32, shell32, user32, version, oleaut32, advapi32, netapi32, kernel32, XmlLite, ole32, gdi32, |
| Exports: | 3 |
| Resources: | 138 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x003aaf48 | 0x003ab000 | d900ca7d75e0174b5398df2531bbc677 | 6.52 |
| .itext | 0x003ac000 | 0x00007274 | 0x00007400 | 47ec42178c018acff44758128006aee4 | 5.83 |
| .data | 0x003b4000 | 0x00011bac | 0x00011c00 | df6b20436076db72ef56f7d72aadfff2 | 6.47 |
| .bss | 0x003c6000 | 0x0000978c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .idata | 0x003d0000 | 0x00003eae | 0x00004000 | 6cccf035985a60e5551cee6a09814400 | 5.22 |
| .didata | 0x003d4000 | 0x0000682a | 0x00006a00 | 5a1f6251a1d643719855cc9866f2d685 | 4.95 |
| .edata | 0x003db000 | 0x0000009e | 0x00000200 | edb942bf3d3ebcb02c237a361248c902 | 1.95 |
| .tls | 0x003dc000 | 0x0000005c | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .rdata | 0x003dd000 | 0x0000005d | 0x00000200 | b4102882d5b469ddf10d4b0f22e69c67 | 6.63 |
| .reloc | 0x003de000 | 0x00053f84 | 0x00054000 | 399ef3686e89a700c5e34052ae0f620c | 6.65 |
| .rsrc | 0x00432000 | 0x00032400 | 0x00032400 | 2aec096e2045fa67f5567edde1d6f770 | 6.77 |
