Gridinsoft Logo

S0lard.exe Trojan RedLine Analysis

Trojan RedLine
Updated on 2024-08-17 (1 month ago)
Checked by Online Virus Scanner
Online Virus Checker v.1.0.185.174
DB Version: 2024-08-17 06:00:12

Trojan.Win32.RedLine.mz!n

RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.

File S0lard.exe
Checked 2024-08-17 03:41:49
MD5 f96ecc2941d9b1e8af07b17ee1a02065
SHA1 2dcf3e82968f90813a8f63085bf2910a16daab1a
SHA256 acbb3d54b4392443037ed3ecb35d079cb2a9b11f914b3ee74f9ad2de1aee6ee3
SHA512 497abf482c74a711dbd90c158c63d27c736874152889a0cba897a8e8108cea440e62959440d52bfcb79074a4f2c62cac794e81ba40c44f7d427f4173dd834a43
Imphash 4328f7206db519cd4e82283211d98e83
File Size 4810540 bytes

Trojan.Win32.RedLine.mz!n Removal

Trojan.Win32.RedLine.mz!n Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.RedLine.mz!n without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

Translation 0x0000 0x04b0
Comments XHP Booster
CompanyName
FileDescription XHP
FileVersion 12.9.1.22
InternalName Whammed.exe
LegalCopyright XHP Corporation Copyright © 2021
LegalTrademarks
OriginalFilename Whammed.exe
ProductName XHP booster
ProductVersion 12.9.1.22
Assembly Version 1.1.21.1

Portable Executable Info

f6caf46481ec10e787a10651fca07072
7c466c9d3a73044c50aae8ab2b16657e
e0f8f9696ce0e478
Image Base: 0x00400000
Entry Point: 0x00ef0000
Compilation: 2085-05-29 16:38:55
Checksum: 0x0049f04e (Actual: 0x0049b913)
OS Version: 4.0
PEiD: PE32 executable (GUI) Intel 80386, for MS Windows
Sign: The expected hash does not match the digest in SpcInfo
Sections: 8
Imports: kernel32, mscoree,
Exports: 0
Resources: 5

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00002000 0x00030000 0x0002ec00 7e2deecbe392703b05492ac8e41dc03d 6.21
0x00032000 0x0001b288 0x00005561 f7494a5814b9aa691a73e878393a379a 7.96
0x0004e000 0x0000000c 0x0000000f c3a142726b23c85214c79a7fcb8938d9 3.64
.imports 0x00050000 0x00002000 0x00000400 22a082a752943aa74ccec8c28ff001ff 0.59
.rsrc 0x00052000 0x00003400 0x00003400 4c58a2516e3f9444c5a783531f3021e8 7.40
.themida 0x00056000 0x00640000 0x00000000 d41d8cd98f00b204e9800998ecf8427e 0.00
.boot 0x00696000 0x00459400 0x00459400 6221654849135a2a3f75c88fa3a3661e 7.95
.taggant 0x00af0000 0x00002400 0x00002014 4b49769a54c0c2e3e8c083243d2f7762 6.83

Leave a comment *

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware