Gridinsoft Logo

Pass-free-Application SetupFile - (17.1).exe Trojan RedLine Analysis

Trojan RedLine
Updated on 2024-07-01 (3 months ago)
Checked by Online Virus Scanner
Online Virus Checker v.1.0.181.174
DB Version: 2024-07-01 04:00:21

Trojan.Win32.RedLine.mz!n

RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.

File Pass-free-Application SetupFile - (17.1).exe
Checked 2024-07-01 01:36:33
MD5 1da391216cc9aff69749fdac87a879d9
SHA1 e2c2c94da29f9e8bcbab62c44e0747c66ec584db
SHA256 acbb409f6fbe45fe6be7346c2d5ef43b86e095b2f63fe83d3edb4d3ca9eb4d7b
SHA512 1338b81cea87a6c62f82f97f2fb4a403f416ccac587c5f3eccf8764a6c9ea742a1d8b1092e1a19e84fde198991c21fcf9f91377b95c56e2e1e89188a11bda97f
Imphash 4328f7206db519cd4e82283211d98e83
File Size 5212972 bytes

Trojan.Win32.RedLine.mz!n Removal

Trojan.Win32.RedLine.mz!n Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win32.RedLine.mz!n without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

File Version Information

Translation 0x0000 0x04b0
Comments XHP Booster
CompanyName
FileDescription XHP
FileVersion 12.9.1.22
InternalName Sciuroid.exe
LegalCopyright XHP Corporation Copyright © 2021
LegalTrademarks
OriginalFilename Sciuroid.exe
ProductName XHP booster
ProductVersion 12.9.1.22
Assembly Version 1.1.21.1

Portable Executable Info

ada816cac25348d7b036f9c18922a16f
1baadf36d228b92c847a336cfc91f4d5
42b2b232b3db7a7c
Image Base: 0x00400000
Entry Point: 0x00fba000
Compilation: 2058-09-15 10:12:13
Checksum: 0x00500a83 (Actual: 0x004ffc49)
OS Version: 4.0
PEiD: PE32 executable (GUI) Intel 80386, for MS Windows
Sign: The expected hash does not match the digest in SpcInfo
Sections: 8
Imports: kernel32, mscoree,
Exports: 0
Resources: 5

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00002000 0x0002e000 0x0002d000 450a22013556c11cfdb40f8c9463b671 6.17
0x00030000 0x00057d00 0x0000a587 d4dab3466bc898c4e2e4d94938bf3e10 7.95
0x00088000 0x0000000c 0x0000000f dabdefa336fd2360080702918a0fc8b0 3.77
.imports 0x0008a000 0x00002000 0x00000400 e2b83645846e513b1d6cbb3d25fa4ed0 0.64
.rsrc 0x0008c000 0x0003fc00 0x0003fc00 37cbecb150cdbcd0014ff74d366e0930 4.72
.themida 0x000cc000 0x00672000 0x00000000 d41d8cd98f00b204e9800998ecf8427e 0.00
.boot 0x0073e000 0x0047bc00 0x0047bc00 87821c556b6156f7f7861045241574bc 7.95
.taggant 0x00bba000 0x00002400 0x00002014 27ec1d1a4d402e02e2ee2f0f4f5d4570 6.84

Leave a comment *

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware