Pass-free-Application SetupFile - (17.1).exe Trojan RedLine Analysis
| Online Virus Checker | v.1.0.181.174 |
| DB Version: | 2024-07-01 04:00:21 |
Trojan.Win32.RedLine.mz!n
RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.
| File | Pass-free-Application SetupFile - (17.1).exe |
| Checked | 2024-07-01 01:36:33 |
| MD5 | 1da391216cc9aff69749fdac87a879d9 |
| SHA1 | e2c2c94da29f9e8bcbab62c44e0747c66ec584db |
| SHA256 | acbb409f6fbe45fe6be7346c2d5ef43b86e095b2f63fe83d3edb4d3ca9eb4d7b |
| SHA512 | 1338b81cea87a6c62f82f97f2fb4a403f416ccac587c5f3eccf8764a6c9ea742a1d8b1092e1a19e84fde198991c21fcf9f91377b95c56e2e1e89188a11bda97f |
| Imphash | 4328f7206db519cd4e82283211d98e83 |
| File Size | 5212972 bytes |
Trojan.Win32.RedLine.mz!n Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win32.RedLine.mz!n without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| Translation | 0x0000 0x04b0 |
| Comments | XHP Booster |
| CompanyName | |
| FileDescription | XHP |
| FileVersion | 12.9.1.22 |
| InternalName | Sciuroid.exe |
| LegalCopyright | XHP Corporation Copyright © 2021 |
| LegalTrademarks | |
| OriginalFilename | Sciuroid.exe |
| ProductName | XHP booster |
| ProductVersion | 12.9.1.22 |
| Assembly Version | 1.1.21.1 |
Portable Executable Info
 |
ada816cac25348d7b036f9c18922a16f 1baadf36d228b92c847a336cfc91f4d5 42b2b232b3db7a7c |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00fba000 |
| Compilation: | 2058-09-15 10:12:13 |
| Checksum: | 0x00500a83 (Actual: 0x004ffc49) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The expected hash does not match the digest in SpcInfo |
| Sections: | 8 |
| Imports: | kernel32, mscoree, |
| Exports: | 0 |
| Resources: | 5 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x0002e000 | 0x0002d000 | 450a22013556c11cfdb40f8c9463b671 | 6.17 |
| 0x00030000 | 0x00057d00 | 0x0000a587 | d4dab3466bc898c4e2e4d94938bf3e10 | 7.95 | |
| 0x00088000 | 0x0000000c | 0x0000000f | dabdefa336fd2360080702918a0fc8b0 | 3.77 | |
| .imports | 0x0008a000 | 0x00002000 | 0x00000400 | e2b83645846e513b1d6cbb3d25fa4ed0 | 0.64 |
| .rsrc | 0x0008c000 | 0x0003fc00 | 0x0003fc00 | 37cbecb150cdbcd0014ff74d366e0930 | 4.72 |
| .themida | 0x000cc000 | 0x00672000 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .boot | 0x0073e000 | 0x0047bc00 | 0x0047bc00 | 87821c556b6156f7f7861045241574bc | 7.95 |
| .taggant | 0x00bba000 | 0x00002400 | 0x00002014 | 27ec1d1a4d402e02e2ee2f0f4f5d4570 | 6.84 |
