Kanachan's_Footjob.exe Stealer Redline Analysis
| Online Virus Checker | v.1.0.151.174 |
| DB Version: | 2023-12-10 14:00:55 |
Spy.Win32.Redline.lu!heur
RedLine Stealer is a malicious program designed to exfiltrate users’ confidential data from browsers, systems, and installed software. It is often delivered through email attachments or compromised websites. RedLine not only steals sensitive information but also poses a significant threat by introducing other malware into the victim's operating system. This two-pronged attack approach makes RedLine a potent and dangerous cyber threat.
| File | Kanachan's_Footjob.exe |
| Checked | 2023-12-10 12:47:08 |
| MD5 | 0697f1e77680fa259d0c193c85bbd530 |
| SHA1 | d5f4117981dc2556552fd3092ea2abf1da261782 |
| SHA256 | d05eb8842e28d5ccb2616ced436708e980662022494e4aa479b0763f162f71b7 |
| SHA512 | 330fc960d45eab26082f9bfe4f4e0bfc2fa15be0567cae09babb2ca58a1fc35eed8d6b026f4c112e374779b634d24a576e616ae3b2e287af60d77e7e80fd2f98 |
| Imphash | bc70c4fa605f17c85050b7c7b6d42e44 |
| File Size | 6839808 bytes |
Spy.Win32.Redline.lu!heur Removal
Gridinsoft has the capability to identify and eliminate Spy.Win32.Redline.lu!heur without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
File Version Information
| CompanyName | Microsoft Corporation |
| FileDescription | Win32 Cabinet Self-Extractor |
| FileVersion | 11.00.9600.16428 (winblue_gdr.131013-1700) |
| InternalName | Wextract |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | WEXTRACT.EXE .MUI |
| ProductName | Internet Explorer |
| ProductVersion | 11.00.9600.16428 |
| Translation | 0x0409 0x04b0 |
| CompanyName | ティッシュはこ |
| FileDescription | |
| FileVersion | 1.0.0.0 |
| InternalName | Wextract |
| LegalCopyright | ティッシュはこ |
| OriginalFilename | WEXTRACT.EXE .MUI |
| ProductName | かなちゃんの足コキ! |
| ProductVersion | 1.0.0.0 |
| Translation | 0x0412 0x04b0 |
Portable Executable Info
 |
6ce4c2b8ba15754bb7cccfb8d7176d1b cf6cae752facaf5906c0a1a5c03e197a 5a526461aace6c71 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x004067cc |
| Compilation: | 2013-10-14 05:50:27 |
| Checksum: | 0x006a7e66 (Actual: 0x006912d4) |
| OS Version: | 6.3 |
| PDB Path: | wextract.pdb |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 5 |
| Imports: | ADVAPI32, KERNEL32, GDI32, USER32, msvcrt, COMCTL32, Cabinet, VERSION, |
| Exports: | 0 |
| Resources: | 44 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000065cc | 0x00006600 | e9bf1a1e456a9a811b1b86e6602e3636 | 6.38 |
| .data | 0x00008000 | 0x00001a8c | 0x00000400 | 317f8a934ee443eee01c2a315bde9ca1 | 3.18 |
| .idata | 0x0000a000 | 0x00001078 | 0x00001200 | d8675ba112ef922c6057a02546757a1a | 5.05 |
| .rsrc | 0x0000c000 | 0x0067c978 | 0x0067ca00 | 50c10ebde83afdcc8fc55f82a6a365a2 | 8.00 |
| .reloc | 0x00689000 | 0x000013ae | 0x00001400 | 83de2f9b2c95be6fea06bced7e8a058e | 3.72 |
