risepro | 308020990x00000000013800000x0000000001896000memorydmp[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

308020990x00000000013800000x0000000001896000memorydmp.exe
Size

5.1MB
MD5

a518682fb1ecc672687e8721be81e280
SHA1

71b953d4c2aba94b70239d67418a759124cce9c3
SHA256

2ef73ac2300e1cc5ac27e804593a65fffb89a61b1f88e2999d5de11be6fb5afa
SHA512

07555416ddf8df99db0925c799068bf59fa4fe5bbc105ef4e26163ed71f7f14d9b0af891d07e30af3c791d2798588eea9eae06c23c17d0e28eaffa16a48d1a47
SSDEEP

98304:kL9gL//tUA7+y6WAIhmCFUr1mgHueFEqjOe9wR:kL9U//51FsxtF19

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
308020990x00000000013800000x0000000001896000memorydmp.exe

Files

308020990x00000000013800000x0000000001896000memorydmp.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 492KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 191KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 990KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE