risepro | 2376-941-0x0000000000AF0000-0x0000000001AA3000-memory[.]dmp

Sharing

Copy URL

Twitter E-mail

General

Target

2376-941-0x0000000000AF0000-0x0000000001AA3000-memory.dmp
Size

15.7MB
MD5

0d98a6569087559ed8e2dd259c4661e3
SHA1

b25072a5d3ab54372272cb70b3244368007e150a
SHA256

84d4d6eb6a02b760e4bd58fe364f0da0cef932ca4006654aeb83bed931b0efae
SHA512

e7e44c5b54c5c14582b3be6fdce36379f05b3a43aa5a82cba669221045960e430ac62f4cd87993ee31be6601017b5d62271281cbc6228f72db9598f74c65b678
SSDEEP

393216:Qj+R9X+8TUr5pMeuLg0AoUt55+VqTm2Ecaq:0+jXhTUtpMemg0AouKV2sq

Score

10^/10

themida risepro

Malware Config

Signatures

Risepro family
risepro

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2376-941-0x0000000000AF0000-0x0000000001AA3000-memory.dmp

Files

2376-941-0x0000000000AF0000-0x0000000001AA3000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¡D�
Size: - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¡D�
Size: - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¡D�
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¡D�
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 1.3MB

Size: - Virtual size: 173KB

Size: - Virtual size: 34KB

.vmp¡D� Size: - Virtual size: 310KB

Size: - Virtual size: 39KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.7MB

.boot Size: - Virtual size: 2.6MB

.vmp¡D� Size: - Virtual size: 671KB

.vmp¡D� Size: 512B - Virtual size: 468B

.vmp¡D� Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 168KB - Virtual size: 310KB

.vmp¡D�
Size: - Virtual size: 310KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: - Virtual size: 2.6MB

.vmp¡D�
Size: - Virtual size: 671KB

.vmp¡D�
Size: 512B - Virtual size: 468B

.vmp¡D�
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 168KB - Virtual size: 310KB