risepro | 2204-25-0x0000000000FA0000-0x0000000001F53000-memory[.]dmp

Sharing

Copy URL Twitter E-mail

General

Target

2204-25-0x0000000000FA0000-0x0000000001F53000-memory.dmp
Size

15.7MB
MD5

ccbd28b415b55e77aa0ef74cdf5fa891
SHA1

0d2e4f6d0a9bddbf2d94ca6e74656e821b351eda
SHA256

6816c8aff55a62d576260651001c3868b9cb4f413f4ac624e5d9c668a98f9a8e
SHA512

e5cb332f98b239c312ac8ff4505a9b25ba39ff2069243d3d2b41106cdaf1283085be7e87e2951f9e24c32c905daf8ebb7cc7d4639b8e02b2112ceca82b426300
SSDEEP

393216:7nUXo+8g+r5pMeuLg0ApMV25BnqTm2EQ3O:rUXohg+tpMemg0Apuur2lO

Score

10^/10

themida risepro

Malware Config

Signatures

Risepro family
risepro

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2204-25-0x0000000000FA0000-0x0000000001F53000-memory.dmp

Files

2204-25-0x0000000000FA0000-0x0000000001F53000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¡D�
Size: - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¡D�
Size: - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¡D�
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¡D�
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 1.3MB

Size: - Virtual size: 173KB

Size: - Virtual size: 34KB

.vmp¡D� Size: - Virtual size: 310KB

Size: - Virtual size: 39KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.7MB

.boot Size: - Virtual size: 2.6MB

.vmp¡D� Size: - Virtual size: 671KB

.vmp¡D� Size: 512B - Virtual size: 468B

.vmp¡D� Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 168KB - Virtual size: 310KB

.vmp¡D�
Size: - Virtual size: 310KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: - Virtual size: 2.6MB

.vmp¡D�
Size: - Virtual size: 671KB

.vmp¡D�
Size: 512B - Virtual size: 468B

.vmp¡D�
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 168KB - Virtual size: 310KB