risepro | 3008-15-0x0000000000D60000-0x0000000001ADD000-memory[.]dmp

General

Target

3008-15-0x0000000000D60000-0x0000000001ADD000-memory.dmp
Size

13.5MB
MD5

6a6495bfe4c441cbebfa173319ff81fb
SHA1

2dabb851decb693c9b0964e372174ac65a865609
SHA256

9209b1077fb3947b8c053341cd02188fcd3409e0727ee8fe81d8d6cdd7bd9663
SHA512

595afd0d0625f9e3a1725b996850f4ed0cb5cb8b1a1cfff19059c0eea21386628a0d87056c3ad95ce071a243ec9cf04b5483e654bf76a8bc4b6a04a815e67545
SSDEEP

196608:4TEM1yMXhr+JmAvE4WiRNa0nkUZ1gLd1fLi0IT0h6tVJypcI+r0zdZBJ9QJTpxc/:4Q0+3sb7GZ1CITIpcILfZQFq

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.49:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3008-15-0x0000000000D60000-0x0000000001ADD000-memory.dmp

Files

3008-15-0x0000000000D60000-0x0000000001ADD000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.][&uÚ^
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.][&uÚ^
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.][&uÚ^
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp"Û-
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp"Û-
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp"Û-
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 154KB

.data Size: - Virtual size: 13KB

.][&uÚ^ Size: - Virtual size: 2.2MB

.][&uÚ^ Size: - Virtual size: 1KB

.][&uÚ^ Size: - Virtual size: 1.3MB

.vmp"Û- Size: - Virtual size: 2.0MB

.vmp"Û- Size: 1024B - Virtual size: 972B

.vmp"Û- Size: 6.6MB - Virtual size: 6.6MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 154KB

.data
Size: - Virtual size: 13KB

.][&uÚ^
Size: - Virtual size: 2.2MB

.][&uÚ^
Size: - Virtual size: 1KB

.][&uÚ^
Size: - Virtual size: 1.3MB

.vmp"Û-
Size: - Virtual size: 2.0MB

.vmp"Û-
Size: 1024B - Virtual size: 972B

.vmp"Û-
Size: 6.6MB - Virtual size: 6.6MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 127KB - Virtual size: 126KB