risepro | 2016-1-0x0000000000C50000-0x0000000000FED000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2016-1-0x0000000000C50000-0x0000000000FED000-memory.dmp
Size

3.6MB
MD5

63b4d94de0d62a99a5d3fdb338c38793
SHA1

bfdf9d7ea8b0f6168af956441c2ff1c1d904e004
SHA256

c3d75cd26f1bd246851fbb0e0e0baa45efb506ad01050a5358b63927df14fef7
SHA512

50780fc8982ea2d9f583e4926e5f87a8e22d0e49babce30cc4f3c618f2fb4e48b9c3dc21074a7f40ed05174ac345f4b0b18af307e60f7fc68a747f27907133c8
SSDEEP

49152:ZHnD2+90PuuouWKJTF3JG5cE0j5BTRzp15YFKxNXd1:ZHnD5CPuNKvs2E0VBTNp15YFKx9

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2016-1-0x0000000000C50000-0x0000000000FED000-memory.dmp

Files

2016-1-0x0000000000C50000-0x0000000000FED000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

deihfgmd
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vdvhxahq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE