risepro | 3492-4-0x0000000000400000-0x0000000000555000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3492-4-0x0000000000400000-0x0000000000555000-memory.dmp
Size

1.3MB
MD5

acfe2ecd6b8a5cb3ffda872cea7bdaf9
SHA1

03401352d692162946df4f3109595c46bed39a89
SHA256

5e9f67ba331d8632648f5120fb6f898ec3f054493544351c9ba2141b3466b268
SHA512

364a55ee0cd6d77160ad2aed774869890bf5f4111ae0854492d1f637243d80243582b424a792018d1b37f7bf5ed1050a7bbc573a8041c52256a909ea3e88eb87
SSDEEP

24576:bsbTcFjF3ll85DHrk+3Nzg0eNhO7hNc9mtk2qiMf+rD/rDfvT3QVCU:7FjF3ll8p7Rnt8b4D/rDfvT

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3492-4-0x0000000000400000-0x0000000000555000-memory.dmp

Files

3492-4-0x0000000000400000-0x0000000000555000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.2MB

IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE