risepro | 2060-49-0x0000000000490000-0x0000000000829000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2060-49-0x0000000000490000-0x0000000000829000-memory.dmp
Size

3.6MB
MD5

862788625dc416f6e22d2d432b05cc0a
SHA1

f3b9b1384bc0ec9f85b25eb89bfd6cd2df3f1d9d
SHA256

3765c63996686258be12a30027e2f8305446c6fef76c570dd632cae2a0a48a32
SHA512

1118426a3fa37e39a3c402f1b3771a61f62e6f42373f6852742aacc2726eaa308ffe5c5e2e86cfd2a091a0b7af1bc1ac95b133e7ea409bc82ece00e7a1fd893e
SSDEEP

49152:yLjbVm7yLCJs5NYMU4FB83Tj+qpmVKl7p8lmIkimb2Uex4VBjCmsNENQ6LVb:2VcyLCq52MUKhqpcKl7p8lOaUfFCKl

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2060-49-0x0000000000490000-0x0000000000829000-memory.dmp

Files

2060-49-0x0000000000490000-0x0000000000829000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 562KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gqyvwbkn
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tzfznsec
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE