risepro | 4056-2-0x00000000006C0000-0x0000000000E6A000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4056-2-0x00000000006C0000-0x0000000000E6A000-memory.dmp
Size

7.7MB
MD5

0e9dcc1f2eee0e6eda0c8d3cc4c829e8
SHA1

33c158ed445929e3a6438a2fbcac1b2a44d82bb1
SHA256

1d6b8a45637142663354dcecea3f5579745ff30a748eb98249465fd32d3a5f46
SHA512

5343d0ee49948c5a1a2e8cc3fd778424abc6b93dd3612c00a0606f718d756897114f33390927a71f0dc10c018261c60216ceeff0dc64b2541a442ea8769098d1
SSDEEP

196608:pzfhuFaJt34HiMEY57aVBTC1dywgnPtuwPSb:Du0TMl5OvWzCPtuwPm

Score

10^/10

themida risepro

Malware Config

Signatures

Risepro family
risepro

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4056-2-0x00000000006C0000-0x0000000000E6A000-memory.dmp

Files

4056-2-0x00000000006C0000-0x0000000000E6A000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 526KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ