risepro | 1600-14-0x0000000000030000-0x0000000000612000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1600-14-0x0000000000030000-0x0000000000612000-memory.dmp
Size

5.9MB
MD5

172ea520b6523813c3adfa81505da289
SHA1

d03b7be491a14f28f92772dde3379312d6398834
SHA256

ac2f4dcde64a22bf3a60ae576b5c424be38c85f8c8f839ef394dee9aa105028d
SHA512

857e1546076521a20c785d6e946aca85fb5b8735720df311b7d3fcfe84722acdf2bbd318154cbd0ae78761be57e8207fbda40261c8f3080db94727609588f659
SSDEEP

98304:T4AbbLUDXr1GrCeIIwy0Oc+Wjb+KhRFKJIMcOsBBMaSQ8ltyIjoEAtbWsS4uLYiF:0CL8Xr1G+eIIt0Oc+WeGMYBFM9joEQmS

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1600-14-0x0000000000030000-0x0000000000612000-memory.dmp

Files

1600-14-0x0000000000030000-0x0000000000612000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 680KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nikvcwzh
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wrmxobxz
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE