risepro | 4904-13-0x00000000005D0000-0x0000000000BB1000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4904-13-0x00000000005D0000-0x0000000000BB1000-memory.dmp
Size

5.9MB
MD5

6452be51a4a9d4a2c9c72158a247b2e3
SHA1

81c350024bb6111d50bbfad092cfcc54f7192e86
SHA256

af5c79711e5381b99315bc7987a78e809029d8627c6ac9e58723391bb6e41306
SHA512

26b84d57a938bcb632354cf4c3eef2c5437cb21753493d4e6af960c4f2a76718303c0e6c71b7b6e5fc7f3ef9b48103a3ebd0d1d4ca8a38904c3673615ffb4793
SSDEEP

98304:LEp5jB4LHDmUsbFBv9o0OenaSnGmmhmz3To6TglTNUk5FBHz3b13A:w/BUHDmU2FBvm0OPS7bQTNUk5HjbN

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4904-13-0x00000000005D0000-0x0000000000BB1000-memory.dmp

Files

4904-13-0x00000000005D0000-0x0000000000BB1000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 680KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pureosrm
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wpfqctpk
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE