risepro | 4080-14-0x00000000001B0000-0x0000000000793000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4080-14-0x00000000001B0000-0x0000000000793000-memory.dmp
Size

5.9MB
MD5

ec97453b58e4667c3d4a99e4188b441d
SHA1

ba2a1b56373430bdcb000aa6f7f54abf11e136a8
SHA256

c752469c5b175caf3cd4317941453cd51c68e3f830acc335e1b7f098d184961b
SHA512

280304c88c550b2b3dfe709cbef7287746b82a438f6a4de1e5b697509838362ee16d76e759ffd5a8dd185575a0926b7665208195abbb10e0ac93a608b2549dfa
SSDEEP

98304:d3SzBJ8T3L/OwXjsM8n0Oum1IFxIleqDDCNqiOlRDXS/3aePNP3xyudGd+Ve:VCJU3L/OejsM00OumWpaXAqe1fxLdx

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4080-14-0x00000000001B0000-0x0000000000793000-memory.dmp

Files

4080-14-0x00000000001B0000-0x0000000000793000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 680KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hbwvanuc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

evjwumhm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE