risepro | 4664-13-0x00000000006B0000-0x0000000000CB1000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4664-13-0x00000000006B0000-0x0000000000CB1000-memory.dmp
Size

6.0MB
MD5

cecda19e6c672283015045fbc5e879a7
SHA1

d70b130f96af24d1cd9033ca00a0503717be1690
SHA256

30b3bd2ba9356e184009430329a642a0d451492d4a8da5aabde09a86eeb00cdd
SHA512

6615344afec5bf0b1522cdc28ba13089e6a6c298288cbde0a1f412d2d6a798ecdf4500793b5652471a212047a046e33ea743e19421c7849228ab2eaaefd7bf1b
SSDEEP

196608:LJ7fXrieBOiVX0O/GQe/njW2tga50qbHx:tzbHg8uDgo0qb

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4664-13-0x00000000006B0000-0x0000000000CB1000-memory.dmp

Files

4664-13-0x00000000006B0000-0x0000000000CB1000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 680KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mglpofyg
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jcawwvlx
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE