risepro | ce98b45d63438709563d7ea3c5735d70685435bbe96cb6f8ab60fe7a2d632f7c

Sharing

Copy URL Twitter E-mail

General

Target

ce98b45d63438709563d7ea3c5735d70685435bbe96cb6f8ab60fe7a2d632f7c
Size

945KB
MD5

1c239a35c8a1d31658e35f4524f5f058
SHA1

55461b3c96476b5c1d6c391c4aa93c9ad8cea641
SHA256

ce98b45d63438709563d7ea3c5735d70685435bbe96cb6f8ab60fe7a2d632f7c
SHA512

d81eaee9d95ea61d466e1ec1eefd6a2e4a6aec954dcbd704de36deed07b0a81c8cae03ffa85e13f099d778e5485ad99446b763b41bdaae33706db539091285de
SSDEEP

24576:ceQGMLqykKVXc3UMl5rynLI2Vm8VSq2t8c8WH2K:NTuFXbMlMnLI2Vm8VSq2tEC2K

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Files

ce98b45d63438709563d7ea3c5735d70685435bbe96cb6f8ab60fe7a2d632f7c
.exe windows:6 windows x86 arch:x86

09d4a6731938570fd636ee35cb67d05b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/06/2022, 00:00

Not After

21/06/2025, 23:59

Subject

SERIALNUMBER=0705579-2,CN=F-Secure Corporation,O=F-Secure Corporation,L=Helsinki,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:89:be:5b:71:9e:7e:62:c6:e8:1a:9f:74:e1:83:8d:2e:b6:89:26:20:12:71:86:31:09:ad:33:8f:7f:44:60
Signer

Actual PE Digest

5b:89:be:5b:71:9e:7e:62:c6:e8:1a:9f:74:e1:83:8d:2e:b6:89:26:20:12:71:86:31:09:ad:33:8f:7f:44:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\OneClient\oneclient_network_installer\output\x86\Release_Static\NetworkInstaller_32.pdb

Imports

gdiplus

GdipFree
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipAlloc
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdiplusShutdown
GdiplusStartup
GdipFillEllipseI
GdipDrawEllipseI
GdipSetPenLineCap197819
GdipAddPathLineI
GdipFillPath
GdipDrawPath
GdipSetSmoothingMode
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeletePath
GdipCreatePath
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipResetImageAttributes
GdipGetImageBounds
GdipDisposeImage
GdipCloneImage
GdipCreateImageAttributes

kernel32

GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
GlobalMemoryStatusEx
GetVersionExW
GetNativeSystemInfo
GetTimeZoneInformation
GetLocaleInfoW
GetSystemDefaultUILanguage
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
SetFileAttributesW
GetTickCount
GetSystemDirectoryW
GetModuleFileNameW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
CreateProcessW
IsWow64Process
LocalFree
FreeLibrary
CompareFileTime
GetFileTime
SetFileInformationByHandle
SetErrorMode
RaiseException
GetCurrentThread
ExpandEnvironmentStringsW
OutputDebugStringA
GetCurrentThreadId
GetSystemTime
GetLocalTime
FlushFileBuffers
GetFileInformationByHandle
HeapAlloc
HeapFree
GetProcessHeap
OpenMutexW
LoadLibraryExW
ReleaseMutex
GlobalFree
GetLocaleInfoA
GetUserDefaultUILanguage
LoadResource
LockResource
SizeofResource
FindResourceW
MulDiv
LoadLibraryW
IsProcessorFeaturePresent
VerifyVersionInfoW
VerSetConditionMask
WriteFile
CreateFileW
SetLastError
GetProcAddress
GetCommandLineW
CreateMutexW
GlobalFindAtomW
GlobalAddAtomW
GetExitCodeProcess
GetCurrentProcess
DeleteFileW
ResetEvent
GetCurrentProcessId
ProcessIdToSessionId
GetTickCount64
SetEvent
CopyFileW
WaitForMultipleObjects
CreateEventW
GetModuleHandleW
GetLastError
CloseHandle
FreeConsole
GetStdHandle
WriteConsoleW
AttachConsole
WaitForSingleObject
Sleep
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
CompareStringW
LCMapStringW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
SystemTimeToFileTime
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
GetExitCodeThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime

gdi32

SetBkMode
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentExPointW
CreateFontIndirectW
GetTextMetricsW
GetDeviceCaps
CreateFontW
SetTextColor
SetBkColor
CreateSolidBrush
DeleteObject
SelectObject
GetObjectW

advapi32

AllocateAndInitializeSid
GetSidSubAuthorityCount
GetSidSubAuthority
RegGetValueW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
ConvertSidToStringSidW
LookupAccountNameW
IsValidSid
GetLengthSid
FreeSid
CheckTokenMembership
IsWellKnownSid
OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorControl
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

Sections

.text
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09d4a6731938570fd636ee35cb67d05b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

5b:89:be:5b:71:9e:7e:62:c6:e8:1a:9f:74:e1:83:8d:2e:b6:89:26:20:12:71:86:31:09:ad:33:8f:7f:44:60Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

gdi32

advapi32

ole32

oleaut32

rpcrt4

Sections

.text Size: 498KB - Virtual size: 498KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 12KB - Virtual size: 31KB

.rsrc Size: 261KB - Virtual size: 264KB

.reloc Size: 26KB - Virtual size: 26KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0f:ce:9e:0e:c9:d2:71:3f:0d:21:c2:31:9d:31:0a:60
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

5b:89:be:5b:71:9e:7e:62:c6:e8:1a:9f:74:e1:83:8d:2e:b6:89:26:20:12:71:86:31:09:ad:33:8f:7f:44:60
Signer

.text
Size: 498KB - Virtual size: 498KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 12KB - Virtual size: 31KB

.rsrc
Size: 261KB - Virtual size: 264KB

.reloc
Size: 26KB - Virtual size: 26KB