risepro | bee8611a272a219c3012f782b6f7b480f23bc7f1cfd04cc9c633dd9c3cf42c06

Sharing

Copy URL Twitter E-mail

General

Target

bee8611a272a219c3012f782b6f7b480f23bc7f1cfd04cc9c633dd9c3cf42c06
Size

3.9MB
MD5

d41dde6012f942e2c418ed84dd961507
SHA1

146cf25c859a593e4c3d5e6bc2858e53cd8863e3
SHA256

bee8611a272a219c3012f782b6f7b480f23bc7f1cfd04cc9c633dd9c3cf42c06
SHA512

ab5adcbcf509ded50fad58cc71ec82976d933e12ee26fc8315f867e5b7d9e29975e5a2dcbc2037e2711941bd7d6532e9e60b92b66480f0227b40710837d980b0
SSDEEP

49152:0Nbd7UosKvAqtPcNRdIcRi/Hr+UVGbcAbhB29C5qtL7vxwv0h+m4xZHzSHzQPxGG:0N3UcH9C5qtCc+m4zSAE

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bee8611a272a219c3012f782b6f7b480f23bc7f1cfd04cc9c633dd9c3cf42c06

Files

bee8611a272a219c3012f782b6f7b480f23bc7f1cfd04cc9c633dd9c3cf42c06
.exe windows:6 windows x86 arch:x86

024f733dcb4997a9c13c195572cd4aba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Git\MBTOOLS\org\SWJSON\TdcTestUtil\bin\WNET\WNET_x86.pdb

Imports

ws2_32

bind
closesocket
ioctlsocket
getsockname
getsockopt
ntohs
select
getservbyport
getservbyname
WSASetLastError
connect
htons
inet_addr
inet_ntoa
listen
recv
send
gethostbyname
gethostbyaddr
setsockopt
sendto
recvfrom
htonl
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
accept

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

oleaut32

CreateErrorInfo
GetErrorInfo
VariantChangeTypeEx
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SetErrorInfo

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInterfaceA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsExA
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

advapi32

StartServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenServiceA
RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

SetEndOfFile
HeapSize
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStringTypeW
SetStdHandle
OutputDebugStringW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
QueryPerformanceFrequency
GetTimeZoneInformation
MoveFileExW
DeleteFileW
DecodePointer
FormatMessageW
SetEnvironmentVariableW
IsWow64Process
CreateFileMappingA
ExitThread
ResumeThread
FreeLibraryAndExitThread
CreateTimerQueue
SetEvent
WaitForSingleObjectEx
CreatePipe
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
SwitchToThread
TryEnterCriticalSection
CreateEventW
ReleaseMutex
CreateMutexA
MapViewOfFile
IsValidCodePage
UnmapViewOfFile
CloseHandle
WaitForSingleObject
Sleep
CreateThread
GetExitCodeThread
GetLastError
GetCurrentProcessId
GetTickCount
OutputDebugStringA
GetStdHandle
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
DeviceIoControl
GlobalAlloc
GlobalFree
SignalObjectAndWait
SetCurrentDirectoryA
GetSystemFirmwareTable
GetModuleFileNameA
LocalAlloc
LocalFree
FormatMessageA
GetCurrentThreadId
GetSystemDirectoryA
GetNativeSystemInfo
GetWindowsDirectoryA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
FreeLibrary
GetProcAddress
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryA
GetFileType
WriteFile
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
GetEnvironmentVariableW
GetACP
SwitchToFiber
RtlCaptureStackBackTrace
CreateFiberEx
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiberEx
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetExitCodeProcess
GetCurrentThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
PeekNamedPipe
GetFileInformationByHandle
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
SetProcessAffinityMask
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
SetConsoleCursorPosition
DeleteFiber
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ReadFile
DuplicateHandle
CreateProcessW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetCommandLineA
GetCommandLineW
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

024f733dcb4997a9c13c195572cd4aba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

ole32

oleaut32

setupapi

iphlpapi

advapi32

version

crypt32

kernel32

bcrypt

user32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 712KB - Virtual size: 711KB

.data Size: 20KB - Virtual size: 142KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 142KB - Virtual size: 142KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 712KB - Virtual size: 711KB

.data
Size: 20KB - Virtual size: 142KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 142KB - Virtual size: 142KB