risepro | 2552-18-0x0000000000D40000-0x000000000190F000-memory[.]dmp | Triage

Sharing

General

Target

2552-18-0x0000000000D40000-0x000000000190F000-memory.dmp
Size

11.8MB
MD5

fa95482c43f71553261806f38b2d67a5
SHA1

f631006846e38b93a6caf3c0b1a2f53d03d75262
SHA256

4367c2852eb43b1ec0c41b5161fcc5ace8b92b073fabd0f8b5f159ceacccbd15
SHA512

ffe82ad49c7f50da678e926684c57b7afd351167e1fc0f21e5c21c90b8a0cf0267ab1a724710f8812be23bc9b89200ffa70f44c6988a0a2b06653f844bfdf759
SSDEEP

196608:XmzMcLuppWP2AEV1Al/uLfOE84EXY5HdnovgkvaD6:XMspWhEqi+4EXSHKvgiaD

Score

10^/10

themida risepro

Malware Config

Signatures

Risepro family
risepro
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2552-18-0x0000000000D40000-0x000000000190F000-memory.dmp

Files

2552-18-0x0000000000D40000-0x000000000190F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 498KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 74KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 78KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ