risepro | 2004-0-0x0000000000800000-0x0000000000E8F000-memory[.]dmp | Triage

Sharing

General

Target

2004-0-0x0000000000800000-0x0000000000E8F000-memory.dmp
Size

6.6MB
MD5

e75fa619701ccb0bb1158235c61cfb14
SHA1

b191e02949513db331cbd90b872a555777e92e7b
SHA256

a59a140481b74c96c9b0faeeda2ef78d4e7556b1efe48cee147fdbe28feb3c96
SHA512

5bd3296eeb0ecc91fb4581f548a22a2f3626a34511e54a26e4758f7ed96cd00b07c45c760f197ecf46809a2846d2780f22d8621373d54a495d938e8a5b3eec40
SSDEEP

196608:MkNRGi/4Tas6e5sGGFsUMzDc4ikPpmhlJ:MsYie5sDFsBfPGlJ

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.49:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2004-0-0x0000000000800000-0x0000000000E8F000-memory.dmp

Files

2004-0-0x0000000000800000-0x0000000000E8F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

“ßV��
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

“ßV��
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

“ßV��
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ