risepro | dffc1690ce50c9645323c7c7858f15c4d59ba84a158faa16333fe0f42282795e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dffc1690ce50c9645323c7c7858f15c4d59ba84a158faa16333fe0f42282795e
Size

5.6MB
MD5

0d26cb2c0bf30101fa2bcba5a946356d
SHA1

280dfa3f22696e629a1e3ed8a7abd0edb55d511a
SHA256

dffc1690ce50c9645323c7c7858f15c4d59ba84a158faa16333fe0f42282795e
SHA512

350f23de4524726006faec9b05322517c28b364e4420775da3aef45783b5809d249140a0563585f528021f989a1187ccf8ded84192fa1af6ad2bb7688abb0210
SSDEEP

98304:N0Ul8+Bhj183cPTUvc63mo+EycAqx3ii6BKOMdfcQIyJNPat1wct2o56:9VKp3mozycAqxyi6pGfcAJNPaHtt2w6

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dffc1690ce50c9645323c7c7858f15c4d59ba84a158faa16333fe0f42282795e

Files

dffc1690ce50c9645323c7c7858f15c4d59ba84a158faa16333fe0f42282795e
.exe windows:6 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

Start

Sections

Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ptojyoeu
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jkvjqlal
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE