risepro | 2024-05-31_ab24c1973d35606fb88797ff9d34d9e5_magniber_revil

Sharing

Copy URL

Twitter E-mail

General

Target

2024-05-31_ab24c1973d35606fb88797ff9d34d9e5_magniber_revil
Size

4.3MB
MD5

ab24c1973d35606fb88797ff9d34d9e5
SHA1

3b7b8e2d2b664ed3eacbc19125f101ed719c201d
SHA256

a3f3b9b0190108bdbdbad2813fb7129c3e9aa16dd2dbd22f49ac263cb29af541
SHA512

59d1db419f36737ab74eb94a56bc55e94c0ece377f8df244aeee0c65562530addfc0626e35cea0989e0d740bbb786efcffdd15cb382605d6fb217f3525cf8010
SSDEEP

49152:45PigeXnpHE21zKhYOPCP1/j2T37gZKUxT2cHF6c9Otutnt2r4PRSEk1ul:4UpH11+hDPS/j4gDx2kt2sEE5

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-31_ab24c1973d35606fb88797ff9d34d9e5_magniber_revil

Files

2024-05-31_ab24c1973d35606fb88797ff9d34d9e5_magniber_revil
.exe windows:6 windows x86 arch:x86

0cc64d938b1dd8acbfc68cbd56373afa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\MBAM-Windows\N_MB5Uns\bin\Win32\Release\mb5uns.pdb

Imports

crypt32

CryptMsgClose
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CryptQueryObject

iphlpapi

GetAdaptersInfo

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentThreadId
SetLastError
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
LocalFree
FormatMessageW
LocalAlloc
Sleep
CallNamedPipeW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateMutexW
DecodePointer
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalFree
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
SetThreadUILanguage
GetSystemDirectoryW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
K32GetModuleFileNameExA
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameA
GetTickCount
OutputDebugStringW
CreateFileW
SwitchToThread
GetTempPathW
CopyFileW
FlushFileBuffers
GetFileSizeEx
ReadFile
WriteFile
GetFileInformationByHandle
GetCurrentProcess
GetSystemInfo
GetCurrentThread
FileTimeToSystemTime
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
HeapReAlloc
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
HeapAlloc
SetEndOfFile
FindNextFileW
FindClose
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
SetEvent
ResetEvent
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
DeleteFiber
GetFileType
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
GetThreadTimes
HeapDestroy
MulDiv
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
AreFileApisANSI
GetFullPathNameW
FindFirstFileExW
GetStringTypeW
LoadLibraryExA
VirtualQuery
VirtualProtect

dwmapi

DwmGetWindowAttribute

bcrypt

BCryptGenRandom

ws2_32

WSAGetLastError
send
recv
WSASetLastError
closesocket
WSAStartup
WSACleanup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 660KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cc64d938b1dd8acbfc68cbd56373afa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

iphlpapi

kernel32

dwmapi

bcrypt

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 679KB - Virtual size: 678KB

.data Size: 36KB - Virtual size: 53KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 660KB - Virtual size: 664KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 679KB - Virtual size: 678KB

.data
Size: 36KB - Virtual size: 53KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 660KB - Virtual size: 664KB