risepro | ConsoleApplication2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ConsoleApplication2.exe
Size

4.5MB
MD5

ba6ea0efc527f2dcd8c13606a5e24e9a
SHA1

43a92bb3a589acf1a8480c7f0aeb14c7def349bd
SHA256

85e46e5e1a9b0117c0f1992ae253eac8fb69f854d35e7236583da529985204fc
SHA512

f4e7e4828bae57b8fac2e61ba254806408ef1aa2f35ac0da2b8b9fa5de25e2eaa537344138460f78b0271b82904a3b2e22f3ba078c9d8c3fe46c4f490c0462b5
SSDEEP

49152:mIvjeYIhNma2OwgHK0FqFREXY3Dl11tB+ugTizmRK6HeLAiIM1QfJPgDEWzIOwLy:mIvjeYgGoqF5DlzqTMTDEa

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ConsoleApplication2.exe

Files

ConsoleApplication2.exe
.exe windows:6 windows x86 arch:x86

5278d9c5b70842f6172326a7d54162b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\fadi\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb

Imports

shlwapi

PathFindFileNameW
PathFindExtensionW
PathFindFileNameA

iphlpapi

GetAdaptersAddresses

winmm

waveInUnprepareHeader
waveInGetNumDevs
waveInPrepareHeader
waveInOpen
waveInAddBuffer
waveInStop
waveInClose
waveInStart

kernel32

LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
SetLastError
MoveFileExW
GetEnvironmentVariableA
GetStdHandle
QueryPerformanceCounter
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
GetModuleHandleExW
VirtualFree
GetACP
GetFileSize
GetSystemDirectoryA
FindFirstFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetFileTime
SetFilePointerEx
CompareStringW
GetTimeFormatW
GetDateFormatW
CreatePipe
GetExitCodeProcess
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
ExitThread
CreateThread
GetTickCount
FlushFileBuffers
GlobalUnlock
GetSystemTime
CreateDirectoryA
GetConsoleWindow
GlobalMemoryStatusEx
LocalFree
GlobalLock
GetLocalTime
GetSystemInfo
CloseHandle
Process32FirstW
GetDiskFreeSpaceExW
Process32NextW
GetLastError
WriteConsoleW
CopyFileA
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetFileAttributesW
FindClose
FindNextFileA
GetModuleFileNameW
TerminateProcess
lstrlenW
CreateProcessW
DuplicateHandle
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
FindNextFileW
GetFullPathNameW
FindFirstFileExW
FindFirstFileA
GetModuleFileNameA
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
MapViewOfFile
SetEnvironmentVariableW
GetTimeZoneInformation
SetStdHandle
GetFileType
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
CompareStringEx
LCMapStringEx
GetExitCodeThread
TryAcquireSRWLockExclusive
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileInformationByHandleEx
CopyFileW
SetFileInformationByHandle
GetFileInformationByHandle
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException

user32

GetWindowRect
GetDC
GetSystemMetrics
GetUserObjectInformationW
MessageBoxW
OpenClipboard
CloseClipboard
MessageBoxA
GetProcessWindowStation
ReleaseDC
GetClipboardData
GetDesktopWindow
ShowWindow

gdi32

SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetBitmapBits

winspool.drv

EnumPrintersW

advapi32

CryptEncrypt
RegEnumValueW
GetUserNameW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
GetUserNameA
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptSetHashParam
CryptGetProvParam
GetSecurityInfo
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegQueryValueExW

ole32

CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoUninitialize

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CryptUnprotectData
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore

ws2_32

listen
htonl
getsockname
connect
bind
accept
select
getservbyport
inet_pton
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
recvfrom
recv
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getservbyname
shutdown
getaddrinfo
sendto
getpeername
WSASetLastError
freeaddrinfo
ioctlsocket
gethostname
gethostbyname
inet_addr
inet_ntoa
inet_ntop
gethostbyaddr
__WSAFDIsSet

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptDeriveKeyPBKDF2
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptCreateHash

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 786KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5278d9c5b70842f6172326a7d54162b7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

iphlpapi

winmm

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

crypt32

ws2_32

bcrypt

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 786KB - Virtual size: 785KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 144KB - Virtual size: 144KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 786KB - Virtual size: 785KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 144KB - Virtual size: 144KB