risepro | ConsoleApplication2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ConsoleApplication2.exe
Size

4.4MB
MD5

e3daf41ed04e349c7fd2af96a9880036
SHA1

3796281e73b24d5aa01e1d81989c1183fe03b6f8
SHA256

bc1eac1a1303c0d8239e3ece3ec3f1fd7a4a835357483649964184d8a95ef68b
SHA512

14ab2ac3c2c6296e55bca81555dbc8a266591dd8811ce6fd3d100e214f29c2dab9db13a28196d060a3de62ac5b71e72eed3ad71ba1e8aedd8b8836b9d72ace7d
SSDEEP

49152:OtvD5wjumUp3X+EI1Cq7779sDy3kv3H5FLsaxdNOhRFDf/LgpnPbFhz0gvN+htWa:OtvD5wi5ECq7om5/L2F

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ConsoleApplication2.exe

Files

ConsoleApplication2.exe
.exe windows:6 windows x86 arch:x86

9b3f403619bee0f3a3d0df0dc0c1bd8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\fadi\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb

Imports

shlwapi

PathFindFileNameA

iphlpapi

GetAdaptersAddresses

kernel32

LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
SetLastError
MoveFileExW
GetEnvironmentVariableA
GetStdHandle
QueryPerformanceCounter
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
GetModuleHandleExW
VirtualFree
GetACP
GetFileSize
GetSystemDirectoryA
FindFirstFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetFileTime
SetFilePointerEx
CompareStringW
GetTimeFormatW
GetDateFormatW
CreatePipe
GetExitCodeProcess
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
ExitThread
CreateThread
GetTickCount
FlushFileBuffers
GlobalUnlock
GetSystemTime
CreateDirectoryA
GlobalMemoryStatusEx
LocalFree
GlobalLock
GetLocalTime
GetSystemInfo
CloseHandle
GetDiskFreeSpaceExW
GetLastError
WriteConsoleW
CopyFileA
Sleep
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
FindClose
FindNextFileA
GetModuleFileNameW
TerminateProcess
CreateProcessW
DuplicateHandle
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
FindNextFileW
GetFullPathNameW
FindFirstFileExW
FindFirstFileA
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
MapViewOfFile
SetEnvironmentVariableW
GetTimeZoneInformation
SetStdHandle
GetFileType
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
CompareStringEx
LCMapStringEx
TryAcquireSRWLockExclusive
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileInformationByHandleEx
SetFileInformationByHandle
GetFileInformationByHandle
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException

user32

GetWindowRect
GetDC
GetSystemMetrics
GetUserObjectInformationW
MessageBoxW
OpenClipboard
CloseClipboard
GetProcessWindowStation
ReleaseDC
GetClipboardData
GetDesktopWindow

gdi32

SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetBitmapBits

winspool.drv

EnumPrintersW

advapi32

CryptEncrypt
RegEnumValueW
GetUserNameW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptSetHashParam
CryptGetProvParam
GetSecurityInfo
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegQueryValueExW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CryptUnprotectData
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore

ws2_32

listen
htonl
getsockname
connect
bind
accept
select
getservbyport
inet_pton
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
recvfrom
recv
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getservbyname
shutdown
getaddrinfo
sendto
getpeername
WSASetLastError
freeaddrinfo
ioctlsocket
gethostname
gethostbyname
inet_addr
inet_ntoa
inet_ntop
gethostbyaddr
__WSAFDIsSet

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptDeriveKeyPBKDF2
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptCreateHash

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b3f403619bee0f3a3d0df0dc0c1bd8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

iphlpapi

kernel32

user32

gdi32

winspool.drv

advapi32

crypt32

ws2_32

bcrypt

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 762KB - Virtual size: 761KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 141KB - Virtual size: 140KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 762KB - Virtual size: 761KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 141KB - Virtual size: 140KB