risepro | ConsoleApplication2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ConsoleApplication2.exe
Size

4.4MB
MD5

6a866e8b7f4a223863dcf890f3c43088
SHA1

552a34e7dbd2f8e786d3b430b07ebd196ae31f91
SHA256

199cd42bfd4537c5fc24019228ca2027392798c42a2c82ddd3e475d7291db9d2
SHA512

84746bd3bcfd744142422c68084bb1dca15383394b8043491408127f11394b420d74f8887540fa1a8e159414655aee842e8282a6b06200657a1e30a2dcad4a70
SSDEEP

49152:HdvoAA5Kmn/AmCv8bR+k42cyfay1PfSzXEdORTt8R8zIOpGzEtvhTXGnkHPHE5zi:HdvI5rNMkjfD7nIvo+EuS

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ConsoleApplication2.exe

Files

ConsoleApplication2.exe
.exe windows:6 windows x86 arch:x86

9b3f403619bee0f3a3d0df0dc0c1bd8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\fadi\source\repos\ConsoleApplication2\Release\ConsoleApplication2.pdb

Imports

shlwapi

PathFindFileNameA

iphlpapi

GetAdaptersAddresses

kernel32

LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
QueryPerformanceFrequency
GetSystemDirectoryW
GetModuleHandleW
SetLastError
MoveFileExW
GetEnvironmentVariableA
GetStdHandle
QueryPerformanceCounter
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
GetModuleHandleExW
VirtualFree
GetACP
GetFileSize
GetSystemDirectoryA
FindFirstFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetFileTime
SetFilePointerEx
CompareStringW
GetTimeFormatW
GetDateFormatW
CreatePipe
GetExitCodeProcess
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
ExitThread
CreateThread
GetTickCount
FlushFileBuffers
GlobalUnlock
GetSystemTime
CreateDirectoryA
GlobalMemoryStatusEx
LocalFree
GlobalLock
GetLocalTime
GetSystemInfo
CloseHandle
GetDiskFreeSpaceExW
GetLastError
WriteConsoleW
CopyFileA
Sleep
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
FindClose
FindNextFileA
GetModuleFileNameW
TerminateProcess
CreateProcessW
DuplicateHandle
ExitProcess
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
FindNextFileW
GetFullPathNameW
FindFirstFileExW
FindFirstFileA
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
MapViewOfFile
SetEnvironmentVariableW
GetTimeZoneInformation
SetStdHandle
GetFileType
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DecodePointer
EncodePointer
CompareStringEx
LCMapStringEx
TryAcquireSRWLockExclusive
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileInformationByHandleEx
SetFileInformationByHandle
GetFileInformationByHandle
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException

user32

GetWindowRect
GetDC
GetSystemMetrics
GetUserObjectInformationW
MessageBoxW
OpenClipboard
CloseClipboard
GetProcessWindowStation
ReleaseDC
GetClipboardData
GetDesktopWindow

gdi32

SelectObject
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
GetBitmapBits

winspool.drv

EnumPrintersW

advapi32

CryptEncrypt
RegEnumValueW
GetUserNameW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptSetHashParam
CryptGetProvParam
GetSecurityInfo
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegQueryValueExW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CryptUnprotectData
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore

ws2_32

listen
htonl
getsockname
connect
bind
accept
select
getservbyport
inet_pton
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
recvfrom
recv
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getservbyname
shutdown
getaddrinfo
sendto
getpeername
WSASetLastError
freeaddrinfo
ioctlsocket
gethostname
gethostbyname
inet_addr
inet_ntoa
inet_ntop
gethostbyaddr
__WSAFDIsSet

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptDeriveKeyPBKDF2
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptDestroyKey
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptCreateHash

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 762KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b3f403619bee0f3a3d0df0dc0c1bd8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

iphlpapi

kernel32

user32

gdi32

winspool.drv

advapi32

crypt32

ws2_32

bcrypt

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 762KB - Virtual size: 761KB

.data Size: 35KB - Virtual size: 45KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 141KB - Virtual size: 140KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 762KB - Virtual size: 761KB

.data
Size: 35KB - Virtual size: 45KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 141KB - Virtual size: 140KB