risepro | 0162dbec920d04907052c350dc0ac7345f31113effb4a4aa9619af0e89e8bdb3

Sharing

Copy URL Twitter E-mail

General

Target

0162dbec920d04907052c350dc0ac7345f31113effb4a4aa9619af0e89e8bdb3
Size

1.5MB
MD5

bb56910dd524f2b1bb35020135432aa3
SHA1

52e539c7f8ed5ea82eca3da9ec5d95c7e1acf19c
SHA256

0162dbec920d04907052c350dc0ac7345f31113effb4a4aa9619af0e89e8bdb3
SHA512

b2c134aaa260c5c7c7f6cfeac5683c8a895a543fe2fde9c7b8c0008a90368dc25ae6a46fc8d5f4f89c9bdfa26c460c81fedc1a666b1f54655f6857cfe4ae8a70
SSDEEP

24576:/RDVUFVkWieSlgw5+qgo0bypOKV+qYQ+TgU2CPlvwF1f4NMfJodAtB1WPAKyrtip:/RDVRWelh5+BHbsV+qd+MU1ta1AufJoJ

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0162dbec920d04907052c350dc0ac7345f31113effb4a4aa9619af0e89e8bdb3

Files

0162dbec920d04907052c350dc0ac7345f31113effb4a4aa9619af0e89e8bdb3
.dll windows:6 windows x86 arch:x86

6558d5497d5487887c93b14bda4f5b52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Cirno\Documents\rpgProjs\loaders\Release\wolfHook.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetOEMCP
GetCPInfo
GetLocaleInfoA
GetLocaleInfoW
CreateThread
GetCurrentProcess
lstrcpyW
AllocConsole
SetConsoleOutputCP
SetStdHandle
GetModuleFileNameW
ReadProcessMemory
lstrlenA
OutputDebugStringW
OutputDebugStringA
VirtualQueryEx
FormatMessageA
FormatMessageW
LocalFree
TlsAlloc
GetLastError
CloseHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
WaitForMultipleObjects
TerminateThread
QueueUserAPC
WaitForSingleObject
SetEvent
GetCurrentProcessId
PostQueuedCompletionStatus
CancelIoEx
GetProcAddress
GetCurrentThreadId
K32EnumProcessModules
K32GetModuleInformation
SuspendThread
ResumeThread
CreateFileW
Thread32First
Thread32Next
GetCommandLineW
OpenThread
GetModuleFileNameA
SetEnvironmentVariableW
LoadLibraryA
GetStartupInfoA
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetTickCount64
QueryPerformanceCounter
SleepEx
CreateEventW
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
VerSetConditionMask
VerifyVersionInfoW
CreateWaitableTimerW
GetModuleHandleA
HeapCreate
CreateFileA
SetCurrentDirectoryA
CreateDirectoryA
GetACP
SetEndOfFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetProcessHeap
HeapQueryInformation
HeapSize
SetCurrentDirectoryW
lstrlenW
CreateToolhelp32Snapshot
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
ExitProcess
GetFileAttributesExW
ReadFile
CreateDirectoryW
GetSystemInfo
HeapValidate
GetFullPathNameW
GetDriveTypeW
GetModuleHandleExW
SetThreadLocale
LoadLibraryExW
FreeLibrary
InterlockedFlushSList
RtlUnwind
VirtualQuery
VirtualFree
VirtualAlloc
SetThreadContext
GetLocaleInfoEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceFrequency
RaiseException
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetStringTypeW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetThreadContext

user32

SetWindowLongA
CharNextExA
CharPrevExA
MessageBoxW
CharNextA
CharPrevA
MessageBoxA
GetMessageTime
SetTimer
GetWindowTextW
IsWindowVisible
SetWindowTextW
GetKeyboardState
ToAscii
CallWindowProcW
GetWindowLongA
IsWindowUnicode
GetWindowLongW
SetWindowLongW

gdi32

GetGlyphOutlineW
CreateFontW

ws2_32

WSASetLastError
ntohs
WSACleanup
WSAStartup
WSASend
WSAGetLastError
ioctlsocket
shutdown
select
listen
WSARecv
WSASocketW
setsockopt
WSAAddressToStringW
getaddrinfo
freeaddrinfo
ntohl
htonl
htons
__WSAFDIsSet
accept
bind
connect
getsockopt
getpeername
getsockname
WSAIoctl
closesocket

winmm

timeSetEvent
timeGetTime

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
StrStrW
PathIsDirectoryA
PathIsDirectoryW
StrStrA

advapi32

CryptEnumProvidersA
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6558d5497d5487887c93b14bda4f5b52

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ws2_32

winmm

shlwapi

advapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 234KB - Virtual size: 233KB

.data Size: 24KB - Virtual size: 416KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 234KB - Virtual size: 233KB

.data
Size: 24KB - Virtual size: 416KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 46KB - Virtual size: 45KB