risepro | 2024-06-14_eaa5e540a49c4b73e83fb80f77170d05_magniber_revil

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-14_eaa5e540a49c4b73e83fb80f77170d05_magniber_revil
Size

4.3MB
MD5

eaa5e540a49c4b73e83fb80f77170d05
SHA1

84e538e0fc46191cece4538db5779d4b3046c83f
SHA256

d4a7db4db2e10b707db3d24e5958dc10d343a350f434d99efa81316963c7e72a
SHA512

500a9f35a348440696e0cde8a28b48b9ba52315d155af328668dde319f0825ca7664b03981aa3ae1fd3ba738d8059e792feeefdf52721d7b74489c25e4494bd3
SSDEEP

49152:TaRGf+GDHxuX1vKjxa1CPsFRuX35gZKUxT21HHF6c9OtutT/umjPzPE68C:TaAXHxuX1SjE17FRCgDx218mjgt

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-14_eaa5e540a49c4b73e83fb80f77170d05_magniber_revil

Files

2024-06-14_eaa5e540a49c4b73e83fb80f77170d05_magniber_revil
.exe windows:6 windows x86 arch:x86

0cc64d938b1dd8acbfc68cbd56373afa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\MBAM-Windows\N_MB5Uns\bin\Win32\Release\mb5uns.pdb

Imports

crypt32

CryptMsgClose
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CryptQueryObject

iphlpapi

GetAdaptersInfo

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentThreadId
SetLastError
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
LocalFree
FormatMessageW
LocalAlloc
Sleep
CallNamedPipeW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateMutexW
DecodePointer
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalFree
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
SetThreadUILanguage
GetSystemDirectoryW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
OpenProcess
K32GetModuleFileNameExA
WaitForSingleObject
GetExitCodeProcess
GetModuleFileNameA
GetTickCount
OutputDebugStringW
CreateFileW
SwitchToThread
GetTempPathW
CopyFileW
FlushFileBuffers
GetFileSizeEx
ReadFile
WriteFile
GetFileInformationByHandle
GetCurrentProcess
GetSystemInfo
GetCurrentThread
FileTimeToSystemTime
FindFirstFileW
GetFileAttributesW
CreateDirectoryW
HeapReAlloc
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
HeapAlloc
SetEndOfFile
FindNextFileW
FindClose
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
SetEvent
ResetEvent
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
DeleteFiber
GetFileType
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
GetThreadTimes
HeapDestroy
MulDiv
GetProcessHeap
HeapFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
AreFileApisANSI
GetFullPathNameW
FindFirstFileExW
GetStringTypeW
LoadLibraryExA
VirtualQuery
VirtualProtect

dwmapi

DwmGetWindowAttribute

bcrypt

BCryptGenRandom

ws2_32

WSAGetLastError
send
recv
WSASetLastError
closesocket
WSAStartup
WSACleanup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 660KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cc64d938b1dd8acbfc68cbd56373afa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

iphlpapi

kernel32

dwmapi

bcrypt

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 679KB - Virtual size: 678KB

.data Size: 36KB - Virtual size: 53KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 660KB - Virtual size: 664KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 679KB - Virtual size: 678KB

.data
Size: 36KB - Virtual size: 53KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 660KB - Virtual size: 664KB