risepro | 468-3-0x0000000000460000-0x0000000000A61000-memory[.]dmp | Triage

Sharing

General

Target

468-3-0x0000000000460000-0x0000000000A61000-memory.dmp
Size

6.0MB
MD5

5f3dbac3a9e292ef438b0d5092172b26
SHA1

8c1dfd0a7ef2586040153310a21fa954ce17b2cf
SHA256

a94d0dafc2a10157904a8d778abac96f180c5fd376c22890f9d9dcc8f0ea5c7b
SHA512

6fbec1a3c01730487d88ca3069627e935d3694a280d16668e7c7ef5edd63a700f20a78fb8de379fcb834cc056e725263cb01c7e00ec1c91053efd009a783f068
SSDEEP

98304:t/YqBpDHbO+RNPsQL/GAdFGO/v7f2nnfMPMM3j421QF7fB29yDQa:pfpD7OKNkQL/GMLOnUMq421QFdHM

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
468-3-0x0000000000460000-0x0000000000A61000-memory.dmp

Files

468-3-0x0000000000460000-0x0000000000A61000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

moqcfnxn
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qdpuszua
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE