risepro | 2448-3-0x0000000000100000-0x00000000006F6000-memory[.]dmp | Triage

Sharing

General

Target

2448-3-0x0000000000100000-0x00000000006F6000-memory.dmp
Size

6.0MB
MD5

902fcc3a019a97b6c7ffa69bdfc91495
SHA1

8c81e65b21e611d20ebc5f5c790fc9bf5b61f1e3
SHA256

fea590a629ade80a88019fcdabc26e963852cec92c6f0c168800ee44b450ea99
SHA512

6099dabf03cee59009aead2649ddb2c660b6c0230b884b8914ea0d8f860d8950bf974670c8cef8dc2a89ee63ceeacf12002fe827c6aafe4695f4976811ac5fed
SSDEEP

98304:bJMwD2FTjwkipM51QL3mT0mNx3l2nqoFEdgPlNVpX79Z76ZxI4h674l:VX2FTkkSMDQL3m8nWilNVFxZWxI6l

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2448-3-0x0000000000100000-0x00000000006F6000-memory.dmp

Files

2448-3-0x0000000000100000-0x00000000006F6000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qxcwbkle
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtgudvmk
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE