risepro | 1180-3-0x0000000000D10000-0x00000000012F4000-memory[.]dmp | Triage

Sharing

General

Target

1180-3-0x0000000000D10000-0x00000000012F4000-memory.dmp
Size

5.9MB
MD5

c44315813380c8439c7b673d44bcfc0b
SHA1

c16a68fad47912dc3548ec615dc7904b86386f32
SHA256

c5cd4f3b56d59ff967f899056ea511499a58dfda665889a3f2f82fe23f53f885
SHA512

5c3c22121010751ac0f18b84bccf9dab81b8a698d45818006c9422d7170b4942ee2a0c7437ec3990930019d6b4ff1fd3a44fd182c0c4b478c8aa0fcd5a7b8de2
SSDEEP

98304:xmMlA35zKJ82byGQLUW1N6budAQ+1hdIPAigqmrvIw0MMqZGIFIO:YR35mJzb5QLUWnPAlR5MqkIO

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1180-3-0x0000000000D10000-0x00000000012F4000-memory.dmp

Files

1180-3-0x0000000000D10000-0x00000000012F4000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hlbbfytz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vgzecvox
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE