risepro | 4556-3-0x0000000000760000-0x0000000000D66000-memory[.]dmp | Triage

Sharing

General

Target

4556-3-0x0000000000760000-0x0000000000D66000-memory.dmp
Size

6.0MB
MD5

129bf01a6f980073c52021c63dc1780b
SHA1

5a489291a9e13c9c66edfe03d7f6618002d775bb
SHA256

3edb3992eb117161828f355d6092f9895a82f754fa7797770a165fd1ae3efdb3
SHA512

1ca8b65b694efaf44a0ac2381c4a229b8834ba4e76b82d3c09290920018ba5fa44c6595a7dc2f3a4c6e40eedc1f02fc28abe96c072b3a28700ff7968152183d4
SSDEEP

98304:XJOaGpDnvewGfClQLimJF5JWmbxUPq+kR0ZWBajE2/VZ3xw66gxTj3XVUzke:ZOpDvePf2QLimpEcagoK6R7+z

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4556-3-0x0000000000760000-0x0000000000D66000-memory.dmp

Files

4556-3-0x0000000000760000-0x0000000000D66000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oqguwdrt
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gazzngxj
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE