risepro | 3928-3-0x0000000000240000-0x0000000000838000-memory[.]dmp | Triage

Sharing

General

Target

3928-3-0x0000000000240000-0x0000000000838000-memory.dmp
Size

6.0MB
MD5

b756bcc85c0e4771dd0475d8ff543b79
SHA1

cc64a7042cb1aebaaf827d32c9eda593e119687e
SHA256

86a625773d79ac15b3c76b8c5ebe5d7a9fbb9fb604ca142e125422a3d30562c0
SHA512

3f9c6be90deea402c7029d646bb57637a3814c9fe1121999ccefd5c0f6e726a4a7b39703c915224cced24ed850b12f7a5536ed0cf5fc4a40fbacc0d02d3de46e
SSDEEP

98304:rqwMlFrbAo+1j6qQLJGWhDCByLFuwyHkA2KsE7edoNvZ+Z+WduzlPAney9:ORFrUo2jRQLJGAau9E/vA+Ene

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3928-3-0x0000000000240000-0x0000000000838000-memory.dmp

Files

3928-3-0x0000000000240000-0x0000000000838000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

byjkugms
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mugkelwr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE