Win32[.]RisePro[.]b[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

Win32.RisePro.b.7z
Size

86.9MB
MD5

f7bb7295336d27fa9c400de44e9d2865
SHA1

9a9b4b194bd0e716f57006875131214918bcece6
SHA256

b2bc73e8be2ce4c4fa2ece4694f8d707a8529572d98948dd0a79dc882a028717
SHA512

4c4454980c2e0397ed1e28ab1f5d5743e1cb6487a573274f99d9a901d44081977d374ef673cb0c239c37a034fea7ce2f65ea018e98c5d0c4eed611089018db1f
SSDEEP

1572864:qlhpv/OUiqHb9OFEFseUVN3yBZ47dr1o2PqDNcFTKhLyPxx//lBCkbCFee:ql7OUpZOFAseUj3VRMO5emznlo9Me

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Win32.RisePro.b/Panel/RisePro_Server.exe
unpack001/Win32.RisePro.b/Proxy/RisePro_Proxy.exe

Files

Win32.RisePro.b.7z
.7z

Password: infected
Win32.RisePro.b/Panel/RisePro_Server.exe
.exe windows:6 windows x86 arch:x86

Password: infected

b42aa69409fff273c6ce70741b4db5cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

crypt32

CryptStringToBinaryA

ws2_32

accept

mswsock

AcceptEx

advapi32

CryptReleaseContext

ole32

CoGetObjectContext

user32

CharUpperBuffW

Exports

Exports

�� k�^ˋ�%��<�7�'��8�r��>��ҝ��09��l��Pg3SUψ�d�� z�_8�%�E��q�mm�|4��h=��D��U2Kռ�/��꺭�0��8��j~K��\V:�@cW��Ŏ��h�ܟCP��X��XX�H2j��F_�a>v�w��D��Jr�R �cc��r$�n�*]uG1��Uܳ~;�5��ۡ\�Ԓ�{��hILb�n�T�nMp4��!�^�-�+3L\]\�'��:��a��u��O<_b��GJ|�3н&��5\�8@�:�9��w1��ׅ�;8Y�UCw�^�� %��pG�s��qƢh|��n��MĖ�s^��B�,y�i��$b0��d/�UN ��"�Ig[y_t�5ty�S�/YW=rB\� G�M��q?˾^t�Bq��I��_�� =��t��\�Oz��A�Q�9U2z��ppF5��>.��UaPx��_?u1��yV��"��Q�� 8L��}�r��-/�؜��U��y��DfƂ磺+�%�T�iw��[�"!q.�y��?vo+��;Q�� p(��6w��.��.�F.��f��p��p;��R]w��s�RI�M��.k��Bb��h}\Ő�x:"��ܣ��b��g��q�~a�*��n��s��3c/��,��هĖ1�B�}�7��)�6�m��S�$?H�:��kP��C��{j�z�\=�{�}��MS��1��ZB�ɀs�,�� i��Aj�<a��=�ӌ�L��j�R�W�±7�\*��#pY>��q\WB��n$��s�q��\�J��(o��/��Q�o+��u�?�;��!�j��5�`͞Oʆ}@��"��)�10 k`�J�϶EMc�O��׀p��;E6�l��س�T�}��$�W �Qm�qA�?M��T�eJ�<�@��^�MP�?!�J�%��+àf�Dv�u��~/�v��*Ҕi��?�� _ֿ��M��*O�O�y��ʅnaڠ��}H��,c�X@��B=��$�z�b��}ޯ!�TEm��Ք<�Q�%�^�Y�B��V��T��M�w��G?=�~� ��^��.07�ĭ�f*�3��Y�1t�Nd}�凝�)�u�Kw'\��l��m��+1��b�Pe썴H��n� ��P])��/��D�.�"��?Ý5]E��'vqpO�u�}��Ғd�lh��2��r��9�r⯍AZ� k)�w L��.�NQ�$+��=zty�A�W#V�M��@�ٿ��+�xP��#K�!�r��B D�~�l崥֧��Z{�:��]��V��Ѕ��Y�BPiP�oOm߽�i�_i^�9%�� X�'rV��m�i<�M6�;��%�?8�(Z��uG�OIq��PW��d�fe��`��L/W�Lጫ;��1�\~x6�I��~��~��0�x)�rm�h_:ˬ>��~*�h�3L?"#Ž�K��[D�II�z�%FP�qϱd(M4כS��U��s&t"EI\Έ��$��Mdz��(��˭L ��8?k�H]8��D��&��DOt�h��O��o��b�ƃ��!�$��d|E`i�z��*��U�D�٭�J7v��նe)��?J"|�h��#��k⢀,I��H�O��u��#9��:��(�Z��r�H��T*��,y�۩��`�(�X�D�|?�{�;�$�~�u��[� �ė��e��;�^M��1L�{�a ��9�;��}5��^��3I��玄r��d� iP �C܍v� ��8¢��I�"P��pA��٨yy/q>��k��b��D��d��,��H�4��& ^+E��۶��Uq��H�[��P��ILTȲ��a2��C�B��Y[�� O�-,�z4y� ƾ�U��H��6=jS)�+Ry(3�\v�g�=�SAW�y��gg�%�2�R��v��Gq��9�&��բ/k��yZP��Ec��v��G�~Oϧ�"�P��|��`&r�I��vn��2�l�M*��[�0�o��f;5[SɻV�Q'j��F'�{��Gs )-��)zp��Km��?ړ<��2��4��(�̀yi$9A��~Vhiw3=C{.��Y�H�mk��+��!D��;;�F��W�9bܤ��-��m� ��鱟��Wڑ��IT��n��0<��jۃ��=��j��5F��s>e5��j�b#� ��t��C� >�-a@��%>�M��9> �N��]A^� �'�.�� :w��5�"��,E�Ts��]��]�~.�YB�N��~@Y�� }1l�r�:��z:��pǸM��Yˢm� ��z*��R��p��}e�`�>��$��ܭ�xfߑ*�T f+'a��]yaK��矂�-�nϻ�iw�� |a\?�dsɿ!߹g��w�mA0j��A��H��\��:b.U;��uRO��﨩*Д��ε4��֧c8�c�ۼn� ��0hޑ[#��?J±��v�{$��lJ��g��9��q.j?@�e�{V&�K�B��7��d��D��>m��\�.H�fW��X��I��7vֲZN�}(�=7K�W�/��o�*��"�;��cE{��=��5ɨ;$9�L5< ,��f�LX��=��ǖ�p��&��F�ci��P��x�1Bp�Dkj�SDr��%g�T8�ek9�<ЍZ��Ả%Y}��P+�rv,c�� G]��mƄ��K��g=�ɘ��.�&��lY�,�

Sections

.text
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rise0
Size: - Virtual size: 55.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rise1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rise2
Size: 56.6MB - Virtual size: 56.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 953KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win32.RisePro.b/Proxy/RisePro_Proxy.exe
.exe windows:6 windows x86 arch:x86

Password: infected

b02fd4f5b1351767e8d8192825f85ca0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\Стил\RisePro_Proxy\Release\RisePro_Proxy.pdb

Imports

kernel32

HeapFree
SetConsoleTitleA
GetCommandLineA
Sleep
CloseHandle
CreateThread
HeapAlloc
ExitProcess
SetConsoleCP
GetProcessHeap
CreateProcessA
SetConsoleOutputCP
SetUnhandledExceptionFilter
HeapSize
CreateFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
WriteFile
GetCommandLineW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
OutputDebugStringW
SetEndOfFile

ws2_32

accept
bind
closesocket
listen
getaddrinfo
WSAStartup
getpeername
WSACleanup
socket
connect
inet_ntoa
recv
freeaddrinfo
setsockopt
WSAGetLastError
send

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.RisePro.b/Proxy/rise_settings.json
Win32.RisePro.b/Tools/ChromeSetup.exe
.exe windows:5 windows x86 arch:x86

Password: infected

d6d33cfa83489bf5ba9c5b52261af2b7

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-11-2019 00:00

Not After

16-11-2022 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01-01-2013 10:00

Not After

01-04-2013 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02-07-2021 00:00

Not After

10-07-2024 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:4b:5c:2e:58:65:b1:82:a3:50:b9:cc:6e:b2:41:56:5e:77:31:4a:0c:e3:a3:f7:3c:12:49:3f:58:8f:03:eb
Signer

Actual PE Digest

0d:4b:5c:2e:58:65:b1:82:a3:50:b9:cc:6e:b2:41:56:5e:77:31:4a:0c:e3:a3:f7:3c:12:49:3f:58:8f:03:eb

Digest Algorithm

sha256

PE Digest Matches

true

bb:49:97:b9:a2:ce:22:5e:c2:97:78:65:a2:40:f7:29:98:33:b0:c9
Signer

Actual PE Digest

bb:49:97:b9:a2:ce:22:5e:c2:97:78:65:a2:40:f7:29:98:33:b0:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TEST_mi_exe_stub.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
OutputDebugStringW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadFile
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
GetExitCodeProcess
CreateProcessW
WaitForSingleObject
SetFilePointer
CreateDirectoryW
SizeofResource
RemoveDirectoryW
GetTempPathW
FormatMessageW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
HeapDestroy
LocalFree
VerSetConditionMask
CopyFileW
VerifyVersionInfoW
GetTempFileNameW
lstrcmpiW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery

shlwapi

PathQuoteSpacesW
PathAppendW

ole32

CoUninitialize
CoInitializeEx

shell32

SHGetFolderPathW
ord680

user32

MessageBoxW
CharLowerBuffW

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.RisePro.b/Tools/VC_redist.x64.exe
.exe windows:5 windows x86 arch:x86

Password: infected

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe
Signer

Actual PE Digest

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.RisePro.b/Tools/VC_redist.x86.exe
.exe windows:5 windows x86 arch:x86

Password: infected

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-02-2023 20:10

Not After

31-01-2024 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:5c:d4:22:f5:74:09:03:cd:1b:9a:6d:39:b1:35:ed:bd:89:e8:11:53:95:bf:00:ab:81:6b:93:f4:32:13:91
Signer

Actual PE Digest

cc:5c:d4:22:f5:74:09:03:cd:1b:9a:6d:39:b1:35:ed:bd:89:e8:11:53:95:bf:00:ab:81:6b:93:f4:32:13:91

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Win32.RisePro.b/[ENG] FAQ.docx
.docx office2007
Win32.RisePro.b/[ENG] Readme.txt
Win32.RisePro.b/[RUS] FAQ.docx
.docx office2007
Win32.RisePro.b/[RUS] Readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b42aa69409fff273c6ce70741b4db5cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

ws2_32

mswsock

advapi32

ole32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 5.5MB

.rdata Size: - Virtual size: 552KB

.data Size: - Virtual size: 126KB

.rise0 Size: - Virtual size: 55.6MB

.rise1 Size: 2KB - Virtual size: 1KB

.rise2 Size: 56.6MB - Virtual size: 56.6MB

.rsrc Size: 953KB - Virtual size: 952KB

Password: infected

b02fd4f5b1351767e8d8192825f85ca0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 71KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 11KB - Virtual size: 11KB

Password: infected

d6d33cfa83489bf5ba9c5b52261af2b7

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0d:4b:5c:2e:58:65:b1:82:a3:50:b9:cc:6e:b2:41:56:5e:77:31:4a:0c:e3:a3:f7:3c:12:49:3f:58:8f:03:ebSigner

bb:49:97:b9:a2:ce:22:5e:c2:97:78:65:a2:40:f7:29:98:33:b0:c9Signer

.text
Size: - Virtual size: 5.5MB

.rdata
Size: - Virtual size: 552KB

.data
Size: - Virtual size: 126KB

.rise0
Size: - Virtual size: 55.6MB

.rise1
Size: 2KB - Virtual size: 1KB

.rise2
Size: 56.6MB - Virtual size: 56.6MB

.rsrc
Size: 953KB - Virtual size: 952KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 11KB - Virtual size: 11KB

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

01
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0d:4b:5c:2e:58:65:b1:82:a3:50:b9:cc:6e:b2:41:56:5e:77:31:4a:0c:e3:a3:f7:3c:12:49:3f:58:8f:03:eb
Signer

bb:49:97:b9:a2:ce:22:5e:c2:97:78:65:a2:40:f7:29:98:33:b0:c9
Signer

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 4KB - Virtual size: 4KB

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ad:6a:d1:8f:ba:07:71:a5:ec:f5:69:52:a1:7d:d5:39:3f:75:0e:a0:5f:29:5c:1e:e7:1e:d4:4b:3b:68:53:fe
Signer

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 2KB - Virtual size: 5KB

.wixburn
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 224B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 15KB - Virtual size: 15KB

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

cc:5c:d4:22:f5:74:09:03:cd:1b:9a:6d:39:b1:35:ed:bd:89:e8:11:53:95:bf:00:ab:81:6b:93:f4:32:13:91
Signer

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 123KB - Virtual size: 122KB