risepro | 7b47d91b204712c06cbba805d3aa49d6[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

7b47d91b204712c06cbba805d3aa49d6.bin
Size

3.1MB
MD5

7b47d91b204712c06cbba805d3aa49d6
SHA1

e7bab8f723c7be21faa07423a01c13cf5d17ba2d
SHA256

185ee3b54aa88774cf711fc17315cc6ca9a2187be53671d68b18a65beb8d59cd
SHA512

0e84ce7a87170b80e4816bf1c074de2d2ec24dd88636208cd5e1cce215d7774b96a7c0e80b01035bcc6cacb548df927fa32b6e8ca2dcfe6ce31622be83f78f2b
SSDEEP

49152:WD+x4q0+9Zk83Cw1m7dNUT7KUI05KCbje/wufgSdSzmRO35:G+x4qXk0C+7JI05KCbK/DgSdSzA

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Files

7b47d91b204712c06cbba805d3aa49d6.bin
.exe windows:6 windows x86 arch:x86

242e30c470e6ff1b1f22b8e60ee59ec2

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2020 00:00

Not After

18-03-2045 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:c4:a9:5f:4e:fc:a2:96:97:d4:15:8a
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

23-02-2024 06:12

Not After

13-07-2024 08:28

Subject

CN=珠海市鸭嘴兽科技有限公司,O=珠海市鸭嘴兽科技有限公司,L=珠海市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:79:3d:52:17:84:d7:58:19:a8:f5:ed:b3:b6:9d:1e:d4:b8:92:fd:b2:02:80:2f:3f:90:ac:d0:fc:33:2e:7c
Signer

Actual PE Digest

2f:79:3d:52:17:84:d7:58:19:a8:f5:ed:b3:b6:9d:1e:d4:b8:92:fd:b2:02:80:2f:3f:90:ac:d0:fc:33:2e:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\github\wemu3\bin\wemu.pdb

Imports

kernel32

lstrcpyW
lstrcmpiW
GetNativeSystemInfo
GetTickCount64
GetProcessId
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
Sleep
FindNextFileW
FindFirstFileW
FindClose
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
CreateMutexW
ReleaseMutex
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteConsoleW
HeapSize
SetConsoleCtrlHandler
VirtualFree
VirtualAlloc
CreateProcessW
GetLastError
DuplicateHandle
GetModuleHandleA
OpenProcess
GetCurrentProcess
GetModuleHandleW
OutputDebugStringA
DeleteFileW
OutputDebugStringW
LoadLibraryW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WritePrivateProfileStringW
LCMapStringW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
lstrlenW
LoadLibraryA
GetProcAddress
InitializeCriticalSectionEx
GetPrivateProfileStringW
GetModuleFileNameW
WideCharToMultiByte
SystemTimeToFileTime
FileTimeToSystemTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetCurrentThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
CompareStringEx
GetLocaleInfoEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
EncodePointer
GetStringTypeW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
GetLocalTime
CloseHandle
WriteFile
SetFilePointer
GetExitCodeThread
SwitchToThread
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFilePointerEx
SetFileInformationByHandle
SetFileAttributesW
SetEndOfFile
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesExW
GetDiskFreeSpaceExW
FindFirstFileExW
FormatMessageA
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
lstrcpynW
RaiseException
DecodePointer
LocalFree
InitializeCriticalSectionAndSpinCount
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesW
MulDiv
ExitProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
GetACP
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
MultiByteToWideChar
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FormatMessageW
SetLastError
K32GetModuleFileNameExW
CreateFileW
ReadFile
GetFileSize
GetFileInformationByHandle
GetLocaleInfoW

user32

OffsetRect
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
MessageBoxW
GetAsyncKeyState
SetTimer
KillTimer
CharNextW
SetCursor
LoadCursorW
wsprintfW
PostMessageW
MessageBoxA
RegisterHotKey
UnregisterHotKey
GetParent
DefWindowProcW
RegisterClassW
FindWindowW
SetProcessDPIAware
ChangeWindowMessageFilter
RegisterWindowMessageW
AttachThreadInput
PostQuitMessage
CreateWindowExW
DestroyWindow
FlashWindow
FlashWindowEx
MoveWindow
GetWindowPlacement
IsWindowVisible
BringWindowToTop
IsZoomed
SetFocus
GetActiveWindow
GetFocus
SendInput
EnableWindow
GetSystemMetrics
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
InvalidateRect
GetWindowTextW
GetCursorPos
WindowFromPoint
SetParent
GetClassNameW
MapVirtualKeyExW
GetKeyNameTextW
GetWindowRect
DrawTextA
wsprintfA
GetWindowTextLengthW
SetWindowPos
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
MonitorFromPoint
UnregisterClassW
GetWindowRgn
UpdateLayeredWindow
LoadIconW
LoadStringW
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
AdjustWindowRectEx
GetPropW
SetPropW
GetMenu
GetClassInfoExW
RegisterClassExW
CallWindowProcW
GetMonitorInfoW
MonitorFromWindow
FillRect
LoadImageW
GetWindow
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
GetSysColor
MapWindowPoints
ScreenToClient
TrackPopupMenu
GetClientRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
GetKeyState
IsIconic
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
UnionRect
InflateRect
GetWindowThreadProcessId
SetWinEventHook
ShowWindow
IsChild
IsWindow
GetDesktopWindow
IntersectRect
SetRect
EqualRect
IsWindowEnabled
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
SetWindowRgn
UpdateWindow
CharPrevW
SetWindowTextW
DrawTextW
GetKeyboardLayout

gdi32

CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps
CreatePenIndirect
AddFontMemResourceEx
RemoveFontMemResourceEx
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
BitBlt
CreateSolidBrush
LineTo
GetTextExtentPoint32W
DeleteObject
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
GetStockObject
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
CreatePatternBrush
PtInRegion
CreateRectRgn
GdiFlush
TextOutW
MoveToEx
GetObjectA
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn

comdlg32

GetSaveFileNameW

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
DragQueryFileW
Shell_NotifyIconW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
CoUninitialize
CoInitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
CreateStreamOnHGlobal
OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop

oleaut32

VariantInit
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocString
SysFreeString
VariantClear

crypt32

CertOpenStore
CertFreeCertificateChain
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertCloseStore
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine

normaliz

IdnToAscii

ws2_32

bind
connect
getsockname
htonl
listen
select
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
gethostbyname
WSAEnumNetworkEvents
accept
WSACreateEvent
WSACloseEvent
send
recv
getsockopt

wldap32

ord30
ord79
ord35
ord200
ord301
ord32
ord27
ord22
ord41
ord50
ord45
ord60
ord211
ord33
ord46
ord217
ord143
ord26

comctl32

_TrackMouseEvent
InitCommonControlsEx
ord17

gdiplus

GdipCreateBitmapFromScan0
GdipDrawLine
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDrawString
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipFillRectangleI
GdipFillEllipseI
GdipFillPieI
GdiplusStartup
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipSetPenDashStyle
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetWorldTransform
GdipResetWorldTransform
GdipDrawRectangleI
GdipDrawPath
GdipFillPath
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipSetPenStartCap
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipCreatePen2
GdipSetPenEndCap

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

sqlite3

sqlite3_prepare_v2
sqlite3_step
sqlite3_column_int
sqlite3_column_text
sqlite3_finalize
sqlite3_exec
sqlite3_last_insert_rowid
sqlite3_open
sqlite3_bind_int
sqlite3_close
sqlite3_bind_text
sqlite3_column_int64
sqlite3_errmsg

shlwapi

PathFileExistsA
SHCreateStreamOnFileW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

242e30c470e6ff1b1f22b8e60ee59ec2

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

50:c4:a9:5f:4e:fc:a2:96:97:d4:15:8aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2f:79:3d:52:17:84:d7:58:19:a8:f5:ed:b3:b6:9d:1e:d4:b8:92:fd:b2:02:80:2f:3f:90:ac:d0:fc:33:2e:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

crypt32

normaliz

ws2_32

wldap32

comctl32

gdiplus

imm32

version

iphlpapi

sqlite3

shlwapi

bcrypt

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 404KB - Virtual size: 403KB

.data Size: 17KB - Virtual size: 39KB

.rsrc Size: 634KB - Virtual size: 634KB

.reloc Size: 100KB - Virtual size: 100KB

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

50:c4:a9:5f:4e:fc:a2:96:97:d4:15:8a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2f:79:3d:52:17:84:d7:58:19:a8:f5:ed:b3:b6:9d:1e:d4:b8:92:fd:b2:02:80:2f:3f:90:ac:d0:fc:33:2e:7c
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 404KB - Virtual size: 403KB

.data
Size: 17KB - Virtual size: 39KB

.rsrc
Size: 634KB - Virtual size: 634KB

.reloc
Size: 100KB - Virtual size: 100KB