popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rollerkind.exe

Malicious Library UPX OS Processor Check PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Aug. 20, 2021, 9:14 a.m. Aug. 20, 2021, 9:55 a.m.
Size 561.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 b6b054b0a63ed8e89b4a55c1679b8743
SHA256 57df320d3530fe17721f6c50db2451e1791c2eba9634f4d07a7907f87ae0df95
CRC32 F8243BE0
ssdeep 12288:gqfhpDiL50b71oL5YCTs66/0V66qEmhKzFujjr4TbWVYD:Rhm0712LT070UVYD
PDB Path C:\zejutadifol hilo.pdb
Yara
  • PE_Header_Zero - PE File Signature
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

pdb_path C:\zejutadifol hilo.pdb
resource name None
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2212
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 442368
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x002ad000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2212
region_size: 847872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04500000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x00076800', u'virtual_address': u'0x00001000', u'entropy': 7.97771268987473, u'name': u'.text', u'virtual_size': u'0x00076780'} entropy 7.97771268987 description A section with a high entropy has been found
entropy 0.846428571429 description Overall entropy of this PE file is high
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
FireEye Generic.mg.b6b054b0a63ed8e8
McAfee Artemis!B6B054B0A63E
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056f9be1 )
K7GW Trojan ( 0056f9be1 )
CrowdStrike win/malicious_confidence_80% (D)
Cyren W32/Kryptik.EWJ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMDM
APEX Malicious
Kaspersky HEUR:Trojan.Win32.Zenpak.gen
Avast Win32:DropperX-gen [Drp]
Emsisoft Trojan.Agent (A)
McAfee-GW-Edition BehavesLike.Win32.Generic.hc
Sophos ML/PE-A + Troj/Krypt-W
Ikarus Trojan-Downloader.Win32.Zurgop
Gridinsoft Trojan.Win32.Packed.lu!heur
Microsoft Trojan:Win32/Sabsik.FL.B!ml
GData Win32.Trojan.Ilgergop.UNI2RA
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.MalPe.R426948
Acronis suspicious
VBA32 BScope.Trojan.Glupteba
Malwarebytes Trojan.MalPack.GS
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/GenKryptik.FJEX!tr
AVG Win32:DropperX-gen [Drp]
Panda Trj/Genetic.gen