ScreenShot
| Created | 2021.08.20 09:37 | Machine | s1_win7_x6401 |
| Filename | rollerkind2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 33 detected (AIDetect, malware2, malicious, high confidence, Unsafe, Save, Kryptik, Eldorado, Attribute, HighConfidence, HMDM, FileRepMalware, A + Troj, Krypt, Static AI, Suspicious PE, susgen, Sabsik, Ilgergop, CLSXAU, score, MalPe, R426948, BScope, Glupteba, Zurgop, confidence) | ||
| md5 | 8592015a4beab9f11614e49ae3080bbb | ||
| sha256 | c44003fda460e601c0d058ae28985cc89eff6db2bb3f14c033ee44a6f26f33b4 | ||
| ssdeep | 12288:pqf8F6FnR+NE8/dMCqFaMZ7Iud8gNsswi8HY1s81GrD:28FuR+NEEGFaMhIudBNn28MrD | ||
| imphash | 9e6cdfd867cec1c30d2ae8894f290a78 | ||
| impfuzzy | 24:KbkD20ZZkrkRr1F/xQIIV4FP7SdcKcDSvpX8Q+Hbhu/WgY25tTecdYSJ3nplOuOk:VZmq/jTSdHlTWgY25tTecJpkuuHGAs | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 33 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x478008 WriteConsoleOutputW
0x47800c InterlockedIncrement
0x478010 GetConsoleAliasA
0x478014 InterlockedDecrement
0x478018 GetSystemWindowsDirectoryW
0x47801c GetEnvironmentStringsW
0x478020 GetUserDefaultLCID
0x478024 SetEvent
0x478028 GetConsoleAliasesLengthA
0x47802c GetConsoleTitleA
0x478030 CreateActCtxW
0x478034 InitializeCriticalSection
0x478038 GetConsoleCP
0x47803c GlobalAlloc
0x478040 GetSystemDirectoryW
0x478044 GetFileAttributesA
0x478048 lstrcpynW
0x47804c SetConsoleCursorPosition
0x478050 HeapQueryInformation
0x478054 WritePrivateProfileSectionW
0x478058 IsBadWritePtr
0x47805c GetModuleFileNameW
0x478060 GetCompressedFileSizeA
0x478064 CreateFileW
0x478068 lstrcatA
0x47806c GetACP
0x478070 lstrlenW
0x478074 EnumDateFormatsExW
0x478078 VerifyVersionInfoW
0x47807c InterlockedExchange
0x478080 GetCPInfoExW
0x478084 FillConsoleOutputCharacterW
0x478088 GetLastError
0x47808c GetProcAddress
0x478090 PeekConsoleInputW
0x478094 CreateTimerQueueTimer
0x478098 LocalLock
0x47809c GetConsoleDisplayMode
0x4780a0 EnterCriticalSection
0x4780a4 SetTimerQueueTimer
0x4780a8 GetLocalTime
0x4780ac WriteConsoleA
0x4780b0 DeleteTimerQueue
0x4780b4 DnsHostnameToComputerNameA
0x4780b8 BeginUpdateResourceA
0x4780bc GlobalGetAtomNameW
0x4780c0 WaitForMultipleObjects
0x4780c4 SetEnvironmentVariableA
0x4780c8 GetModuleFileNameA
0x4780cc GetModuleHandleA
0x4780d0 EraseTape
0x4780d4 EndUpdateResourceA
0x4780d8 ReadConsoleInputW
0x4780dc FindFirstVolumeW
0x4780e0 GetCurrentProcessId
0x4780e4 AreFileApisANSI
0x4780e8 LCMapStringW
0x4780ec FlushFileBuffers
0x4780f0 LCMapStringA
0x4780f4 GetStringTypeW
0x4780f8 UnhandledExceptionFilter
0x4780fc SetUnhandledExceptionFilter
0x478100 HeapAlloc
0x478104 GetModuleHandleW
0x478108 Sleep
0x47810c ExitProcess
0x478110 GetStartupInfoW
0x478114 WriteFile
0x478118 GetStdHandle
0x47811c DeleteCriticalSection
0x478120 LeaveCriticalSection
0x478124 HeapFree
0x478128 VirtualFree
0x47812c VirtualAlloc
0x478130 HeapReAlloc
0x478134 HeapCreate
0x478138 TlsGetValue
0x47813c TlsAlloc
0x478140 TlsSetValue
0x478144 TlsFree
0x478148 SetLastError
0x47814c GetCurrentThreadId
0x478150 TerminateProcess
0x478154 GetCurrentProcess
0x478158 IsDebuggerPresent
0x47815c LoadLibraryA
0x478160 InitializeCriticalSectionAndSpinCount
0x478164 FreeEnvironmentStringsW
0x478168 GetCommandLineW
0x47816c SetHandleCount
0x478170 GetFileType
0x478174 GetStartupInfoA
0x478178 QueryPerformanceCounter
0x47817c GetTickCount
0x478180 GetSystemTimeAsFileTime
0x478184 RaiseException
0x478188 RtlUnwind
0x47818c GetCPInfo
0x478190 GetOEMCP
0x478194 IsValidCodePage
0x478198 HeapSize
0x47819c GetLocaleInfoA
0x4781a0 WideCharToMultiByte
0x4781a4 GetStringTypeA
0x4781a8 MultiByteToWideChar
USER32.dll
0x4781b0 RealGetWindowClassA
ADVAPI32.dll
0x478000 AdjustTokenGroups
EAT(Export Address Table) Library
0x401003 @GetAnotherVice@12
0x401000 @SetFirstEverVice@4
KERNEL32.dll
0x478008 WriteConsoleOutputW
0x47800c InterlockedIncrement
0x478010 GetConsoleAliasA
0x478014 InterlockedDecrement
0x478018 GetSystemWindowsDirectoryW
0x47801c GetEnvironmentStringsW
0x478020 GetUserDefaultLCID
0x478024 SetEvent
0x478028 GetConsoleAliasesLengthA
0x47802c GetConsoleTitleA
0x478030 CreateActCtxW
0x478034 InitializeCriticalSection
0x478038 GetConsoleCP
0x47803c GlobalAlloc
0x478040 GetSystemDirectoryW
0x478044 GetFileAttributesA
0x478048 lstrcpynW
0x47804c SetConsoleCursorPosition
0x478050 HeapQueryInformation
0x478054 WritePrivateProfileSectionW
0x478058 IsBadWritePtr
0x47805c GetModuleFileNameW
0x478060 GetCompressedFileSizeA
0x478064 CreateFileW
0x478068 lstrcatA
0x47806c GetACP
0x478070 lstrlenW
0x478074 EnumDateFormatsExW
0x478078 VerifyVersionInfoW
0x47807c InterlockedExchange
0x478080 GetCPInfoExW
0x478084 FillConsoleOutputCharacterW
0x478088 GetLastError
0x47808c GetProcAddress
0x478090 PeekConsoleInputW
0x478094 CreateTimerQueueTimer
0x478098 LocalLock
0x47809c GetConsoleDisplayMode
0x4780a0 EnterCriticalSection
0x4780a4 SetTimerQueueTimer
0x4780a8 GetLocalTime
0x4780ac WriteConsoleA
0x4780b0 DeleteTimerQueue
0x4780b4 DnsHostnameToComputerNameA
0x4780b8 BeginUpdateResourceA
0x4780bc GlobalGetAtomNameW
0x4780c0 WaitForMultipleObjects
0x4780c4 SetEnvironmentVariableA
0x4780c8 GetModuleFileNameA
0x4780cc GetModuleHandleA
0x4780d0 EraseTape
0x4780d4 EndUpdateResourceA
0x4780d8 ReadConsoleInputW
0x4780dc FindFirstVolumeW
0x4780e0 GetCurrentProcessId
0x4780e4 AreFileApisANSI
0x4780e8 LCMapStringW
0x4780ec FlushFileBuffers
0x4780f0 LCMapStringA
0x4780f4 GetStringTypeW
0x4780f8 UnhandledExceptionFilter
0x4780fc SetUnhandledExceptionFilter
0x478100 HeapAlloc
0x478104 GetModuleHandleW
0x478108 Sleep
0x47810c ExitProcess
0x478110 GetStartupInfoW
0x478114 WriteFile
0x478118 GetStdHandle
0x47811c DeleteCriticalSection
0x478120 LeaveCriticalSection
0x478124 HeapFree
0x478128 VirtualFree
0x47812c VirtualAlloc
0x478130 HeapReAlloc
0x478134 HeapCreate
0x478138 TlsGetValue
0x47813c TlsAlloc
0x478140 TlsSetValue
0x478144 TlsFree
0x478148 SetLastError
0x47814c GetCurrentThreadId
0x478150 TerminateProcess
0x478154 GetCurrentProcess
0x478158 IsDebuggerPresent
0x47815c LoadLibraryA
0x478160 InitializeCriticalSectionAndSpinCount
0x478164 FreeEnvironmentStringsW
0x478168 GetCommandLineW
0x47816c SetHandleCount
0x478170 GetFileType
0x478174 GetStartupInfoA
0x478178 QueryPerformanceCounter
0x47817c GetTickCount
0x478180 GetSystemTimeAsFileTime
0x478184 RaiseException
0x478188 RtlUnwind
0x47818c GetCPInfo
0x478190 GetOEMCP
0x478194 IsValidCodePage
0x478198 HeapSize
0x47819c GetLocaleInfoA
0x4781a0 WideCharToMultiByte
0x4781a4 GetStringTypeA
0x4781a8 MultiByteToWideChar
USER32.dll
0x4781b0 RealGetWindowClassA
ADVAPI32.dll
0x478000 AdjustTokenGroups
EAT(Export Address Table) Library
0x401003 @GetAnotherVice@12
0x401000 @SetFirstEverVice@4