ScreenShot
| Created | 2021.09.22 10:08 | Machine | s1_win7_x6401 |
| Filename | rollerkind.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 22 detected (malicious, high confidence, Unsafe, Save, Hacktool, confidence, Kryptik, Eldorado, Attribute, HighConfidence, CLASSIC, Static AI, Malicious PE, score, Artemis, Danabot, DZIC) | ||
| md5 | 5ee187036dfa9186004738b99c2b178f | ||
| sha256 | 6ed5c2256aac5654f708b39f82f40f29ebab155e0e7fd237db5d70903a240981 | ||
| ssdeep | 12288:cXQIrK0zEDXswNYUpVhAWdJXNw2otMQtHuCG8RgSA5EBaw:cXQIrry8wbVN0G6gb+1 | ||
| imphash | 98349bc8fa025f57a9d49df3092c15be | ||
| impfuzzy | 24:Qd4BrjgbOovgJXe5DYRTPvmuxrAKG1tD2wA+yvEFQh/J3vT42l9wjMynNp1G:lCqVvhPO4r3G1tSPH5vc2enhG | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 22 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Foreign language identified in PE resource |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x47b008 GetLocaleInfoA
0x47b00c LoadResource
0x47b010 EndUpdateResourceW
0x47b014 InterlockedDecrement
0x47b018 GlobalSize
0x47b01c GetEnvironmentStringsW
0x47b020 WaitForSingleObject
0x47b024 SetEvent
0x47b028 ReadConsoleW
0x47b02c FindActCtxSectionStringA
0x47b030 GetCommandLineA
0x47b034 GlobalAlloc
0x47b038 GetSystemWindowsDirectoryA
0x47b03c LeaveCriticalSection
0x47b040 ReleaseSemaphore
0x47b044 GetConsoleOutputCP
0x47b048 GetProcAddress
0x47b04c EnterCriticalSection
0x47b050 VerLanguageNameW
0x47b054 WriteConsoleA
0x47b058 GetProcessId
0x47b05c ProcessIdToSessionId
0x47b060 LockResource
0x47b064 BeginUpdateResourceA
0x47b068 GlobalGetAtomNameW
0x47b06c SetSystemTime
0x47b070 EnumResourceTypesW
0x47b074 GetModuleFileNameA
0x47b078 GetModuleHandleA
0x47b07c EraseTape
0x47b080 FindFirstVolumeW
0x47b084 AddConsoleAliasA
0x47b088 GetModuleFileNameW
0x47b08c GetSystemDefaultLangID
0x47b090 HeapAlloc
0x47b094 GetLastError
0x47b098 HeapReAlloc
0x47b09c GetStartupInfoA
0x47b0a0 RaiseException
0x47b0a4 RtlUnwind
0x47b0a8 TerminateProcess
0x47b0ac GetCurrentProcess
0x47b0b0 UnhandledExceptionFilter
0x47b0b4 SetUnhandledExceptionFilter
0x47b0b8 IsDebuggerPresent
0x47b0bc HeapFree
0x47b0c0 DeleteCriticalSection
0x47b0c4 VirtualFree
0x47b0c8 VirtualAlloc
0x47b0cc HeapCreate
0x47b0d0 GetModuleHandleW
0x47b0d4 Sleep
0x47b0d8 ExitProcess
0x47b0dc WriteFile
0x47b0e0 GetStdHandle
0x47b0e4 SetHandleCount
0x47b0e8 GetFileType
0x47b0ec SetFilePointer
0x47b0f0 FreeEnvironmentStringsA
0x47b0f4 GetEnvironmentStrings
0x47b0f8 FreeEnvironmentStringsW
0x47b0fc WideCharToMultiByte
0x47b100 TlsGetValue
0x47b104 TlsAlloc
0x47b108 TlsSetValue
0x47b10c TlsFree
0x47b110 InterlockedIncrement
0x47b114 SetLastError
0x47b118 GetCurrentThreadId
0x47b11c QueryPerformanceCounter
0x47b120 GetTickCount
0x47b124 GetCurrentProcessId
0x47b128 GetSystemTimeAsFileTime
0x47b12c InitializeCriticalSectionAndSpinCount
0x47b130 LoadLibraryA
0x47b134 SetStdHandle
0x47b138 GetConsoleCP
0x47b13c GetConsoleMode
0x47b140 FlushFileBuffers
0x47b144 HeapSize
0x47b148 GetCPInfo
0x47b14c GetACP
0x47b150 GetOEMCP
0x47b154 IsValidCodePage
0x47b158 WriteConsoleW
0x47b15c MultiByteToWideChar
0x47b160 LCMapStringA
0x47b164 LCMapStringW
0x47b168 GetStringTypeA
0x47b16c GetStringTypeW
0x47b170 CloseHandle
0x47b174 CreateFileA
USER32.dll
0x47b17c RealChildWindowFromPoint
GDI32.dll
0x47b000 GetCharWidth32A
EAT(Export Address Table) is none
KERNEL32.dll
0x47b008 GetLocaleInfoA
0x47b00c LoadResource
0x47b010 EndUpdateResourceW
0x47b014 InterlockedDecrement
0x47b018 GlobalSize
0x47b01c GetEnvironmentStringsW
0x47b020 WaitForSingleObject
0x47b024 SetEvent
0x47b028 ReadConsoleW
0x47b02c FindActCtxSectionStringA
0x47b030 GetCommandLineA
0x47b034 GlobalAlloc
0x47b038 GetSystemWindowsDirectoryA
0x47b03c LeaveCriticalSection
0x47b040 ReleaseSemaphore
0x47b044 GetConsoleOutputCP
0x47b048 GetProcAddress
0x47b04c EnterCriticalSection
0x47b050 VerLanguageNameW
0x47b054 WriteConsoleA
0x47b058 GetProcessId
0x47b05c ProcessIdToSessionId
0x47b060 LockResource
0x47b064 BeginUpdateResourceA
0x47b068 GlobalGetAtomNameW
0x47b06c SetSystemTime
0x47b070 EnumResourceTypesW
0x47b074 GetModuleFileNameA
0x47b078 GetModuleHandleA
0x47b07c EraseTape
0x47b080 FindFirstVolumeW
0x47b084 AddConsoleAliasA
0x47b088 GetModuleFileNameW
0x47b08c GetSystemDefaultLangID
0x47b090 HeapAlloc
0x47b094 GetLastError
0x47b098 HeapReAlloc
0x47b09c GetStartupInfoA
0x47b0a0 RaiseException
0x47b0a4 RtlUnwind
0x47b0a8 TerminateProcess
0x47b0ac GetCurrentProcess
0x47b0b0 UnhandledExceptionFilter
0x47b0b4 SetUnhandledExceptionFilter
0x47b0b8 IsDebuggerPresent
0x47b0bc HeapFree
0x47b0c0 DeleteCriticalSection
0x47b0c4 VirtualFree
0x47b0c8 VirtualAlloc
0x47b0cc HeapCreate
0x47b0d0 GetModuleHandleW
0x47b0d4 Sleep
0x47b0d8 ExitProcess
0x47b0dc WriteFile
0x47b0e0 GetStdHandle
0x47b0e4 SetHandleCount
0x47b0e8 GetFileType
0x47b0ec SetFilePointer
0x47b0f0 FreeEnvironmentStringsA
0x47b0f4 GetEnvironmentStrings
0x47b0f8 FreeEnvironmentStringsW
0x47b0fc WideCharToMultiByte
0x47b100 TlsGetValue
0x47b104 TlsAlloc
0x47b108 TlsSetValue
0x47b10c TlsFree
0x47b110 InterlockedIncrement
0x47b114 SetLastError
0x47b118 GetCurrentThreadId
0x47b11c QueryPerformanceCounter
0x47b120 GetTickCount
0x47b124 GetCurrentProcessId
0x47b128 GetSystemTimeAsFileTime
0x47b12c InitializeCriticalSectionAndSpinCount
0x47b130 LoadLibraryA
0x47b134 SetStdHandle
0x47b138 GetConsoleCP
0x47b13c GetConsoleMode
0x47b140 FlushFileBuffers
0x47b144 HeapSize
0x47b148 GetCPInfo
0x47b14c GetACP
0x47b150 GetOEMCP
0x47b154 IsValidCodePage
0x47b158 WriteConsoleW
0x47b15c MultiByteToWideChar
0x47b160 LCMapStringA
0x47b164 LCMapStringW
0x47b168 GetStringTypeA
0x47b16c GetStringTypeW
0x47b170 CloseHandle
0x47b174 CreateFileA
USER32.dll
0x47b17c RealChildWindowFromPoint
GDI32.dll
0x47b000 GetCharWidth32A
EAT(Export Address Table) is none