ScreenShot
| Created | 2021.10.08 12:05 | Machine | s1_win7_x6401 |
| Filename | rollerkind2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 19 detected (AIDetect, malware1, malicious, high confidence, Save, Attribute, HighConfidence, Generic@ML, RDML, ZygYgG0GRjTERe9mSDnvKQ, Ranumbot, Unsafe, Score, Artemis, Static AI, Malicious PE, confidence, 100%) | ||
| md5 | d3b22e04e71c617eb8ce39e91803088c | ||
| sha256 | a133b658f56591b3635fa7cac296749927319fd25c50780692f9693d1be46216 | ||
| ssdeep | 12288:6VtsJ6Q6w3HRAq91ZczcaWQN68Syc/fcNaFyphYUPXDWAW:6VtIR3Ht91+rW/7pfrMpdXy7 | ||
| imphash | be06676f0b26f3557b735abbe8be48ec | ||
| impfuzzy | 24:bhkE1u/8UrFdEDGOWz5rbRk1bkfcjlpOqGXldtsFHRyvpJ3vT0ZrtjMnR:bh8/v5dsmZfcaqGXDtsErvAZo | ||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| watch | File has been identified by 19 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x47d000 HeapReAlloc
0x47d004 lstrlenA
0x47d008 GetLocaleInfoA
0x47d00c EndUpdateResourceW
0x47d010 GetQueuedCompletionStatus
0x47d014 SetEvent
0x47d018 BackupSeek
0x47d01c GetConsoleTitleA
0x47d020 ReadConsoleW
0x47d024 WriteFile
0x47d028 CreateActCtxW
0x47d02c InitializeCriticalSection
0x47d030 GetEnvironmentStrings
0x47d034 InitAtomTable
0x47d038 HeapDestroy
0x47d03c FindNextVolumeW
0x47d040 IsProcessorFeaturePresent
0x47d044 GetFileAttributesW
0x47d048 GetModuleFileNameW
0x47d04c DeactivateActCtx
0x47d050 InterlockedExchange
0x47d054 GetProcAddress
0x47d058 BeginUpdateResourceW
0x47d05c PrepareTape
0x47d060 GetProcessVersion
0x47d064 WriteConsoleA
0x47d068 LocalAlloc
0x47d06c RemoveDirectoryW
0x47d070 SetConsoleWindowInfo
0x47d074 GetModuleHandleA
0x47d078 VirtualProtect
0x47d07c SetProcessShutdownParameters
0x47d080 ReleaseMutex
0x47d084 GetCurrentProcessId
0x47d088 FindNextVolumeA
0x47d08c lstrcpyA
0x47d090 WriteConsoleW
0x47d094 ReadFile
0x47d098 WideCharToMultiByte
0x47d09c InterlockedIncrement
0x47d0a0 InterlockedDecrement
0x47d0a4 InterlockedCompareExchange
0x47d0a8 MultiByteToWideChar
0x47d0ac GetStringTypeW
0x47d0b0 EncodePointer
0x47d0b4 DecodePointer
0x47d0b8 Sleep
0x47d0bc DeleteCriticalSection
0x47d0c0 EnterCriticalSection
0x47d0c4 LeaveCriticalSection
0x47d0c8 GetLastError
0x47d0cc HeapFree
0x47d0d0 GetCommandLineW
0x47d0d4 HeapSetInformation
0x47d0d8 GetStartupInfoW
0x47d0dc GetCPInfo
0x47d0e0 RaiseException
0x47d0e4 RtlUnwind
0x47d0e8 HeapAlloc
0x47d0ec LCMapStringW
0x47d0f0 HeapCreate
0x47d0f4 InitializeCriticalSectionAndSpinCount
0x47d0f8 UnhandledExceptionFilter
0x47d0fc SetUnhandledExceptionFilter
0x47d100 IsDebuggerPresent
0x47d104 TerminateProcess
0x47d108 GetCurrentProcess
0x47d10c SetFilePointer
0x47d110 GetModuleHandleW
0x47d114 ExitProcess
0x47d118 GetStdHandle
0x47d11c FreeEnvironmentStringsW
0x47d120 GetEnvironmentStringsW
0x47d124 SetHandleCount
0x47d128 GetFileType
0x47d12c TlsAlloc
0x47d130 TlsGetValue
0x47d134 TlsSetValue
0x47d138 TlsFree
0x47d13c SetLastError
0x47d140 GetCurrentThreadId
0x47d144 QueryPerformanceCounter
0x47d148 GetTickCount
0x47d14c GetSystemTimeAsFileTime
0x47d150 GetLocaleInfoW
0x47d154 HeapSize
0x47d158 GetACP
0x47d15c GetOEMCP
0x47d160 IsValidCodePage
0x47d164 GetUserDefaultLCID
0x47d168 EnumSystemLocalesA
0x47d16c IsValidLocale
0x47d170 CloseHandle
0x47d174 CreateFileA
0x47d178 SetStdHandle
0x47d17c GetConsoleCP
0x47d180 GetConsoleMode
0x47d184 FlushFileBuffers
0x47d188 LoadLibraryW
0x47d18c SetEndOfFile
0x47d190 GetProcessHeap
0x47d194 CreateFileW
EAT(Export Address Table) Library
0x4015d6 @GetFirstVice@8
0x4015df @SetViceVariants@12
KERNEL32.dll
0x47d000 HeapReAlloc
0x47d004 lstrlenA
0x47d008 GetLocaleInfoA
0x47d00c EndUpdateResourceW
0x47d010 GetQueuedCompletionStatus
0x47d014 SetEvent
0x47d018 BackupSeek
0x47d01c GetConsoleTitleA
0x47d020 ReadConsoleW
0x47d024 WriteFile
0x47d028 CreateActCtxW
0x47d02c InitializeCriticalSection
0x47d030 GetEnvironmentStrings
0x47d034 InitAtomTable
0x47d038 HeapDestroy
0x47d03c FindNextVolumeW
0x47d040 IsProcessorFeaturePresent
0x47d044 GetFileAttributesW
0x47d048 GetModuleFileNameW
0x47d04c DeactivateActCtx
0x47d050 InterlockedExchange
0x47d054 GetProcAddress
0x47d058 BeginUpdateResourceW
0x47d05c PrepareTape
0x47d060 GetProcessVersion
0x47d064 WriteConsoleA
0x47d068 LocalAlloc
0x47d06c RemoveDirectoryW
0x47d070 SetConsoleWindowInfo
0x47d074 GetModuleHandleA
0x47d078 VirtualProtect
0x47d07c SetProcessShutdownParameters
0x47d080 ReleaseMutex
0x47d084 GetCurrentProcessId
0x47d088 FindNextVolumeA
0x47d08c lstrcpyA
0x47d090 WriteConsoleW
0x47d094 ReadFile
0x47d098 WideCharToMultiByte
0x47d09c InterlockedIncrement
0x47d0a0 InterlockedDecrement
0x47d0a4 InterlockedCompareExchange
0x47d0a8 MultiByteToWideChar
0x47d0ac GetStringTypeW
0x47d0b0 EncodePointer
0x47d0b4 DecodePointer
0x47d0b8 Sleep
0x47d0bc DeleteCriticalSection
0x47d0c0 EnterCriticalSection
0x47d0c4 LeaveCriticalSection
0x47d0c8 GetLastError
0x47d0cc HeapFree
0x47d0d0 GetCommandLineW
0x47d0d4 HeapSetInformation
0x47d0d8 GetStartupInfoW
0x47d0dc GetCPInfo
0x47d0e0 RaiseException
0x47d0e4 RtlUnwind
0x47d0e8 HeapAlloc
0x47d0ec LCMapStringW
0x47d0f0 HeapCreate
0x47d0f4 InitializeCriticalSectionAndSpinCount
0x47d0f8 UnhandledExceptionFilter
0x47d0fc SetUnhandledExceptionFilter
0x47d100 IsDebuggerPresent
0x47d104 TerminateProcess
0x47d108 GetCurrentProcess
0x47d10c SetFilePointer
0x47d110 GetModuleHandleW
0x47d114 ExitProcess
0x47d118 GetStdHandle
0x47d11c FreeEnvironmentStringsW
0x47d120 GetEnvironmentStringsW
0x47d124 SetHandleCount
0x47d128 GetFileType
0x47d12c TlsAlloc
0x47d130 TlsGetValue
0x47d134 TlsSetValue
0x47d138 TlsFree
0x47d13c SetLastError
0x47d140 GetCurrentThreadId
0x47d144 QueryPerformanceCounter
0x47d148 GetTickCount
0x47d14c GetSystemTimeAsFileTime
0x47d150 GetLocaleInfoW
0x47d154 HeapSize
0x47d158 GetACP
0x47d15c GetOEMCP
0x47d160 IsValidCodePage
0x47d164 GetUserDefaultLCID
0x47d168 EnumSystemLocalesA
0x47d16c IsValidLocale
0x47d170 CloseHandle
0x47d174 CreateFileA
0x47d178 SetStdHandle
0x47d17c GetConsoleCP
0x47d180 GetConsoleMode
0x47d184 FlushFileBuffers
0x47d188 LoadLibraryW
0x47d18c SetEndOfFile
0x47d190 GetProcessHeap
0x47d194 CreateFileW
EAT(Export Address Table) Library
0x4015d6 @GetFirstVice@8
0x4015df @SetViceVariants@12