ScreenShot
| Created | 2021.11.01 11:02 | Machine | s1_win7_x6403 |
| Filename | rollerkind2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 41 detected (AIDetect, malware1, Zbot, m6l9, malicious, high confidence, GenericKD, Artemis, Unsafe, Save, Hacktool, Kryptik, Eldorado, HNDM, R + Troj, Krypt, Score, kcloud, StopCrypt, Ilgergop, PGLDWC, R373480, ai score=99, CrypterX, CLASSIC, Static AI, Malicious PE, susgen, Genetic, confidence) | ||
| md5 | f066b1dcc3c84091ecd2ad23e9c10d3a | ||
| sha256 | 4fc868d081c6481fc2bff32599132b74ac0dc03e5f6ec43df5320ab427a6d958 | ||
| ssdeep | 12288:Yifu1k+jBHp9CoicSd1mi4Z5hAdUy2c8Ck6SKOLZkwb+m7yCH31A8H0unnn:AeAvCoiZT5+SVCXobmWIW8Hnn | ||
| imphash | 399419c867e1b29b8b53fcd0cc79fbe7 | ||
| impfuzzy | 24:cEq+fm4X7alyDq+uco1TiOovA1tFXgJ3IRIlyv9fcVq1VGSUjMku:nv7GTt1tmRK9fcM1kSZ | ||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 41 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | The executable contains unknown PE section names indicative of a packer (could be a false positive) |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x47c000 FindVolumeClose
0x47c004 HeapAlloc
0x47c008 EndUpdateResourceW
0x47c00c HeapFree
0x47c010 GetEnvironmentStringsW
0x47c014 SetConsoleScreenBufferSize
0x47c018 AddConsoleAliasW
0x47c01c SetEvent
0x47c020 GetTickCount
0x47c024 GetProcessHeap
0x47c028 FindActCtxSectionStringA
0x47c02c Sleep
0x47c030 InitAtomTable
0x47c034 GetTapePosition
0x47c038 GetAtomNameW
0x47c03c GetMailslotInfo
0x47c040 GetModuleFileNameW
0x47c044 CreateActCtxA
0x47c048 GetConsoleOutputCP
0x47c04c GetCPInfoExW
0x47c050 GetProcAddress
0x47c054 VirtualAlloc
0x47c058 LoadLibraryA
0x47c05c WriteConsoleA
0x47c060 LocalAlloc
0x47c064 BeginUpdateResourceA
0x47c068 SetEnvironmentVariableA
0x47c06c GetModuleFileNameA
0x47c070 GetProcessAffinityMask
0x47c074 Module32Next
0x47c078 FindNextVolumeA
0x47c07c TlsFree
0x47c080 lstrcpyA
0x47c084 EncodePointer
0x47c088 DecodePointer
0x47c08c GetCommandLineA
0x47c090 HeapSetInformation
0x47c094 GetStartupInfoW
0x47c098 RaiseException
0x47c09c UnhandledExceptionFilter
0x47c0a0 SetUnhandledExceptionFilter
0x47c0a4 IsDebuggerPresent
0x47c0a8 TerminateProcess
0x47c0ac GetCurrentProcess
0x47c0b0 GetLastError
0x47c0b4 IsProcessorFeaturePresent
0x47c0b8 TlsAlloc
0x47c0bc TlsGetValue
0x47c0c0 TlsSetValue
0x47c0c4 InterlockedIncrement
0x47c0c8 GetModuleHandleW
0x47c0cc SetLastError
0x47c0d0 GetCurrentThreadId
0x47c0d4 InterlockedDecrement
0x47c0d8 WideCharToMultiByte
0x47c0dc SetHandleCount
0x47c0e0 GetStdHandle
0x47c0e4 InitializeCriticalSectionAndSpinCount
0x47c0e8 GetFileType
0x47c0ec DeleteCriticalSection
0x47c0f0 EnterCriticalSection
0x47c0f4 LeaveCriticalSection
0x47c0f8 ReadFile
0x47c0fc RtlUnwind
0x47c100 SetFilePointer
0x47c104 CloseHandle
0x47c108 ExitProcess
0x47c10c WriteFile
0x47c110 FreeEnvironmentStringsW
0x47c114 HeapCreate
0x47c118 QueryPerformanceCounter
0x47c11c GetCurrentProcessId
0x47c120 GetSystemTimeAsFileTime
0x47c124 GetConsoleCP
0x47c128 GetConsoleMode
0x47c12c GetCPInfo
0x47c130 GetACP
0x47c134 GetOEMCP
0x47c138 IsValidCodePage
0x47c13c MultiByteToWideChar
0x47c140 CreateFileA
0x47c144 SetStdHandle
0x47c148 FlushFileBuffers
0x47c14c HeapSize
0x47c150 LoadLibraryW
0x47c154 WriteConsoleW
0x47c158 LCMapStringW
0x47c15c GetStringTypeW
0x47c160 HeapReAlloc
0x47c164 SetEndOfFile
0x47c168 CreateFileW
EAT(Export Address Table) is none
KERNEL32.dll
0x47c000 FindVolumeClose
0x47c004 HeapAlloc
0x47c008 EndUpdateResourceW
0x47c00c HeapFree
0x47c010 GetEnvironmentStringsW
0x47c014 SetConsoleScreenBufferSize
0x47c018 AddConsoleAliasW
0x47c01c SetEvent
0x47c020 GetTickCount
0x47c024 GetProcessHeap
0x47c028 FindActCtxSectionStringA
0x47c02c Sleep
0x47c030 InitAtomTable
0x47c034 GetTapePosition
0x47c038 GetAtomNameW
0x47c03c GetMailslotInfo
0x47c040 GetModuleFileNameW
0x47c044 CreateActCtxA
0x47c048 GetConsoleOutputCP
0x47c04c GetCPInfoExW
0x47c050 GetProcAddress
0x47c054 VirtualAlloc
0x47c058 LoadLibraryA
0x47c05c WriteConsoleA
0x47c060 LocalAlloc
0x47c064 BeginUpdateResourceA
0x47c068 SetEnvironmentVariableA
0x47c06c GetModuleFileNameA
0x47c070 GetProcessAffinityMask
0x47c074 Module32Next
0x47c078 FindNextVolumeA
0x47c07c TlsFree
0x47c080 lstrcpyA
0x47c084 EncodePointer
0x47c088 DecodePointer
0x47c08c GetCommandLineA
0x47c090 HeapSetInformation
0x47c094 GetStartupInfoW
0x47c098 RaiseException
0x47c09c UnhandledExceptionFilter
0x47c0a0 SetUnhandledExceptionFilter
0x47c0a4 IsDebuggerPresent
0x47c0a8 TerminateProcess
0x47c0ac GetCurrentProcess
0x47c0b0 GetLastError
0x47c0b4 IsProcessorFeaturePresent
0x47c0b8 TlsAlloc
0x47c0bc TlsGetValue
0x47c0c0 TlsSetValue
0x47c0c4 InterlockedIncrement
0x47c0c8 GetModuleHandleW
0x47c0cc SetLastError
0x47c0d0 GetCurrentThreadId
0x47c0d4 InterlockedDecrement
0x47c0d8 WideCharToMultiByte
0x47c0dc SetHandleCount
0x47c0e0 GetStdHandle
0x47c0e4 InitializeCriticalSectionAndSpinCount
0x47c0e8 GetFileType
0x47c0ec DeleteCriticalSection
0x47c0f0 EnterCriticalSection
0x47c0f4 LeaveCriticalSection
0x47c0f8 ReadFile
0x47c0fc RtlUnwind
0x47c100 SetFilePointer
0x47c104 CloseHandle
0x47c108 ExitProcess
0x47c10c WriteFile
0x47c110 FreeEnvironmentStringsW
0x47c114 HeapCreate
0x47c118 QueryPerformanceCounter
0x47c11c GetCurrentProcessId
0x47c120 GetSystemTimeAsFileTime
0x47c124 GetConsoleCP
0x47c128 GetConsoleMode
0x47c12c GetCPInfo
0x47c130 GetACP
0x47c134 GetOEMCP
0x47c138 IsValidCodePage
0x47c13c MultiByteToWideChar
0x47c140 CreateFileA
0x47c144 SetStdHandle
0x47c148 FlushFileBuffers
0x47c14c HeapSize
0x47c150 LoadLibraryW
0x47c154 WriteConsoleW
0x47c158 LCMapStringW
0x47c15c GetStringTypeW
0x47c160 HeapReAlloc
0x47c164 SetEndOfFile
0x47c168 CreateFileW
EAT(Export Address Table) is none