ScreenShot
Created | 2021.11.07 09:50 | Machine | s1_win7_x6401 |
Filename | rollerkind2.exe | ||
Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
AI Score |
|
Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 25 detected (AIDetect, malware2, malicious, high confidence, GenericRXQC, Save, Hacktool, confidence, Kryptik, Eldorado, FileRepMetagen, Lockbit, Static AI, Malicious PE, DllCheck, score, Generic@ML, RDML, WZT8r, 7gJ6Uegug9RBIIqg, susgen) | ||
md5 | ebff6c5c942d1800caef3eda207889d3 | ||
sha256 | 6ada41d9a361d5c85efee76854f0b52bb2aa8456e19b5f239fccf0191b6adeee | ||
ssdeep | 12288:BThiZG/+ZqmBVIIyA4y0VdpWZX+g+4mDc8OueHsunnaXYX:BQI/+1BqIyA4yipWUg78OnvaXYX | ||
imphash | 9e3ac2424cecff905bdab3e7336b91cb | ||
impfuzzy | 24:tXSPbG2SmESxCIB1cDku9jpso7qoOovVtUwcpluiyv92/J3I+JSnujMfK318n:tX/1wTn2tbcpsb981SnkF8 |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Foreign language identified in PE resource |
notice | The binary likely contains encrypted or compressed data indicative of a packer |
info | This executable has a PDB path |
Rules (5cnts)
Level | Name | Description | Collection |
---|---|---|---|
watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
watch | UPX_Zero | UPX packed file | binaries (upload) |
info | IsPE32 | (no description) | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check | binaries (upload) |
info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x47a008 SetThreadContext
0x47a00c WriteConsoleOutputCharacterW
0x47a010 GetDefaultCommConfigW
0x47a014 HeapAlloc
0x47a018 UpdateResourceA
0x47a01c HeapFree
0x47a020 GetEnvironmentStringsW
0x47a024 BackupSeek
0x47a028 GetTickCount
0x47a02c GlobalAlloc
0x47a030 LoadLibraryW
0x47a034 SizeofResource
0x47a038 GetTapePosition
0x47a03c SetConsoleCursorPosition
0x47a040 WriteConsoleW
0x47a044 GetAtomNameW
0x47a048 LCMapStringA
0x47a04c GetLastError
0x47a050 GetProcAddress
0x47a054 VirtualAlloc
0x47a058 GetFirmwareEnvironmentVariableW
0x47a05c LoadLibraryA
0x47a060 WriteConsoleA
0x47a064 BeginUpdateResourceA
0x47a068 GetModuleFileNameA
0x47a06c SetConsoleCursorInfo
0x47a070 AddConsoleAliasA
0x47a074 FindNextVolumeA
0x47a078 lstrcpyA
0x47a07c SetProcessAffinityMask
0x47a080 CreateFileW
0x47a084 GetStringTypeW
0x47a088 GetModuleHandleW
0x47a08c ExitProcess
0x47a090 DecodePointer
0x47a094 GetCommandLineA
0x47a098 HeapSetInformation
0x47a09c GetStartupInfoW
0x47a0a0 UnhandledExceptionFilter
0x47a0a4 SetUnhandledExceptionFilter
0x47a0a8 IsDebuggerPresent
0x47a0ac EncodePointer
0x47a0b0 TerminateProcess
0x47a0b4 GetCurrentProcess
0x47a0b8 IsProcessorFeaturePresent
0x47a0bc WriteFile
0x47a0c0 GetStdHandle
0x47a0c4 GetModuleFileNameW
0x47a0c8 HeapCreate
0x47a0cc EnterCriticalSection
0x47a0d0 LeaveCriticalSection
0x47a0d4 InitializeCriticalSectionAndSpinCount
0x47a0d8 RtlUnwind
0x47a0dc SetHandleCount
0x47a0e0 GetFileType
0x47a0e4 DeleteCriticalSection
0x47a0e8 SetFilePointer
0x47a0ec CloseHandle
0x47a0f0 TlsAlloc
0x47a0f4 TlsGetValue
0x47a0f8 TlsSetValue
0x47a0fc TlsFree
0x47a100 InterlockedIncrement
0x47a104 SetLastError
0x47a108 GetCurrentThreadId
0x47a10c InterlockedDecrement
0x47a110 FreeEnvironmentStringsW
0x47a114 WideCharToMultiByte
0x47a118 QueryPerformanceCounter
0x47a11c GetCurrentProcessId
0x47a120 GetSystemTimeAsFileTime
0x47a124 RaiseException
0x47a128 Sleep
0x47a12c CreateFileA
0x47a130 GetCPInfo
0x47a134 GetACP
0x47a138 GetOEMCP
0x47a13c IsValidCodePage
0x47a140 GetConsoleCP
0x47a144 GetConsoleMode
0x47a148 SetStdHandle
0x47a14c FlushFileBuffers
0x47a150 HeapSize
0x47a154 HeapReAlloc
0x47a158 SetEndOfFile
0x47a15c GetProcessHeap
0x47a160 MultiByteToWideChar
0x47a164 ReadFile
0x47a168 LCMapStringW
USER32.dll
0x47a170 GetCursorPos
ADVAPI32.dll
0x47a000 NotifyChangeEventLog
EAT(Export Address Table) is none
KERNEL32.dll
0x47a008 SetThreadContext
0x47a00c WriteConsoleOutputCharacterW
0x47a010 GetDefaultCommConfigW
0x47a014 HeapAlloc
0x47a018 UpdateResourceA
0x47a01c HeapFree
0x47a020 GetEnvironmentStringsW
0x47a024 BackupSeek
0x47a028 GetTickCount
0x47a02c GlobalAlloc
0x47a030 LoadLibraryW
0x47a034 SizeofResource
0x47a038 GetTapePosition
0x47a03c SetConsoleCursorPosition
0x47a040 WriteConsoleW
0x47a044 GetAtomNameW
0x47a048 LCMapStringA
0x47a04c GetLastError
0x47a050 GetProcAddress
0x47a054 VirtualAlloc
0x47a058 GetFirmwareEnvironmentVariableW
0x47a05c LoadLibraryA
0x47a060 WriteConsoleA
0x47a064 BeginUpdateResourceA
0x47a068 GetModuleFileNameA
0x47a06c SetConsoleCursorInfo
0x47a070 AddConsoleAliasA
0x47a074 FindNextVolumeA
0x47a078 lstrcpyA
0x47a07c SetProcessAffinityMask
0x47a080 CreateFileW
0x47a084 GetStringTypeW
0x47a088 GetModuleHandleW
0x47a08c ExitProcess
0x47a090 DecodePointer
0x47a094 GetCommandLineA
0x47a098 HeapSetInformation
0x47a09c GetStartupInfoW
0x47a0a0 UnhandledExceptionFilter
0x47a0a4 SetUnhandledExceptionFilter
0x47a0a8 IsDebuggerPresent
0x47a0ac EncodePointer
0x47a0b0 TerminateProcess
0x47a0b4 GetCurrentProcess
0x47a0b8 IsProcessorFeaturePresent
0x47a0bc WriteFile
0x47a0c0 GetStdHandle
0x47a0c4 GetModuleFileNameW
0x47a0c8 HeapCreate
0x47a0cc EnterCriticalSection
0x47a0d0 LeaveCriticalSection
0x47a0d4 InitializeCriticalSectionAndSpinCount
0x47a0d8 RtlUnwind
0x47a0dc SetHandleCount
0x47a0e0 GetFileType
0x47a0e4 DeleteCriticalSection
0x47a0e8 SetFilePointer
0x47a0ec CloseHandle
0x47a0f0 TlsAlloc
0x47a0f4 TlsGetValue
0x47a0f8 TlsSetValue
0x47a0fc TlsFree
0x47a100 InterlockedIncrement
0x47a104 SetLastError
0x47a108 GetCurrentThreadId
0x47a10c InterlockedDecrement
0x47a110 FreeEnvironmentStringsW
0x47a114 WideCharToMultiByte
0x47a118 QueryPerformanceCounter
0x47a11c GetCurrentProcessId
0x47a120 GetSystemTimeAsFileTime
0x47a124 RaiseException
0x47a128 Sleep
0x47a12c CreateFileA
0x47a130 GetCPInfo
0x47a134 GetACP
0x47a138 GetOEMCP
0x47a13c IsValidCodePage
0x47a140 GetConsoleCP
0x47a144 GetConsoleMode
0x47a148 SetStdHandle
0x47a14c FlushFileBuffers
0x47a150 HeapSize
0x47a154 HeapReAlloc
0x47a158 SetEndOfFile
0x47a15c GetProcessHeap
0x47a160 MultiByteToWideChar
0x47a164 ReadFile
0x47a168 LCMapStringW
USER32.dll
0x47a170 GetCursorPos
ADVAPI32.dll
0x47a000 NotifyChangeEventLog
EAT(Export Address Table) is none