2024-01-08_dd4d288479d4e49f99532fce8b5a39b3_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-08_dd4d288479d4e49f99532fce8b5a39b3_polyvice
Size

7.4MB
MD5

dd4d288479d4e49f99532fce8b5a39b3
SHA1

ff7accdc5c92e3dd204153f6c55c692eb46ae420
SHA256

55e2e783d0630c0baa740e29885f4b5b26333670db4870e30dd74c44d0061271
SHA512

ee8b29b090311ea494789156aa104d348e7fb8f1d7459f21894518a27964e5a1aea16059f50b017b0cbb56ca5531de36305d2a51bfbf92a5a8b778c7f8b4422a
SSDEEP

98304:FGQIDdIvKBic/esDVH3MH9pcvZ050CxIsV4UFtv13uFnCPwHb7K6O+gqQQkS:AQo/m7K05b4UFtv13uFnCPwHb7X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-01-08_dd4d288479d4e49f99532fce8b5a39b3_polyvice

Files

2024-01-08_dd4d288479d4e49f99532fce8b5a39b3_polyvice
.exe windows:4 windows x64 arch:x64

ea4bfd499a1b4787853a08b6e4b2ac99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetVersion
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeConditionVariable
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ResetEvent
ResumeThread
SetConsoleMode
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_fmode
_get_osfhandle
_gmtime64
_initterm
_isatty
_localtime64
_lock
_mktime64
_onexit
_setjmp
_setmode
_stat64
_strdup
_strdup
_strtoi64
_strtoui64
_time64
_timezone
_unlock
_vscprintf
_vsnprintf
_vsnwprintf
_wfopen
_wgetenv
_write
abort
acos
asin
atan
atoi
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fsetpos
fseek
ftell
fwrite
getc
getenv
isspace
isxdigit
ldexp
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
qsort
raise
realloc
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
tan
tolower
ungetc
vfprintf
wcscmp
wcscpy
wcslen
wcsstr
wcstombs

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea4bfd499a1b4787853a08b6e4b2ac99

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.data Size: 41KB - Virtual size: 40KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 195KB - Virtual size: 194KB

.xdata Size: 173KB - Virtual size: 173KB

.bss Size: - Virtual size: 172KB

.idata Size: 11KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

/4 Size: 4KB - Virtual size: 4KB

/19 Size: 146KB - Virtual size: 145KB

/31 Size: 29KB - Virtual size: 28KB

/45 Size: 66KB - Virtual size: 65KB

/57 Size: 11KB - Virtual size: 10KB

/70 Size: 2KB - Virtual size: 1KB

/81 Size: 20KB - Virtual size: 20KB

/97 Size: 78KB - Virtual size: 78KB

/113 Size: 3KB - Virtual size: 2KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 41KB - Virtual size: 40KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 195KB - Virtual size: 194KB

.xdata
Size: 173KB - Virtual size: 173KB

.bss
Size: - Virtual size: 172KB

.idata
Size: 11KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB

/4
Size: 4KB - Virtual size: 4KB

/19
Size: 146KB - Virtual size: 145KB

/31
Size: 29KB - Virtual size: 28KB

/45
Size: 66KB - Virtual size: 65KB

/57
Size: 11KB - Virtual size: 10KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 20KB - Virtual size: 20KB

/97
Size: 78KB - Virtual size: 78KB

/113
Size: 3KB - Virtual size: 2KB