2024-01-29_94bae02f63e151d64d1d0cea4e7a801b_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-01-29_94bae02f63e151d64d1d0cea4e7a801b_polyvice
Size

23.7MB
MD5

94bae02f63e151d64d1d0cea4e7a801b
SHA1

4d87c47d1d9c57592f586d45688de950cc496efb
SHA256

77bc49f9eb1adf73b2df6e11a90a3cc967aa1206aee2f00335c8791161b14bdd
SHA512

9d1c5556842726864374969391c142b84e5c8f27dd464892cad54dec098e1201ed33b08f620e7548ae8b723e11b775c11b998bebaef32404f4eddbd5b0b83494
SSDEEP

98304:thhrbaCh3PC4Lu/L88pGVkdPI3HDJeu4sw3PRNbTZB/WtK2Sg1Eiqdf6WysoByLd:TLu/xdmDJ6W82k1ysb

Score

1^/10

Malware Config

Signatures

Files

2024-01-29_94bae02f63e151d64d1d0cea4e7a801b_polyvice
.exe windows:6 windows x64 arch:x64

249e1b3bc1bd6cf47f87158f35322319

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/03/2023, 00:00

Not After

22/03/2026, 23:59

Subject

CN=Sangfor Technologies Inc.,O=Sangfor Technologies Inc.,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d2:b5:27:ea:89:cc:39:a0:1c:71:d2:e7:06:7f:c5:cb:ec:68:93:98:26:bf:5c:fd:bd:b8:cc:14:69:02:19
Signer

Actual PE Digest

1a:d2:b5:27:ea:89:cc:39:a0:1c:71:d2:e7:06:7f:c5:cb:ec:68:93:98:26:bf:5c:fd:bd:b8:cc:14:69:02:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

dbghelp

MiniDumpWriteDump

libgcc_s_seh-1

_Unwind_Resume
__emutls_get_address

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileAttributesW
GetFileSizeEx
GetLastError
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadContext
GetTickCount
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFileEx
MapViewOfFile
MoveFileExW
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
ReadFile
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_lock
_onexit
_time64
_unlock
_wcsdup
_wgetenv_s
_wputenv_s
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
memcmp
memcpy
memmove
memset
rand
realloc
signal
srand
strcat
strchr
strcpy
strerror
strlen
strncmp
strrchr
strstr
vfprintf
wcscmp
wcscspn
wcslen
wcsspn

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

libstdc++-6

_ZNKSt19__codecvt_utf8_baseIwE10do_unshiftERiPcS2_RS2_
_ZNKSt19__codecvt_utf8_baseIwE11do_encodingEv
_ZNKSt19__codecvt_utf8_baseIwE13do_max_lengthEv
_ZNKSt19__codecvt_utf8_baseIwE16do_always_noconvEv
_ZNKSt19__codecvt_utf8_baseIwE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt19__codecvt_utf8_baseIwE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt19__codecvt_utf8_baseIwE9do_lengthERiPKcS3_y
_ZNKSt8__detail20_Prime_rehash_policy14_M_need_rehashEyyy
_ZNSt12length_errorC1EPKc
_ZNSt12length_errorD1Ev
_ZNSt12out_of_rangeC1EPKc
_ZNSt12out_of_rangeC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt12out_of_rangeD1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt16invalid_argumentC1EPKc
_ZNSt16invalid_argumentD1Ev
_ZNSt19__codecvt_utf8_baseIwED2Ev
_ZNSt7codecvtIwciEC2Ey
_ZSt11_Hash_bytesPKvyy
_ZSt17__throw_bad_allocv
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_range_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZdaPv
_ZdlPv
_ZdlPvy
_Znay
_Znwy
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__gxx_personality_seh0

sdpnetfilter

cgo_addRouter
cgo_addTable
cgo_asyncWriteNetworkPacket
cgo_asyncWriteTransportPacket
cgo_cleanRules
cgo_commitRules
cgo_getEvents
cgo_getOriginAddr
cgo_handleEvents
cgo_initPacketFlt
cgo_initRouter
cgo_releaseNetfltRouter
cgo_releasePacketFlt
cgo_resumeRequest
cgo_rollback
cgo_setKLogLevel
cgo_setLogLevel
cgo_setWhiteList
cgo_writePacket

libcrypto-1_1-x64

ASN1_INTEGER_free
ASN1_INTEGER_new
ASN1_INTEGER_to_BN
BIO_clear_flags
BIO_free
BIO_get_data
BIO_meth_new
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_write
BIO_new
BIO_new_mem_buf
BIO_read
BIO_s_mem
BIO_set_data
BIO_set_flags
BIO_set_init
BIO_set_shutdown
BIO_test_flags
BIO_write
BN_bin2bn
BN_bn2hex
BN_free
BN_new
BN_to_ASN1_INTEGER
CRYPTO_free
CRYPTO_get_ex_new_index
CRYPTO_malloc
CRYPTO_set_mem_functions
DH_free
EC_KEY_free
EC_KEY_new_by_curve_name
ENGINE_by_id
ENGINE_finish
ENGINE_free
ENGINE_init
ENGINE_load_builtin_engines
ERR_func_error_string
ERR_get_error
ERR_lib_error_string
ERR_peek_error
ERR_reason_error_string
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_cipher
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_encrypting
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_set_padding
EVP_CIPHER_block_size
EVP_CIPHER_iv_length
EVP_CIPHER_key_length
EVP_CIPHER_nid
EVP_DecryptFinal_ex
EVP_DecryptInit_ex
EVP_DecryptUpdate
EVP_DigestFinal_ex
EVP_DigestInit
EVP_DigestInit_ex
EVP_DigestSign
EVP_DigestSignInit
EVP_DigestUpdate
EVP_DigestVerify
EVP_DigestVerifyInit
EVP_EncryptFinal_ex
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_MD_CTX_free
EVP_MD_CTX_new
EVP_MD_size
EVP_PKEY_CTX_ctrl
EVP_PKEY_CTX_free
EVP_PKEY_CTX_new
EVP_PKEY_CTX_new_id
EVP_PKEY_assign
EVP_PKEY_base_id
EVP_PKEY_derive
EVP_PKEY_derive_init
EVP_PKEY_derive_set_peer
EVP_PKEY_free
EVP_PKEY_get1_RSA
EVP_PKEY_id
EVP_PKEY_keygen
EVP_PKEY_keygen_init
EVP_PKEY_new
EVP_PKEY_paramgen
EVP_PKEY_paramgen_init
EVP_PKEY_set1_RSA
EVP_PKEY_size
EVP_SignFinal
EVP_VerifyFinal
EVP_aes_128_gcm
EVP_aes_192_gcm
EVP_aes_256_gcm
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_md4
EVP_md5
EVP_md_null
EVP_ripemd160
EVP_sha1
EVP_sha224
EVP_sha256
EVP_sha384
EVP_sha512
FIPS_mode_set
HMAC_CTX_free
HMAC_CTX_new
HMAC_Final
HMAC_Init_ex
HMAC_Update
HMAC_size
OBJ_nid2sn
OPENSSL_cleanup
OPENSSL_config
OPENSSL_init_crypto
OPENSSL_sk_num
OPENSSL_sk_value
PEM_read_bio_DHparams
PEM_read_bio_PUBKEY
PEM_read_bio_PrivateKey
PEM_read_bio_X509
PEM_write_bio_PUBKEY
PEM_write_bio_PrivateKey_traditional
PEM_write_bio_X509
RSA_generate_key
X509V3_EXT_conf_nid
X509V3_set_ctx
X509_EXTENSION_free
X509_NAME_add_entry_by_txt
X509_NAME_free
X509_NAME_get_text_by_NID
X509_NAME_new
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_ex_data
X509_STORE_add_cert
X509_STORE_free
X509_STORE_new
X509_add_ext
X509_check_email
X509_check_host
X509_check_ip
X509_free
X509_get0_notAfter
X509_get0_notBefore
X509_get_issuer_name
X509_get_pubkey
X509_get_serialNumber
X509_get_subject_name
X509_get_version
X509_gmtime_adj
X509_new
X509_set_issuer_name
X509_set_pubkey
X509_set_serialNumber
X509_set_subject_name
X509_set_version
X509_sign
X509_up_ref
X509_verify_cert_error_string
d2i_PUBKEY_bio
d2i_PrivateKey_bio
i2d_PUBKEY_bio
i2d_PrivateKey_bio

libssl-1_1-x64

OPENSSL_init_ssl
SSL_CIPHER_get_name
SSL_CTX_add_custom_ext
SSL_CTX_callback_ctrl
SSL_CTX_clear_options
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_get_ex_data
SSL_CTX_get_options
SSL_CTX_get_timeout
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_set_cipher_list
SSL_CTX_set_ex_data
SSL_CTX_set_options
SSL_CTX_set_session_id_context
SSL_CTX_set_timeout
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate
SSL_SESSION_dup
SSL_SESSION_free
SSL_clear_options
SSL_ctrl
SSL_do_handshake
SSL_free
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_options
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_servername
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_new
SSL_read
SSL_session_reused
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_bio
SSL_set_connect_state
SSL_set_ex_data
SSL_set_options
SSL_set_session
SSL_set_verify
SSL_set_verify_depth
SSL_shutdown
SSL_write
TLS_method
TLSv1_1_method
TLSv1_2_method
TLSv1_method
d2i_SSL_SESSION
i2d_SSL_SESSION

Exports

Exports

_cgo_dummy_export
get_ssl_ctx_idx
get_ssl_idx
go_free_thunk
go_malloc_thunk
go_read_bio_ctrl
go_read_bio_read
go_realloc_thunk
go_session_cb_thunk
go_ssl_ctx_verify_cb_thunk
go_ssl_verify_cb_thunk
go_ticket_key_cb_thunk
go_write_bio_ctrl
go_write_bio_write
myContentChangeHandler
myErrorHandler
myLogHandler
sni_cb_thunk

Sections

.text
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

249e1b3bc1bd6cf47f87158f35322319

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:d2:b5:27:ea:89:cc:39:a0:1c:71:d2:e7:06:7f:c5:cb:ec:68:93:98:26:bf:5c:fd:bd:b8:cc:14:69:02:19Signer

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

libgcc_s_seh-1

kernel32

msvcrt

ole32

libstdc++-6

sdpnetfilter

libcrypto-1_1-x64

libssl-1_1-x64

Exports

Exports

Sections

.text Size: 11.1MB - Virtual size: 11.1MB

.data Size: 513KB - Virtual size: 512KB

.rdata Size: 11.8MB - Virtual size: 11.8MB

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 18KB - Virtual size: 18KB

.bss Size: - Virtual size: 7.7MB

.edata Size: 1024B - Virtual size: 551B

.idata Size: 19KB - Virtual size: 18KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 240KB - Virtual size: 239KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:f9:80:67:6d:7d:7e:8d:5e:b0:42:d2:df:47:78:48
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:d2:b5:27:ea:89:cc:39:a0:1c:71:d2:e7:06:7f:c5:cb:ec:68:93:98:26:bf:5c:fd:bd:b8:cc:14:69:02:19
Signer

.text
Size: 11.1MB - Virtual size: 11.1MB

.data
Size: 513KB - Virtual size: 512KB

.rdata
Size: 11.8MB - Virtual size: 11.8MB

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 18KB - Virtual size: 18KB

.bss
Size: - Virtual size: 7.7MB

.edata
Size: 1024B - Virtual size: 551B

.idata
Size: 19KB - Virtual size: 18KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 240KB - Virtual size: 239KB