2024-02-13_448d81a172296a381d2bd6c95ba1c08a_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-02-13_448d81a172296a381d2bd6c95ba1c08a_polyvice
Size

11.5MB
MD5

448d81a172296a381d2bd6c95ba1c08a
SHA1

8d0bc43a15718a3c085090cfec9e48f1377d994b
SHA256

cfb727a3eada0cbae789ed97f3325396a23aaa088fd9b0fb5686dc948677a365
SHA512

306ea66008faafca4894b31630ebb7f20af2fff7c1a82b8d651043b05fba05881589ffc960aa578f03cfd3b8bbeb4aff5ffc6c459d859c7438dd9f16b21c11cc
SSDEEP

196608:jbaFjozPV+PNOn738A+tzl4XGbR6Q2gVWdWZWpXSHrqvRRdhL/G:RGNOJG96Q2gVWdWZWpXSHevTd0

Score

1^/10

Malware Config

Signatures

Files

2024-02-13_448d81a172296a381d2bd6c95ba1c08a_polyvice
.exe windows:4 windows x64 arch:x64

97a887c7d5b5217cb6add1eea44a7f53

Code Sign

0b:be:a8:b6:c0:b5:88:6f:f9:b2:12:55:88:4f:61:49
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

19/04/2023, 00:00

Not After

25/06/2024, 23:59

Subject

CN=Auvik Networks Inc.,O=Auvik Networks Inc.,L=Waterloo,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

10:9c:9b:cc:d6:cf:a6:7e:ff:60:19:c8:40:46:f7:88:e6:a0:a1:b9
Signer

Actual PE Digest

10:9c:9b:cc:d6:cf:a6:7e:ff:60:19:c8:40:46:f7:88:e6:a0:a1:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

BuildTrusteeWithSidW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
ConvertSidToStringSidW
ConvertStringSidToSidW
CreateServiceW
CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeleteService
DeregisterEventSource
GetAce
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceStatusEx
RegCloseKey
RegCopyTreeW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteTreeW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyA
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
RegisterServiceCtrlHandlerExW
ReportEventW
SetEntriesInAclW
SetNamedSecurityInfoW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

kernel32

AddVectoredExceptionHandler
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiber
CreateFileA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSymbolicLinkA
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
DeleteTimerQueueEx
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileType
GetHandleInformation
GetLastError
GetLogicalDriveStringsW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetStartupInfoW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatusEx
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
K32GetProcessMemoryInfo
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExA
MoveFileExW
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleInputW
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableA
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpW
lstrlenW

msvcrt

fwprintf
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__argv
__doserrno
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_assert
_beginthreadex
_cexit
_chsize
_close
_difftime64
_dup
_dup2
_endthreadex
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_fmode
_fstat64
_ftime64
_get_osfhandle
_gmtime64
_initterm
_isnan
_localtime64
_lock
_lseek
_lseeki64
_mktime64
_onexit
_open
_pclose
_popen
_read
_setjmp
_setmode
_snprintf
_snwprintf_s
_stat64
_strdup
_stricmp
_strnicmp
_strupr
_time64
_ultoa
_unlink
_unlock
_vsnprintf
_vsnwprintf
_waccess
_wassert
_wchdir
_wcmdln
_wcsdup
_wcsicmp
_wfopen
_wfullpath
_wmkdir
_wopen
_write
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isprint
isspace
isupper
iswalpha
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putchar
putwc
qsort
raise
rand
realloc
rename
rewind
setlocale
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsstr
wcstol
wcsxfrm
_wstat64
vprintf
_findnext64
longjmp
_write
_strdup
_read
_open
_getpid
_fileno
_fdopen
_close

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
VariantChangeType
VariantClear
VariantInit

pdh

PdhAddCounterA
PdhAddCounterW
PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhOpenQueryW

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSAPoll
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 74KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

97a887c7d5b5217cb6add1eea44a7f53

Code Sign

0b:be:a8:b6:c0:b5:88:6f:f9:b2:12:55:88:4f:61:49Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

10:9c:9b:cc:d6:cf:a6:7e:ff:60:19:c8:40:46:f7:88:e6:a0:a1:b9Signer

Headers

File Characteristics

Imports

advapi32

crypt32

iphlpapi

kernel32

msvcrt

ole32

oleaut32

pdh

user32

ws2_32

Sections

.text Size: 8.7MB - Virtual size: 8.7MB

.data Size: 45KB - Virtual size: 44KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.pdata Size: 395KB - Virtual size: 395KB

.xdata Size: 777KB - Virtual size: 777KB

.bss Size: - Virtual size: 74KB

.idata Size: 17KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 5KB - Virtual size: 4KB

0b:be:a8:b6:c0:b5:88:6f:f9:b2:12:55:88:4f:61:49
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

10:9c:9b:cc:d6:cf:a6:7e:ff:60:19:c8:40:46:f7:88:e6:a0:a1:b9
Signer

.text
Size: 8.7MB - Virtual size: 8.7MB

.data
Size: 45KB - Virtual size: 44KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.pdata
Size: 395KB - Virtual size: 395KB

.xdata
Size: 777KB - Virtual size: 777KB

.bss
Size: - Virtual size: 74KB

.idata
Size: 17KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 5KB - Virtual size: 4KB