2024-03-26_852f837c37fe00198e48a615b3779e82_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-26_852f837c37fe00198e48a615b3779e82_polyvice
Size

2.1MB
MD5

852f837c37fe00198e48a615b3779e82
SHA1

9ad563efa2696c48d10b5150ce055de47eec9d5f
SHA256

81e0a5ca3f3cf49e250328c24b76eef3e20921574bd7c1e250378114efe3cfd1
SHA512

a3337323a059c7b5320b490fb996c7e7b26265fa3bafdfa186ac2086c36b67edff8d745c374f1641ac77f4c00b5ab4b8b06f5c96bab1fcfb6df401c6c8c1e9b3
SSDEEP

49152:okb0Qax5gENbvL6ABDWIHCrpmDiVC0Ure+4JN:drABpHEoiVCZH4JN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-26_852f837c37fe00198e48a615b3779e82_polyvice

Files

2024-03-26_852f837c37fe00198e48a615b3779e82_polyvice
.exe windows:4 windows x64 arch:x64

411bac1abdd75a311c40a7c5698e590c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegEnumKeyExW
RegGetValueA
RegGetValueW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CloseHandle
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeA
CreateProcessA
CreateSemaphoreA
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeleteFileW
DeleteTimerQueueTimer
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
FatalExit
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetThreadContext
GetThreadId
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTimeZoneInformation
GetVersion
GlobalMemoryStatusEx
InitOnceExecuteOnce
InitializeCriticalSection
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LockFileEx
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleTextAttribute
SetEndOfFile
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFilePointerEx
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
SuspendThread
SwitchToThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_atoi64
_beginthreadex
_cexit
_commode
_ctime64
_endthreadex
_errno
_findclose
_findfirst64
_findnext64
_fmode
_fstat64
_ftime64
_fullpath
_gmtime64
_initterm
_isatty
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_pclose
_pipe
_popen
_read
_setjmp
_setmode
_snprintf
_sopen
_stat64
_strdup
_stricmp
_strnicmp
_time64
_tzset
_ultoa
_unlock
_vscprintf
_vsnprintf
_wcsnicmp
_wfopen
_write
abort
asctime
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fread
free
freopen
fseek
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
qsort
raise
rand
realloc
remove
rename
rewind
setbuf
setlocale
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
system
tolower
toupper
ungetc
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcstombs
_tzname
longjmp
_write
_utime
_unlink
_umask
_stricmp
_strdup
_rmdir
_read
_open
_mkdir
_getpid
_dup2
_close
_access

ntdll

NtAllocateVirtualMemory
NtClose
NtCreateSection
NtFreeVirtualMemory
NtMapViewOfSection
NtQuerySystemInformation
NtUnmapViewOfSection

shell32

SHGetFolderPathW

shlwapi

PathRemoveFileSpecA

user32

CharToOemBuffA

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getsockname
getsockopt
htonl
htons
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
send
sendto
setsockopt
socket

Exports

Exports

mdbx_build
mdbx_sourcery_62eacc68d08e21a1f4d18c16b6bea7510bae1d86d5a65d406b0db3a57e59a4b6_v0_11_6_39_gbb8f4318
mdbx_version

Sections

.text
Size: 810KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 218B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

411bac1abdd75a311c40a7c5698e590c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

shell32

shlwapi

user32

ws2_32

Exports

Exports

Sections

.text Size: 810KB - Virtual size: 810KB

.data Size: 160KB - Virtual size: 159KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.pdata Size: 8KB - Virtual size: 8KB

.xdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 46KB

.edata Size: 512B - Virtual size: 218B

.idata Size: 12KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 810KB - Virtual size: 810KB

.data
Size: 160KB - Virtual size: 159KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.pdata
Size: 8KB - Virtual size: 8KB

.xdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 46KB

.edata
Size: 512B - Virtual size: 218B

.idata
Size: 12KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB