privateloader | 2024-05-01_87f3b7526d4b982cd1834d2868de367e_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-01_87f3b7526d4b982cd1834d2868de367e_polyvice
Size

25.5MB
MD5

87f3b7526d4b982cd1834d2868de367e
SHA1

f20559d06d2abedc89238b2e990d80d80c7c6ab9
SHA256

016d76fa1b26088d7e07c1dfa38c0c0ab88c55e726298d10be35464e0bda15bc
SHA512

edec49b0e6643e5684c44f098f7284610680abc07b678807ec24ced6b92ea2aef58bfe5c6183a9618d791318329f5912eacc0ba4f516fb132479e600b6793205
SSDEEP

393216:e5P1+KjHvNZz04v14NUuCfsJsv6tWKFdu9CHjG+:K+KjHvNR0C16C

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-01_87f3b7526d4b982cd1834d2868de367e_polyvice

Files

2024-05-01_87f3b7526d4b982cd1834d2868de367e_polyvice
.exe windows:4 windows x64 arch:x64

fa6dd6a2a044addec4daf09eff639ca5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AccessCheck
AllocateAndInitializeSid
BuildTrusteeWithSidW
CopySid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
DuplicateToken
FreeSid
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
LookupAccountSidW
MapGenericMask
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SystemFunction036

crypt32

CertCloseStore
CertCreateCertificateContext
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenSystemStoreW

d3d9

Direct3DCreate9Ex

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

dxva2

DXVA2CreateDirect3DDeviceManager9

evr

MFCreateVideoSampleFromSurface

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
DescribePixelFormat
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetBitmapBits
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetPixelFormat
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
Rectangle
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetLayout
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
SwapBuffers

imm32

ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetNetworkParams

kernel32

AddVectoredExceptionHandler
CancelIoEx
CheckRemoteDebuggerPresent
CloseHandle
CompareStringEx
CompareStringW
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiber
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReadConsoleA
ReadConsoleW
ReadFile
ReadFileEx
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepEx
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
WriteFileEx
__C_specific_handler
lstrcmpW

mf

MFGetService

mfplat

MFCreateMediaType
MFFrameRateToAverageTimePerFrame

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_fmode
_get_osfhandle
_getdrive
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_open_osfhandle
_read
_setjmp
_setmode
_snwprintf
_stat64
_strdup
_vsnwprintf
_stricmp
_strnicmp
_time64
_tzset
_ultoa
_unlock
_vsnprintf
_waccess
_wchmod
_wfopen
_wgetdcwd
_wgetenv_s
_write
abort
acos
asin
atan
atof
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
isalpha
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
rand
realloc
remove
rewind
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtok
strtol
strtoul
strxfrm
tan
tmpfile
tmpnam
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcsstr
wcsxfrm
_tzname
_timezone
_write
_unlink
_strdup
_setmode
_read
_putenv
_open
_lseek
_fileno
_fdopen
_close

netapi32

NetApiBufferFree
NetShareEnum

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateBindCtx
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetFileInfoW
SHGetKnownFolderIDList
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetStockIconInfo
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW

user32

AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginPaint
CallNextHookEx
ChangeClipboardChain
ChangeWindowMessageFilterEx
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CloseTouchInputHandle
CreateCaret
CreateCursor
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
EnableMenuItem
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumWindows
FindWindowA
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMenuItemInfoW
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetQueueStatus
GetShellWindow
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetUserObjectInformationW
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuW
InvalidateRect
IsChild
IsHungAppWindow
IsIconic
IsTouchWindow
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostThreadMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterTouchWindow
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UnregisterTouchWindow
UpdateLayeredWindow
UpdateLayeredWindowIndirect
WindowFromPoint

userenv

GetUserProfileDirectoryW

uxtheme

CloseThemeData
DrawThemeBackgroundEx
GetCurrentThemeName
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeEnumValue
GetThemeInt
GetThemeMargins
GetThemePartSize
GetThemePropertyOrigin
GetThemeTransitionDuration
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
OpenThemeData
SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

mixerGetControlDetailsW
mixerGetID
mixerGetLineControlsW
mixerGetLineInfoW
mixerSetControlDetails
timeBeginPeriod
timeEndPeriod
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsW
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsW
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSAConnect
WSAGetLastError
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 18.6MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 887KB - Virtual size: 887KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa6dd6a2a044addec4daf09eff639ca5

Headers

File Characteristics

Imports

advapi32

crypt32

d3d9

dwmapi

dxva2

evr

gdi32

imm32

iphlpapi

kernel32

mf

mfplat

msvcrt

netapi32

ole32

oleaut32

shell32

user32

userenv

uxtheme

version

winmm

ws2_32

wtsapi32

Sections

.text Size: 18.6MB - Virtual size: 18.5MB

.data Size: 149KB - Virtual size: 148KB

.rdata Size: 5.0MB - Virtual size: 5.0MB

.qtmetad Size: 2KB - Virtual size: 2KB

.pdata Size: 789KB - Virtual size: 789KB

.xdata Size: 887KB - Virtual size: 887KB

.bss Size: - Virtual size: 55KB

.idata Size: 29KB - Virtual size: 28KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 201KB - Virtual size: 200KB

.text
Size: 18.6MB - Virtual size: 18.5MB

.data
Size: 149KB - Virtual size: 148KB

.rdata
Size: 5.0MB - Virtual size: 5.0MB

.qtmetad
Size: 2KB - Virtual size: 2KB

.pdata
Size: 789KB - Virtual size: 789KB

.xdata
Size: 887KB - Virtual size: 887KB

.bss
Size: - Virtual size: 55KB

.idata
Size: 29KB - Virtual size: 28KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 201KB - Virtual size: 200KB