privateloader | 2024-05-07_236eea28eed99ba01e00e7644d688fd2_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_236eea28eed99ba01e00e7644d688fd2_polyvice
Size

25.4MB
MD5

236eea28eed99ba01e00e7644d688fd2
SHA1

ac1b75e7960e9f2eaf78a60390a27e9824534e37
SHA256

c09516f5a9ba55bd3cbfa44f0de77a3c49c85bdd72fe64c3c27ce65b5f5931f8
SHA512

fbff3edd78d132ff3fe3eb1f6304c16dabcc15a73da9ec6b5474178288486efe2b8b4477024899c7f698f291ad5352d782ff62134574a93321de78f64d581a3e
SSDEEP

393216:5UmfUkCRaOJ6kB+LDVkAeQdv0dJsv6tWKFdu9C:5UmfHCRaOJ1B+LJZ

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-07_236eea28eed99ba01e00e7644d688fd2_polyvice

Files

2024-05-07_236eea28eed99ba01e00e7644d688fd2_polyvice
.exe windows:4 windows x64 arch:x64

180d3bf9d96ea0a3f3f0a94e7ab92111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AllocateAndInitializeSid
BuildTrusteeWithSidW
CloseServiceHandle
CopySid
CreateServiceW
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
DuplicateToken
FreeSid
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
LookupAccountSidW
MapGenericMask
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetValueA
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
RegisterServiceCtrlHandlerW
ReportEventW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
SystemFunction036

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertOpenSystemStoreW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetBitmapBits
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetPixelFormat
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetLayout
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
SwapBuffers

imm32

ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetNetworkParams

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIoEx
CheckRemoteDebuggerPresent
CloseHandle
CompareStringEx
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeleteTimerQueueTimer
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineW
GetConsoleMode
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenFileMappingW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReadConsoleA
ReadConsoleW
ReadFile
ReadFileEx
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepEx
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
WriteFileEx
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_commode
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_findnext64
_fmode
_fstat64
_ftime64
_fullpath
_get_osfhandle
_getdrive
_gmtime64
_hypot
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_open_osfhandle
_pclose
_pipe
_popen
_read
_setjmp
_setmode
_snwprintf
_stat64
_strdup
_strnicmp
_vsnwprintf
_time64
_tzset
_ultoa
_unlock
_vscprintf
_vsnprintf
_waccess
_wassert
_wchmod
_wfopen
_wgetdcwd
_wgetenv_s
_write
abort
acos
asin
atan
atof
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
log10
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
puts
putwc
qsort
raise
rand
realloc
remove
rewind
setbuf
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtok
strtol
strtoul
strxfrm
system
tan
tmpfile
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsstr
wcstombs
wcsxfrm
_tzname
_timezone
longjmp
_write
_unlink
_stricmp
_strdup
_setmode
_rmdir
_read
_putenv
_open
_mkdir
_lseek
_getpid
_fileno
_fdopen
_close
_access

netapi32

NetApiBufferFree
NetShareEnum

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathW
SHGetKnownFolderIDList
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetStockIconInfo
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW

user32

AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginPaint
ChangeClipboardChain
ChangeWindowMessageFilterEx
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CloseTouchInputHandle
CreateCaret
CreateCursor
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
EnableMenuItem
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumWindows
FindWindowA
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMenuItemInfoW
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetUserObjectInformationW
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuW
InvalidateRect
IsChild
IsHungAppWindow
IsIconic
IsTouchWindow
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostThreadMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterTouchWindow
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowCaret
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UnregisterTouchWindow
UpdateLayeredWindow
UpdateLayeredWindowIndirect
WindowFromPoint

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

PlaySoundW
timeKillEvent
timeSetEvent

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSAConnect
WSAGetLastError
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 17.5MB - Virtual size: 17.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 765KB - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

180d3bf9d96ea0a3f3f0a94e7ab92111

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

dwmapi

gdi32

imm32

iphlpapi

kernel32

msvcrt

netapi32

ole32

oleaut32

shell32

user32

userenv

version

winmm

ws2_32

wtsapi32

Sections

.text Size: 17.5MB - Virtual size: 17.5MB

.data Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 4.9MB - Virtual size: 4.9MB

.qtmetad Size: 4KB - Virtual size: 1KB

.qtmimed Size: 236KB - Virtual size: 236KB

.pdata Size: 566KB - Virtual size: 565KB

.xdata Size: 765KB - Virtual size: 764KB

.bss Size: - Virtual size: 35KB

.idata Size: 29KB - Virtual size: 29KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 87KB - Virtual size: 87KB

.text
Size: 17.5MB - Virtual size: 17.5MB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 4.9MB - Virtual size: 4.9MB

.qtmetad
Size: 4KB - Virtual size: 1KB

.qtmimed
Size: 236KB - Virtual size: 236KB

.pdata
Size: 566KB - Virtual size: 565KB

.xdata
Size: 765KB - Virtual size: 764KB

.bss
Size: - Virtual size: 35KB

.idata
Size: 29KB - Virtual size: 29KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 87KB - Virtual size: 87KB