privateloader | 2024-05-07_f15e6d4abc9ebb9e9a4297c081278214_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-07_f15e6d4abc9ebb9e9a4297c081278214_polyvice
Size

59.6MB
MD5

f15e6d4abc9ebb9e9a4297c081278214
SHA1

9083c162d3e76e0f8c560c2df5f7d412c4b9e698
SHA256

7c7c646ea59b6248768a0e6cc7ce9e3974100401c3abfb61154551f9f4fc4c39
SHA512

cf55b2ef694f1649314830de942134edb0d0e5a15fc9d0e29dd03fd19871cfd07813e4a16549bb2b735b1be5ed62aa35623a400ff80673b78037b87c29a25f97
SSDEEP

393216:5ZCfUxbaC5F70HY70S6o5VUR/C1p9tFher3EzAeMvjwp3Pu+RRRycccMcccocccs:5ZCfGbaC5F7oY7N6o58Up9tmbvGGhvJ

Score

10^/10

privateloader

Malware Config

Signatures

Privateloader family
privateloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-07_f15e6d4abc9ebb9e9a4297c081278214_polyvice

Files

2024-05-07_f15e6d4abc9ebb9e9a4297c081278214_polyvice
.exe windows:4 windows x64 arch:x64

e866b22e5ad85131668df3f928ed2437

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AllocateAndInitializeSid
BuildTrusteeWithSidW
CloseServiceHandle
CopySid
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
DuplicateToken
FreeSid
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
LookupAccountSidW
MapGenericMask
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetValueA
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
StartServiceW
SystemFunction036

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertFindCertificateInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertOpenSystemStoreW

d3d11

D3D11CreateDevice

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

dxgi

CreateDXGIFactory1

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetBitmapBits
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetPixelFormat
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetLayout
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
SwapBuffers

imm32

ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetNetworkParams

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIoEx
CheckRemoteDebuggerPresent
CloseHandle
CompareStringEx
CompareStringW
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiberEx
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateNamedPipeW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
DeleteFileW
DeleteTimerQueueTimer
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineW
GetConsoleMode
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessId
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
HeapReAlloc
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDBCSLeadByteEx
IsDebuggerPresent
K32GetProcessMemoryInfo
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReadConsoleA
ReadConsoleW
ReadFile
ReadFileEx
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepEx
SuspendThread
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
WriteFileEx
__C_specific_handler
lstrcmpW
lstrlenW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_commode
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_findclose
_findfirst64
_findnext64
_fmode
_fstat64
_ftime64
_fullpath
_get_osfhandle
_getdrive
_gmtime64
_hypot
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_open_osfhandle
_pclose
_pipe
_popen
_read
_setjmp
_setmode
_snwprintf
_stat64
_strdup
_strnicmp
_vsnwprintf
_time64
_tzset
_ultoa
_unlock
_vscprintf
_vsnprintf
_waccess
_wassert
_wchmod
_wfopen
_wgetdcwd
_wgetenv_s
_write
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isalpha
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
log10
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
puts
putwc
qsort
raise
rand
realloc
remove
rewind
setbuf
setlocale
setvbuf
signal
sinh
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtok
strtol
strtoul
strxfrm
swprintf_s
system
tan
tanh
tmpfile
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcsstr
wcstombs
wcsxfrm
_tzname
_timezone
longjmp
_write
_unlink
_stricmp
_strdup
_setmode
_rmdir
_read
_putenv
_open
_mkdir
_lseek
_getpid
_fileno
_fdopen
_close
_access

netapi32

NetApiBufferFree
NetShareEnum

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString

shell32

CommandLineToArgvW
ILFree
SHBrowseForFolderW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHFileOperationW
SHGetFileInfoW
SHGetFolderPathW
SHGetKnownFolderIDList
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetStockIconInfo
SHParseDisplayName
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW

user32

AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginPaint
ChangeClipboardChain
ChangeWindowMessageFilterEx
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CloseTouchInputHandle
CreateCaret
CreateCursor
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
EnableMenuItem
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumWindows
FindWindowA
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMenuItemInfoW
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetUserObjectInformationW
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuW
InvalidateRect
IsChild
IsHungAppWindow
IsIconic
IsTouchWindow
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostThreadMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterPowerSettingNotification
RegisterTouchWindow
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowCaret
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
UnregisterTouchWindow
UpdateLayeredWindow
UpdateLayeredWindowIndirect
WindowFromPoint

userenv

GetUserProfileDirectoryW

uxtheme

CloseThemeData
DrawThemeBackgroundEx
GetCurrentThemeName
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeEnumValue
GetThemeInt
GetThemeMargins
GetThemePartSize
GetThemePropertyOrigin
GetThemeTransitionDuration
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
OpenThemeData
SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

PlaySoundW
timeKillEvent
timeSetEvent

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSAConnect
WSAGetLastError
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

qt_qmlDebugClearBuffer
qt_qmlDebugConnectionBlocker
qt_qmlDebugConnectorOpen
qt_qmlDebugDisableService
qt_qmlDebugEnableService
qt_qmlDebugMessageAvailable
qt_qmlDebugMessageBuffer
qt_qmlDebugMessageLength
qt_qmlDebugObjectAvailable
qt_qmlDebugSendDataToService
qt_qmlDebugSetStreamVersion

Sections

.text
Size: 30.9MB - Virtual size: 30.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24.3MB - Virtual size: 24.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 9KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e866b22e5ad85131668df3f928ed2437

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

d3d11

dwmapi

dxgi

gdi32

imm32

iphlpapi

kernel32

msvcrt

netapi32

ole32

oleaut32

shell32

user32

userenv

uxtheme

version

winmm

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: 30.9MB - Virtual size: 30.9MB

.data Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 24.3MB - Virtual size: 24.3MB

.qtmetad Size: 9KB - Virtual size: 5KB

.qtmimed Size: 236KB - Virtual size: 236KB

.pdata Size: 1.1MB - Virtual size: 1.1MB

.xdata Size: 1.3MB - Virtual size: 1.3MB

.bss Size: - Virtual size: 35KB

.edata Size: 512B - Virtual size: 464B

.idata Size: 31KB - Virtual size: 30KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 236KB - Virtual size: 235KB

.text
Size: 30.9MB - Virtual size: 30.9MB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 24.3MB - Virtual size: 24.3MB

.qtmetad
Size: 9KB - Virtual size: 5KB

.qtmimed
Size: 236KB - Virtual size: 236KB

.pdata
Size: 1.1MB - Virtual size: 1.1MB

.xdata
Size: 1.3MB - Virtual size: 1.3MB

.bss
Size: - Virtual size: 35KB

.edata
Size: 512B - Virtual size: 464B

.idata
Size: 31KB - Virtual size: 30KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 236KB - Virtual size: 235KB