2024-05-27_9e73466b7412f74f180b852e925eaec7_polyvice

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-27_9e73466b7412f74f180b852e925eaec7_polyvice
Size

7.1MB
MD5

9e73466b7412f74f180b852e925eaec7
SHA1

0a12dd8fba02f31df973dced1fd7c307b92597c6
SHA256

52e113bc9f0b0a808deb57ba9e45524d530f372de92f335ddb3a50fc04ad136d
SHA512

b274e5d22ae5f1b6d7b2b0e044bf0a45d4a0010286b12de25f1dc43e9fec9bb3ead77f967c8d0720fc2235b90fffa854fbbac6191ea08a47e5f34daf2576a816
SSDEEP

49152:k8cBysqrHPhPrNxswlm3pEg1/G1L79CRvOhAniBxQY2aNb60tsYqtgesXXgHnrGU:VjtNA1/cLFpQCHgHSKvYqQp2nQz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-27_9e73466b7412f74f180b852e925eaec7_polyvice

Files

2024-05-27_9e73466b7412f74f180b852e925eaec7_polyvice
.exe windows:4 windows x64 arch:x64

aa03892529d527016d1b648bb91ebf20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\projects\citra\head-mingw\citra.pdb

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CopyFileW
CreateDirectoryW
CreateMutexA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
LocalFree
MoveFileExA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetConsoleTextAttribute
SetConsoleWindowInfo
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argv
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chsize
_close
_errno
_filelengthi64
_fileno
_findclose
_findfirst64
_findnext64
_fmode
_fullpath
_getpid
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_open
_read
_setjmp
_stat64
_strdup
_stricmp
_strnicmp
_time64
_unlock
_vscprintf
_vsnprintf
_wchdir
_wfopen_s
_wgetcwd
_wrename
_write
_write
_wstat64
abort
atoi
calloc
clock
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
puts
qsort
realloc
signal
sscanf
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
tolower
toupper
ungetc
vfprintf
wcslen
wcstombs

ole32

CoTaskMemFree

libwinpthread-1

nanosleep
pthread_cond_timedwait
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_once
sched_yield

shell32

CommandLineToArgvW
SHGetKnownFolderPath

user32

GetForegroundWindow
SetActiveWindow
SetFocus
SetForegroundWindow
ShowWindow

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSAPoll
WSARecvFrom
WSASendTo
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

libgcc_s_seh-1

_Unwind_Resume
__emutls_get_address
__popcountdi2
__udivti3
__umodti3

libstdc++-6

_ZNKSt11logic_error4whatEv
_ZNKSt13runtime_error4whatEv
_ZNKSt25__codecvt_utf8_utf16_baseIDsE10do_unshiftERiPcS2_RS2_
_ZNKSt25__codecvt_utf8_utf16_baseIDsE11do_encodingEv
_ZNKSt25__codecvt_utf8_utf16_baseIDsE13do_max_lengthEv
_ZNKSt25__codecvt_utf8_utf16_baseIDsE16do_always_noconvEv
_ZNKSt25__codecvt_utf8_utf16_baseIDsE5do_inERiPKcS3_RS3_PDsS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIDsE6do_outERiPKDsS3_RS3_PcS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIDsE9do_lengthERiPKcS3_y
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt8__detail20_Prime_rehash_policy11_M_next_bktEy
_ZNKSt8__detail20_Prime_rehash_policy14_M_need_rehashEyyy
_ZNKSt8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE3putES3_RSt8ios_basecPK2tmPKcSB_
_ZNKSt9type_infoeqERKS_
_ZNSi10_M_extractIlEERSiRT_
_ZNSi4readEPcx
_ZNSi5seekgESt4fposIiE
_ZNSi5seekgExSt12_Ios_Seekdir
_ZNSi5tellgEv
_ZNSi7putbackEc
_ZNSo3putEc
_ZNSo5flushEv
_ZNSo5writeEPKcx
_ZNSo6sentryC1ERSo
_ZNSo6sentryD1Ev
_ZNSo9_M_insertImEERSoT_
_ZNSolsEi
_ZNSt11logic_errorC2EPKc
_ZNSt11logic_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt11logic_errorC2ERKS_
_ZNSt11logic_errorD2Ev
_ZNSt11regex_errorD1Ev
_ZNSt12__basic_fileIcED1Ev
_ZNSt12bad_weak_ptrD1Ev
_ZNSt12future_errorD1Ev
_ZNSt12length_errorC1EPKc
_ZNSt12length_errorD1Ev
_ZNSt12out_of_rangeC1EPKc
_ZNSt12out_of_rangeD1Ev
_ZNSt13__future_base12_Result_baseC2Ev
_ZNSt13__future_base12_Result_baseD2Ev
_ZNSt13__future_base13_State_baseV211_Make_ready6_M_setEv
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13random_device14_M_init_pretr1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13random_device16_M_getval_pretr1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt13runtime_errorD2Ev
_ZNSt13runtime_erroraSERKS_
_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt15__exception_ptr13exception_ptr4swapERS0_
_ZNSt15__exception_ptr13exception_ptrC1EPv
_ZNSt15__exception_ptr13exception_ptrC1ERKS0_
_ZNSt15__exception_ptr13exception_ptrD1Ev
_ZNSt15__exception_ptreqERKNS_13exception_ptrES2_
_ZNSt15basic_streambufIcSt11char_traitsIcEE4syncEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE5imbueERKSt6locale
_ZNSt15basic_streambufIcSt11char_traitsIcEE5uflowEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE6setbufEPcx
_ZNSt15basic_streambufIcSt11char_traitsIcEE6xsgetnEPcx
_ZNSt15basic_streambufIcSt11char_traitsIcEE7seekoffExSt12_Ios_SeekdirSt13_Ios_Openmode
_ZNSt15basic_streambufIcSt11char_traitsIcEE7seekposESt4fposIiESt13_Ios_Openmode
_ZNSt15basic_streambufIcSt11char_traitsIcEE9pbackfailEi
_ZNSt15basic_streambufIcSt11char_traitsIcEE9showmanycEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE9underflowEv
_ZNSt16invalid_argumentC1EPKc
_ZNSt16invalid_argumentD1Ev
_ZNSt18condition_variable10notify_allEv
_ZNSt18condition_variable10notify_oneEv
_ZNSt18condition_variable4waitERSt11unique_lockISt5mutexE
_ZNSt18condition_variableC1Ev
_ZNSt18condition_variableD1Ev
_ZNSt25__codecvt_utf8_utf16_baseIDsED2Ev
_ZNSt3_V216generic_categoryEv
_ZNSt5ctypeIcE2idE
_ZNSt6chrono3_V212steady_clock3nowEv
_ZNSt6chrono3_V212system_clock3nowEv
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt6thread15_M_start_threadESt10unique_ptrINS_6_StateESt14default_deleteIS1_EEPFvvE
_ZNSt6thread20hardware_concurrencyEv
_ZNSt6thread4joinEv
_ZNSt6thread6_StateD2Ev
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcyy
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8__detail15_List_node_base7_M_hookEPS0_
_ZNSt8__detail15_List_node_base9_M_unhookEv
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9bad_allocD1Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD1Ev
_ZNSt9exceptionD2Ev
_ZSt11_Hash_bytesPKvyy
_ZSt15future_categoryv
_ZSt15set_new_handlerPFvvE
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt17current_exceptionv
_ZSt17rethrow_exceptionNSt15__exception_ptr13exception_ptrE
_ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt18uncaught_exceptionv
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_range_errorPKc
_ZSt19__throw_regex_errorNSt15regex_constants10error_typeE
_ZSt19uncaught_exceptionsv
_ZSt20__throw_future_errori
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt20__throw_system_errori
_ZSt24__throw_invalid_argumentPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt2wsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_
_ZSt3cin
_ZSt4cout
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt7nothrow
_ZSt9terminatev
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx118numpunctIcEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx118numpunctIwEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZSt9use_facetISt8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEEERKT_RKSt6locale
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStrsIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EE
_ZTIPKc
_ZTIPKh
_ZTIPKi
_ZTIPh
_ZTISt15basic_streambufIcSt11char_traitsIcEE
_ZTIb
_ZTIh
_ZTIi
_ZTIj
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTTSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv116__enum_type_infoE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv119__pointer_type_infoE
_ZTVN10__cxxabiv120__function_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_ostringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSo
_ZTVSt11regex_error
_ZTVSt12bad_weak_ptr
_ZTVSt12future_error
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt14basic_ofstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9bad_alloc
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZTVSt9exception
_ZdaPv
_ZdlPv
_ZdlPvRKSt9nothrow_t
_ZdlPvy
_Znay
_Znwy
_ZnwyRKSt9nothrow_t
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_init_primary_exception
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__dynamic_cast
__emutls_v._ZSt11__once_call
__emutls_v._ZSt15__once_callable
__gxx_personality_seh0
__once_proxy

sdl2

SDL_CloseAudioDevice
SDL_CreateWindow
SDL_GL_CreateContext
SDL_GL_DeleteContext
SDL_GL_GetProcAddress
SDL_GL_MakeCurrent
SDL_GL_SetAttribute
SDL_GL_SetSwapInterval
SDL_GL_SwapWindow
SDL_GetAudioDeviceName
SDL_GetError
SDL_GetNumAudioDevices
SDL_GetWindowSize
SDL_Init
SDL_JoystickClose
SDL_JoystickGetAxis
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickInstanceID
SDL_JoystickOpen
SDL_JoystickUpdate
SDL_LockAudioDevice
SDL_NumJoysticks
SDL_OpenAudioDevice
SDL_PauseAudioDevice
SDL_PollEvent
SDL_PumpEvents
SDL_Quit
SDL_QuitSubSystem
SDL_SetMainReady
SDL_SetWindowMinimumSize
SDL_UnlockAudioDevice
SDL_memset

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 136.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug
Size: 91B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa03892529d527016d1b648bb91ebf20

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

libwinpthread-1

shell32

user32

winmm

ws2_32

libgcc_s_seh-1

libstdc++-6

sdl2

Exports

Exports

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.data Size: 47KB - Virtual size: 46KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.pdata Size: 191KB - Virtual size: 190KB

.xdata Size: 300KB - Virtual size: 300KB

.bss Size: - Virtual size: 136.0MB

.edata Size: 512B - Virtual size: 80B

.idata Size: 22KB - Virtual size: 22KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 364KB - Virtual size: 364KB

.reloc Size: 59KB - Virtual size: 59KB

.debug Size: 91B - Virtual size: 512B

.text
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 47KB - Virtual size: 46KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.pdata
Size: 191KB - Virtual size: 190KB

.xdata
Size: 300KB - Virtual size: 300KB

.bss
Size: - Virtual size: 136.0MB

.edata
Size: 512B - Virtual size: 80B

.idata
Size: 22KB - Virtual size: 22KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 364KB - Virtual size: 364KB

.reloc
Size: 59KB - Virtual size: 59KB

.debug
Size: 91B - Virtual size: 512B