polcfg[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

polcfg.exe
Size

654KB
MD5

2abc0fd9ed2d25b2754164b4bb89b450
SHA1

8ade3cd532ca94c3941d019efedb63fc11dbcd00
SHA256

152609c104500746633919286a9db31ebb0a97715637db2bbca31e0653a7fb4c
SHA512

3034238a602161554a3c30b46c91e0204ac29d007abfe9b8630f2fa522f17ea8ad0ad83e521cda1409be8a5c3354cf5a9913133791b7689b259782fa03852568
SSDEEP

12288:EYZmUfsjKd6rbR4Q8cO7Kya9kVDokQexsoikZM1Ji3/fHGc5:E2fsWd6axUWVDokrxsoikZcJ6fH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
polcfg.exe

Files

polcfg.exe
.exe windows:4 windows x86 arch:x86

da78cbec20102a3c433dab7bdf90711f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dinput8

DirectInput8Create

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetTimeZoneInformation
ExitProcess
ExitThread
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetVersionExA
lstrcatA
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
GetLastError
ReleaseMutex
GetModuleFileNameA
CreateMutexA
CloseHandle
OpenMutexA
lstrlenA
WaitForSingleObject
CreateProcessA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateEventA
DeleteCriticalSection
GetTickCount
ResumeThread
ResetEvent
TerminateThread
SetEvent
Sleep
InterlockedExchange
MultiByteToWideChar
GetVersion
CompareStringA
WriteFile
WritePrivateProfileStringA
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
CompareStringW
TlsGetValue
LocalAlloc
InterlockedIncrement
GlobalFlags
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetCurrentProcessId
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
MulDiv
GlobalFree
FreeResource
ExpandEnvironmentStringsA
GetExitCodeThread
LoadLibraryExA
CreateThread
SuspendThread
OutputDebugStringA
VirtualFree
GlobalAlloc
GlobalLock
GlobalUnlock
PeekNamedPipe
ReadFile
lstrcpyA
CreatePipe
GetCurrentProcess
DuplicateHandle
GetStdHandle
TerminateProcess
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
GetFileAttributesA
FreeLibrary
GetEnvironmentStrings

user32

ReleaseCapture
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetCapture
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
EndDialog
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
wsprintfA
SetCursor
GetDesktopWindow
GetWindowDC
EnumWindows
IsWindowVisible
DrawFrameControl
SetRect
PeekMessageA
DispatchMessageA
TranslateMessage
GetWindowThreadProcessId
PostMessageA
UnregisterClassA
GetSysColorBrush
DestroyMenu
CharUpperA
SetWindowContextHelpId
MapDialogRect
GetMessageA
GetCursorPos
LoadCursorA
LoadBitmapA
PtInRect
DeleteMenu
GetSystemMetrics
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
FindWindowA
ShowWindow
SetForegroundWindow
MessageBoxA
LoadIconA
GetWindowLongA
GetNextDlgTabItem
ReleaseDC
GetDC
GetWindowRect
OffsetRect
GetSysColor
SendMessageA
GetParent
GetFocus
LockWindowUpdate
InvalidateRect
UpdateWindow
GetClientRect
DrawFocusRect
FillRect
CopyRect
MessageBeep
EnableWindow
KillTimer
SetTimer
ScreenToClient

gdi32

SetMapMode
LineTo
MoveToEx
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateSolidBrush
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetStockObject
ExtTextOutA
CreateFontIndirectA
GetObjectA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetViewportExtEx
GetTextExtentPoint32A

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

comctl32

ImageList_DrawEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
CoUninitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
SysStringLen
SysAllocString
SafeArrayCreate
VariantInit
SafeArrayPutElement
SysFreeString
VariantClear
SafeArrayDestroy

winmm

timeGetTime

wsock32

gethostbyname
WSAStartup
recv
send
shutdown
connect
select
__WSAFDIsSet
getsockopt
recvfrom
sendto
WSAGetLastError
setsockopt
bind
inet_ntoa
htons
htonl
ntohs
ioctlsocket
socket
ntohl
closesocket

ws2_32

WSAIoctl

Sections

.text
Size: - Virtual size: 371KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

POL1
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da78cbec20102a3c433dab7bdf90711f

Headers

File Characteristics

Imports

dinput8

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

winmm

wsock32

ws2_32

Sections

.text Size: - Virtual size: 371KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 48KB - Virtual size: 374KB

.rsrc Size: 262KB - Virtual size: 261KB

POL1 Size: 247KB - Virtual size: 247KB

.text
Size: - Virtual size: 371KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 48KB - Virtual size: 374KB

.rsrc
Size: 262KB - Virtual size: 261KB

POL1
Size: 247KB - Virtual size: 247KB