PolarZ[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PolarZ.dll
Size

2.2MB
MD5

1354771131052195620da761fc562675
SHA1

9956c18cecb6cb5c5fdffb19a22f950f4fe29d52
SHA256

dd64b560c1782039e420d2d22d51c77769d58bbf2326c0fb63c810cd4ab1a287
SHA512

704d7d9c16cec9b7a828aca600520567b76c78ee57eeeb3271fcfa917fa7705f3168e850f3f542123a189d421d3f703a4ef551231ab32bd00e1805a1ebd41372
SSDEEP

49152:bRAv//AGqXi0dCkqKOjZIm/wsuA2eFfUxwgo8+q1g8r0JNaSyETyd:bRAv//AGxcmt/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PolarZ.dll

Files

PolarZ.dll
.dll windows x64

e255673f819d9075c9207fe1c688db4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
GetCurrentProcess
FreeLibraryAndExitThread
GetModuleHandleA
OpenProcess
Sleep
CreateFileA
FileTimeToSystemTime
QueryPerformanceFrequency
GlobalAlloc
GlobalFree
CloseHandle
K32GetModuleInformation
CreateThread
GetProcAddress
GlobalLock
GetCurrentProcessId
GetModuleHandleW
QueryPerformanceCounter
GlobalUnlock
VirtualQueryEx
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
GetSystemInfo
FormatMessageA
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
GetProcessHeap
FreeLibrary
LocalFree

user32

EmptyClipboard
GetWindowTextA
CloseClipboard
SetClipboardData
GetForegroundWindow
OpenClipboard

msvcp140

?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
_Xtime_get_ticks
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z

wininet

InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
__vcrt_GetModuleFileNameW
memset
memcpy
__std_exception_copy
__std_exception_destroy
__vcrt_LoadLibraryExW
memmove
memcmp
memchr
__C_specific_handler_noexcept
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_fseeki64
fclose
ungetc
fflush
fwrite
fread
fsetpos
fputc
fgetpos
setvbuf
fgetc
__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_execute_onexit_table
_register_onexit_function
abort
_initialize_onexit_table
_errno
_initialize_narrow_environment
_cexit
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
terminate
system
_seh_filter_dll
_crt_atexit

api-ms-win-crt-string-l1-1-0

tolower
toupper
strcpy_s
strcat_s

api-ms-win-crt-math-l1-1-0

_dsign
ceilf
cos
atan2f
cosf
asinf
floorf
fmodf
pow
sinf
_dclass
sqrtf

api-ms-win-crt-convert-l1-1-0

strtol
strtoll
strtod
strtoull

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_stat64i32
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

api-ms-win-crt-environment-l1-1-0

getenv

vcruntime140_1

__CxxFrameHandler4

Sections

.text
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e255673f819d9075c9207fe1c688db4f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

wininet

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

vcruntime140_1

Sections

.text Size: 735KB - Virtual size: 735KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 4KB - Virtual size: 14KB

.pdata Size: 22KB - Virtual size: 21KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 735KB - Virtual size: 735KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 4KB - Virtual size: 14KB

.pdata
Size: 22KB - Virtual size: 21KB

.reloc
Size: 6KB - Virtual size: 6KB