Solara[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Solara.dll
Size

985KB
MD5

8bc9404bba7520eca7b7251be6756291
SHA1

93dd99a2b072c2be32cb8bedeefac279e0846daf
SHA256

5f862734433875f2fc628f8d1e3eddd05cda785e7b08f6bcc0d06d73d1d1ce0a
SHA512

09efec78dadd45c791ee85a92c3ff06a543813f7337de2a9f43975a8b22b533b662bc2ab7383215c09dc908c42d6b008d1593402d3f13231c956778de2d1b7e6
SSDEEP

24576:/CmSH6CWu2K/qwmFPhG8vhd2NU4K3nUStrAfdVqJQ4LePS3F:/CmSH6CWu2K/qwmLGGdaKEStr4qJQ4LV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Solara.dll

Files

Solara.dll
.dll windows:6 windows x64 arch:x64

3f28a48c59c920d28b96c0d0ca61ca9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libcurl

curl_mime_free
curl_easy_cleanup
curl_easy_init
curl_free
curl_easy_escape
curl_easy_getinfo
curl_easy_perform
curl_easy_setopt
curl_version_info
curl_slist_free_all
curl_slist_append

kernel32

GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQueryEx
K32QueryWorkingSetEx
ReadProcessMemory
GetCurrentProcess
LocalAlloc
LocalFree
CloseHandle
WriteProcessMemory
VirtualAllocEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetExitCodeProcess
Sleep
AllocConsole
IsDebuggerPresent
GetStdHandle
GetLastError
QueryFullProcessImageNameW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
EnterCriticalSection
WakeAllConditionVariable
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
AreFileApisANSI
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
SetConsoleTitleW
SetFileInformationByHandle
GetFileAttributesExW
CopyFileW
GetFileInformationByHandleEx
MultiByteToWideChar

user32

SendMessageA
OpenClipboard
SetClipboardData
CloseClipboard
FindWindowA
MessageBoxA
EmptyClipboard

advapi32

SetSecurityDescriptorDacl
AddAccessDeniedAce
InitializeAcl
FreeSid
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetKernelObjectSecurity

msvcp140

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memcmp
__C_specific_handler
memchr
memmove
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__current_exception
_CxxThrowException
__std_type_info_destroy_list
memset
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

freopen_s
__stdio_common_vsprintf
ungetc
fputc
fflush
__acrt_iob_func
fgetc
fclose
_get_stream_buffer_pointers
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_errno
_invalid_parameter_noinfo
_configure_narrow_argv
_seh_filter_dll
terminate
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_beginthreadex

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-convert-l1-1-0

strtol
strtod
mbstowcs
strtoul
atoi
strtoll
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

tolower
strspn
strcmp
strcpy_s
strnlen

api-ms-win-crt-math-l1-1-0

atan2
ceil
cos
cosh
exp
fmod
log
log10
sin
asin
sqrt
tan
tanh
round
log2
ldexp
pow
atan
floor
sinh
_dsign
_dclass
acos

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

Exports

Exports

executeScript
inject

Sections

.text
Size: 813KB - Virtual size: 812KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f28a48c59c920d28b96c0d0ca61ca9d

Headers

DLL Characteristics

File Characteristics

Imports

libcurl

kernel32

user32

advapi32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 813KB - Virtual size: 812KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 7KB - Virtual size: 9KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 813KB - Virtual size: 812KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 7KB - Virtual size: 9KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 2KB