Polar[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Polar.zip
Size

462KB
MD5

2d3d80f1d926399ffbf2c2923875bd7f
SHA1

8ee71de3deaa696a56cce8dd621a47f61cd317df
SHA256

bdf585178c8d49cda8c2ee68e821953fa9580d5288688f6698083cd8f5bd1aad
SHA512

f7adfd821938112cd22ba5e1b1fe8154cb5401fed2875ec0ceb098f3582353f1f608be452411f4a9ad9dc9e747ec7ed2ca2cbe6e9126ba6ace2a0955f16db2e4
SSDEEP

6144:4z0oq4VJM+yVKIyp403BgcZ/4cIDBI/yfe9KGFiGKKcbQKH+cnfKBCvDysKsgipi:Lo7iB2fTKpHJfKovOs2gX+

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/polar/polar.exe
unpack001/polar/polargui.exe

Files

Polar.zip
.zip
polar/README.txt
polar/config/settings.json
polar/polar.exe
.exe windows:5 windows x86 arch:x86

9ff9e9f6ab5caab780768df74f57d5d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
inet_addr
WSACleanup
gethostname
WSAStartup

winmm

mixerGetLineInfoA
mixerGetDevCapsA
mixerOpen
mciSendStringA
joyGetPosEx
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
waveOutGetVolume
mixerClose
waveOutSetVolume
joyGetDevCapsA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ImageList_Create
ord6
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleBaseNameA
GetModuleFileNameExA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFileExA
InternetReadFile

kernel32

DeleteCriticalSection
GetModuleFileNameA
GetSystemTimeAsFileTime
FindResourceA
SizeofResource
LoadResource
LockResource
GetFullPathNameA
GetShortPathNameA
FindFirstFileA
FindNextFileA
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableA
Beep
MoveFileA
OutputDebugStringA
CreateProcessA
GetFileAttributesA
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableA
GetLocalTime
GetDateFormatA
GetTimeFormatA
GetDiskFreeSpaceExA
SetVolumeLabelA
CreateFileA
DeviceIoControl
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceA
GetCurrentDirectoryA
CreateDirectoryA
ReadFile
GetACP
WriteFile
DeleteFileA
SetFileAttributesA
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
InitializeCriticalSection
GetSystemDefaultUILanguage
GetComputerNameA
GetSystemWindowsDirectoryA
GetTempPathA
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceA
CompareStringA
GetFullPathNameW
RemoveDirectoryA
CopyFileA
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
FormatMessageA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
WritePrivateProfileSectionA
SetEndOfFile
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesA
LoadLibraryExA
GlobalSize
HeapSetInformation
GetCommandLineA
HeapQueryInformation
HeapSize
HeapReAlloc
ExitProcess
GetModuleHandleW
HeapAlloc
HeapFree
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetCPInfo
GetVersionExW
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetLastError
CreateMutexA
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExA
lstrcmpiA
WideCharToMultiByte
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetErrorMode
SetCurrentDirectoryA
Sleep
GetTickCount
MulDiv
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
IsProcessorFeaturePresent
GetStringTypeW
RaiseException
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
SetFilePointer
GetOEMCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetProcessHeap
CreateFileW
GetSystemTime
VirtualQuery

user32

SetWindowTextW
SetDlgItemTextA
MessageBeep
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringA
ExitWindowsEx
SetMenu
FlashWindow
GetPropA
SetPropA
RemovePropA
MapWindowPoints
RedrawWindow
SetParent
SendMessageW
GetClassInfoExA
DefDlgProcA
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongA
CallWindowProcA
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamA
CreateAcceleratorTableA
DestroyAcceleratorTable
InsertMenuItemA
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoA
IsMenu
GetMenuItemInfoA
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuA
DestroyMenu
TrackPopupMenuEx
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxA
GetTopWindow
GetQueueStatus
PostQuitMessage
GetDlgItem
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsA
EnableMenuItem
GetMenu
CreateWindowExA
RegisterClassExA
DestroyIcon
DestroyWindow
GetWindowTextLengthA
MapVirtualKeyA
MapVirtualKeyExA
VkKeyScanExA
GetGUIThreadInfo
GetWindowTextA
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
PostMessageW
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
SendMessageTimeoutA
UnhookWindowsHookEx
SetWindowsHookExA
PostThreadMessageA
IsCharAlphaNumericA
IsCharUpperA
IsCharLowerA
ToAsciiEx
GetKeyboardLayout
CallNextHookEx
CharLowerA
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameA
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageA
FindWindowA
EndDialog
IsWindow
DispatchMessageA
TranslateMessage
ShowWindow
CountClipboardFormats
SendDlgItemMessageA
DialogBoxParamA
SetForegroundWindow
DefWindowProcA
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageA
EnumDisplayMonitors
IsIconic
IsZoomed
LoadImageA
EnumWindows
SetWindowLongA
ScreenToClient
IsDialogMessageA
SendMessageA
IsWindowEnabled
GetWindowLongA
GetKeyState
TranslateAcceleratorA
KillTimer
PeekMessageA
GetFocus
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
ClientToScreen
EnumChildWindows
MoveWindow
GetWindowRect
GetMonitorInfoA
MonitorFromPoint
GetClientRect
SystemParametersInfoA
AdjustWindowRectEx
DrawTextA
SetRect
GetIconInfo
SetWindowTextA
IsWindowVisible
GetClassNameA
GetWindowThreadProcessId
GetForegroundWindow
GetMessageA
SetTimer
GetParent
GetDlgCtrlID
CharUpperA
IsClipboardFormatAvailable
BlockInput
IsCharAlphaA
CheckMenuItem
LoadCursorA

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsA
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExA
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectA
GetTextMetricsA
GetTextFaceA
SelectObject
GetStockObject
CreateDCA
CreateSolidBrush
CreateFontA
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
GetUserNameA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegConnectRegistryA
RegDeleteValueA

shell32

DragQueryPoint
SHEmptyRecycleBinA
SHFileOperationA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathA
ShellExecuteExA
Shell_NotifyIconA
DragFinish
DragQueryFileA
ExtractIconA

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
polar/polargui.exe
.exe windows:4 windows x86 arch:x86

1f2702872592229d2f4cb1162cfbc55b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateMutexA
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindResourceExA
FormatMessageA
GetCommandLineA
GetCurrentDirectoryA
GetCurrentProcess
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GlobalMemoryStatusEx
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadResource
LocalFree
LockResource
MultiByteToWideChar
ReadFile
SetEnvironmentVariableA
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_close
_errno
_findclose
_findfirst
_findnext
_fullpath
_iob
_itoa
_onexit
_open
_read
_setmode
_stat64
_stricmp
abort
atexit
atoi
calloc
fclose
fopen
fprintf
fputc
fputs
free
fwrite
getenv
isspace
localeconv
malloc
mbstowcs
memcpy
printf
puts
realloc
setlocale
signal
strcat
strchr
strcmp
strcoll
strcpy
strlen
strncat
strncpy
strpbrk
strrchr
strstr
strtok
tolower
vfprintf
wcslen
wcstombs

shell32

ShellExecuteA

user32

CreateWindowExA
DispatchMessageA
EnumWindows
FindWindowExA
GetMessageA
GetSystemMetrics
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
KillTimer
LoadImageA
MessageBoxA
PostQuitMessage
SendMessageA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9ff9e9f6ab5caab780768df74f57d5d0

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 608KB - Virtual size: 607KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 33KB

.rsrc Size: 130KB - Virtual size: 130KB

1f2702872592229d2f4cb1162cfbc55b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 40B

.rdata Size: 4KB - Virtual size: 3KB

.eh_fram Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 37KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 112KB - Virtual size: 112KB

.text
Size: 608KB - Virtual size: 607KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 33KB

.rsrc
Size: 130KB - Virtual size: 130KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 40B

.rdata
Size: 4KB - Virtual size: 3KB

.eh_fram
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 37KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 112KB - Virtual size: 112KB