SolarioPlayerLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SolarioPlayerLauncher.exe
Size

1.9MB
MD5

f837d979fa1b952750c90e73356e5f75
SHA1

f13064bf4a91c7281d1d4a36437fd89fb5dae771
SHA256

9d04aa89dc78273da44a39791ffff2dc3cc747b25e489c4b76cc549790990c2f
SHA512

be853c916f80f703fd9e474334cc0c6c4ead9e52c48ab97f426aaa9c2ec5340e61c0bea54f6cef07cf82d95dcc4a5ceecbb0bac6a5abfc35554e90aab960b496
SSDEEP

49152:cEHBJ6FO+nSpJaFOezo0030n0WlgbfUl:cEHBH/pJaFOeXwf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SolarioPlayerLauncher.exe

Files

SolarioPlayerLauncher.exe
.exe windows:6 windows x86 arch:x86

9f3ca433a9ab74cf8359020550ebb630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

solario_bootstrapper.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

kernel32

GetModuleHandleA
FillConsoleOutputCharacterA
IsProcessorFeaturePresent
SetHandleInformation
GetCurrentThreadId
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
GetSystemTimeAsFileTime
SwitchToThread
TerminateProcess
SetLastError
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFinalPathNameByHandleW
GetSystemDirectoryW
GetWindowsDirectoryW
SetFileCompletionNotificationModes
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlCaptureContext
PostQueuedCompletionStatus
SetConsoleMode
SetConsoleCursorPosition
GetFileInformationByHandleEx
GetFileType
GetConsoleMode
HeapFree
SystemTimeToTzSpecificLocalTime
GetSystemTimePreciseAsFileTime
SystemTimeToFileTime
HeapReAlloc
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
GetQueuedCompletionStatusEx
InitializeSListHead
lstrlenW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
GetStdHandle
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
GetSystemInfo
CloseHandle
FindClose
FindFirstFileW
GetLastError
GetProcAddress
DeleteFileW
CreateIoCompletionPort
CreateProcessW
Sleep
CompareStringOrdinal

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

crypt32

CertOpenStore
CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateStore
CertDuplicateCertificateContext

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

shutdown
WSASend
ioctlsocket
setsockopt
connect
getsockopt
bind
closesocket
getaddrinfo
freeaddrinfo
WSAIoctl
send
WSAStartup
WSACleanup
getsockname
WSAGetLastError
getpeername
recv
WSASocketW

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtCancelIoFileEx
NtWriteFile

secur32

InitializeSecurityContextW
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
QueryContextAttributesW
AcquireCredentialsHandleA
EncryptMessage
AcceptSecurityContext
ApplyControlToken

vcruntime140

__CxxFrameHandler3
memcpy
__current_exception
memset
memmove
memcmp
_CxxThrowException
_except_handler4_common
__current_exception_context

api-ms-win-crt-math-l1-1-0

pow
truncf
ceil
__setusermatherr
trunc
round

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

_rotl64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
__p___argc
__p___argv
_cexit
_initterm
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
_set_app_type
terminate
_c_exit
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f3ca433a9ab74cf8359020550ebb630

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

advapi32

crypt32

shell32

ole32

ws2_32

ntdll

secur32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 605KB - Virtual size: 605KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 42KB - Virtual size: 41KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 605KB - Virtual size: 605KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 42KB - Virtual size: 41KB