S2K-Patched[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

S2K-Patched.exe
Size

2.1MB
MD5

9e108bacdb9ce9dd7918d6f7bdc4d450
SHA1

729dc725af3197decfd0812edc5cb60a8fcc1a26
SHA256

f9376892e7d6855f54d4e6d3498fc4d05d93a6e953222027c04c13aa217e2c24
SHA512

721a7313657957e9319bd7a3ddcba119685a66ac773d8857d662fac53e2890900fdf5c38285a8565c78fe2617080618032d1f36f1eddb32c1be312d0a9a154b1
SSDEEP

49152:Za3Pu5BmsT4SArDye1I0s9qQkniaplqYbA:Za3KB1sSxwplqYb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
S2K-Patched.exe

Files

S2K-Patched.exe
.exe windows:6 windows x64 arch:x64

dd96190995433595f6acf200857e92ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\C++ Project\FIX 199x\examples\1999X\Release\svchost.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

kernel32

CreateFileW
GetLastError
CloseHandle
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
Process32First
GetCurrentProcess
GetVolumeInformationA
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetTickCount64
Process32Next
IsDebuggerPresent
ReadProcessMemory
VirtualQueryEx
PeekNamedPipe
GetFileSizeEx
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
WriteFile
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
FindClose
FindFirstFileW
GetFileAttributesExW
AreFileApisANSI
GetModuleHandleW
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ReadFile
QueryPerformanceCounter
FreeLibrary
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
CreateFileA
SetLastError
GetSystemTimeAsFileTime
GetStartupInfoW
InitializeSListHead
GetCurrentThreadId

user32

GetClipboardData
EmptyClipboard
CloseClipboard
SetClipboardData
MoveWindow
OpenClipboard
PostQuitMessage
DefWindowProcW
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
SetWindowRgn
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
GetKeyboardLayout
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetMessageExtraInfo
GetKeyState
GetAsyncKeyState
UpdateWindow
CreateWindowExW
GetSystemMetrics
UnregisterClassW
RegisterClassExW
GetWindowLongPtrA
PeekMessageA
LoadIconA
TranslateMessage
SetLayeredWindowAttributes
FindWindowA
MessageBoxA
SetWindowDisplayAffinity
ShowWindow
GetActiveWindow
SetWindowLongPtrA

gdi32

CreateRoundRectRgn

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW

msvcp140

_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Mtx_unlock
_Cnd_broadcast
_Mtx_lock
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?uncaught_exceptions@std@@YAHXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Strcoll
_Strxfrm
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?id@?$collate@D@std@@2V0locale@2@A
_Cnd_timedwait
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Query_perf_frequency
_Cnd_init_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

dwmapi

DwmExtendFrameIntoClientArea

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

ntdll

ZwReadVirtualMemory
ZwProtectVirtualMemory
ZwWriteVirtualMemory
NtRaiseHardError
RtlAdjustPrivilege
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ws2_32

getsockname
__WSAFDIsSet
closesocket
getnameinfo
connect
freeaddrinfo
ioctlsocket
getaddrinfo
WSASocketW
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
getpeername
getsockopt
setsockopt
send
select
ntohs
recv

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_purecall
strchr
__std_type_info_compare
__std_type_info_name
_CxxThrowException
memcmp
__C_specific_handler
__current_exception
__current_exception_context
__intrinsic_setjmp
memchr
memset
memmove
memcpy
longjmp
strrchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fwrite
_wfopen
fseek
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
fclose
fflush
__stdio_common_vswprintf
__acrt_iob_func
ftell
__p__commode
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
_set_fmode
fgetc
__stdio_common_vsprintf_s
__stdio_common_vfprintf
fputc

api-ms-win-crt-utility-l1-1-0

qsort
_byteswap_ulong
rand

api-ms-win-crt-string-l1-1-0

strcmp
_stricmp
strcpy_s
strncmp
strlen
isdigit
tolower
strncpy

api-ms-win-crt-heap-l1-1-0

free
_aligned_malloc
malloc
realloc
_set_new_mode
_callnewh
_aligned_free

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_errno
_c_exit
_register_thread_local_exe_atexit_callback
abort
terminate
_invalid_parameter_noinfo
_beginthreadex
_invalid_parameter_noinfo_noreturn
_wassert
exit
_initialize_narrow_environment

api-ms-win-crt-convert-l1-1-0

strtoll
strtof
strtoull
atof
strtoul
strtod
strtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

sinf
_dtest
_dsign
sqrtf
powf
acosf
ceilf
cosf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func
localeconv

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 689KB - Virtual size: 915KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd96190995433595f6acf200857e92ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_43

kernel32

user32

gdi32

advapi32

msvcp140

imm32

dwmapi

d3dx11_43

ntdll

ws2_32

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 343KB - Virtual size: 342KB

.data Size: 689KB - Virtual size: 915KB

.pdata Size: 53KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 343KB - Virtual size: 342KB

.data
Size: 689KB - Virtual size: 915KB

.pdata
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB