SnippingTool[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SnippingTool.exe
Size

3.2MB
MD5

0d42e0492585153117f6ecf250ec8993
SHA1

db90a82e8131b24432e8c19c1d9689b12d2fa25e
SHA256

6b7b9973b5c5099626a97cc45b70ba6456ef6615692cde1149fbd06022aa4856
SHA512

06115f1f73be64dbf8aea1af1ea0716a68584c3c5a02168e37ec960d4520482552d8fb41d57709849ffd11e67db16cea7b093df715efb30a919ae6849183a424
SSDEEP

98304:mRTlxL4TsqaA2SRmXUrymuXB2rmaOOaCa2PKCZZNRwtPV3Oy:eTvDqaA2SRmXUrymuXB2rmaOOaCa2PKL

Score

1^/10

Malware Config

Signatures

Files

SnippingTool.exe
.exe windows x64

1e5b697da460222a16d80ac56256b657

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

kernel32

SetEvent
CreateEventExW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
LocalFree
OpenSemaphoreW
WaitForSingleObject
SetLastError
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseMutex
lstrlenA
MultiByteToWideChar
lstrlenW
GlobalFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetSystemDefaultUILanguage
Sleep
CloseHandle
WriteFile
WideCharToMultiByte
CreateFileW
GetModuleFileNameA
HeapFree
GetModuleHandleExW
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
DebugBreak
GetLastError
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
ExpandEnvironmentStringsW
LoadLibraryW
FreeLibrary
GetTempPathW
DeleteFileW
HeapSetInformation
CompareStringA
RegisterApplicationRestart
MulDiv
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceExW

gdi32

CreatePen
CreateSolidBrush
SetLayout
CreateDIBSection
CreateCompatibleBitmap
BitBlt
PatBlt
EndDoc
EndPage
CreateCompatibleDC
StretchBlt
StartPage
SetStretchBltMode
SetBrushOrgEx
StartDocW
DeleteDC
FillRgn
OffsetRgn
CreatePolygonRgn
GetTextMetricsW
SelectClipRgn
GetClipRgn
GetLayout
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
DeleteObject
SelectObject
Rectangle
GetStockObject
CombineRgn
CreateRectRgn
CreateRectRgnIndirect

user32

GetDesktopWindow
IsZoomed
DestroyWindow
RegisterHotKey
AdjustWindowRectExForDpi
CreateWindowExW
LoadStringW
SetWindowTextW
TranslateAcceleratorW
CheckMenuRadioItem
PeekMessageW
DestroyMenu
GetWindowLongW
DestroyIcon
UnregisterHotKey
GetWindowRgnBox
OffsetRect
DrawIconEx
SetClipboardData
GetIconInfo
SetCursor
GetSystemMetricsForDpi
MonitorFromRect
GetMonitorInfoW
CopyRect
EqualRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
LoadMenuW
GetSubMenu
CheckDlgButton
SetFocus
SetThreadDpiAwarenessContext
GetKeyState
GetScrollInfo
SetScrollInfo
SetTimer
KillTimer
GetCursorPos
WindowFromPoint
ScreenToClient
SetCursorPos
MapWindowPoints
LoadIconW
GetProcessDefaultLayout
TrackPopupMenuEx
MonitorFromWindow
SystemParametersInfoW
IsDlgButtonChecked
GetComboBoxInfo
GetClientRect
DrawFocusRect
DrawTextW
InflateRect
FillRect
SendMessageW
EndDialog
GetDlgItem
GetWindowRect
GetCursorInfo
GetDC
OpenIcon
MessageBoxW
LoadImageW
GetSysColor
SetWindowPos
PostMessageW
GetDpiForWindow
GetDpiForSystem
PostQuitMessage
DialogBoxParamW
DispatchMessageW
TranslateMessage
GetMessageW
LoadAcceleratorsW
GetParent
RemoveMenu
GetClassNameW
EmptyClipboard
OpenClipboard
CloseClipboard
SetRect
LogicalToPhysicalPoint
IsIconic
GetWindow
PtInRect
DestroyCursor
UnregisterClassA
EnumDisplayMonitors
IntersectRect
SetPropW
GetPropW
InvalidateRect
UnionRect
ReleaseCapture
SetCapture
EndPaint
BeginPaint
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
RegisterClassW
SetClassLongPtrW
LoadCursorW
ReleaseDC
ShowWindow
IsWindowVisible
FindWindowW
GetSystemMetrics
CallWindowProcW
SetForegroundWindow

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcscspn
wcscmp
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_ceil
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__errno
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__exit
strstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
memcpy
memmove

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
EtwTraceMessage
WinSqmIncrementDWORD
WinSqmIsOptedIn
RtlVirtualUnwind

gdiplus

GdipDrawCachedBitmap
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipSaveImageToStream
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateBitmapFromResource
GdipCreateFromHWND
GdipSetStringFormatTrimming
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipDrawString
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipDeleteStringFormat
GdipDisposeImage
GdipSaveImageToFile
GdipFillEllipseI
GdipSetSmoothingMode
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipCloneImage

comctl32

ImageList_Destroy
ImageList_Create
ord345
ord381
ImageList_Add
InitCommonControlsEx

comdlg32

PrintDlgExW

shlwapi

PathRemoveExtensionW
UrlCreateFromPathW
PathFindExtensionW
PathIsURLW
StrChrW
PathFindFileNameW
ord487

shell32

SHCreateItemInKnownFolder
ShellAboutW
ShellExecuteW
ord75

ole32

CreateStreamOnHGlobal
CoWaitForMultipleHandles
StringFromCLSID
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateGuid

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringLen
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
VarBstrCat
SysAllocStringLen
SysAllocString

uxtheme

GetThemeSysFont
GetThemeSysColor

oleacc

AccessibleObjectFromWindow

dwmapi

DwmGetWindowAttribute

msdrm

DRMIsWindowProtected

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-path-l1-1-0

PathAllocCombine

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-synch-l1-1-0

CreateMutexW
ResetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-heap-l2-1-0

LocalAlloc

ext-ms-win-uxtheme-themes-l1-1-0

GetImmersiveColorFromColorSetEx
ord96
GetImmersiveUserColorSetPreference

api-ms-win-crt-math-l1-1-0

fmodf
floorf

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e5b697da460222a16d80ac56256b657

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

gdiplus

comctl32

comdlg32

shlwapi

shell32

ole32

oleaut32

uxtheme

oleacc

dwmapi

msdrm

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-path-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

ext-ms-win-uxtheme-themes-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 210KB - Virtual size: 209KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 2KB - Virtual size: 12KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 1024B - Virtual size: 672B

.text
Size: 210KB - Virtual size: 209KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 2KB - Virtual size: 12KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 1024B - Virtual size: 672B