QQSnapShot[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

QQSnapShot.exe
Size

779KB
MD5

0c66c38c9c72eaa6883f98817603532e
SHA1

b05a09610a596ef22a88610c980c740de9d89735
SHA256

f4df75359225627765f8869caca884953f12d444896107f27bab4339dd7ce787
SHA512

d60bfcb3abb2d430d576a56d70e0b400cc7fbc696d1b570f1bcc28887a69ab0ab539858852307a482839682cad34aad158bfc511f53a9a953dd233e3fa75eacf
SSDEEP

12288:IshvZXWz/6bkn/QZ8ZAQlGrM1cTGQaoRUZ1wJpZCK:I0vZG5mzMaTGilJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
QQSnapShot.exe

Files

QQSnapShot.exe
.exe windows:5 windows x86 arch:x86

28cfd3883f961df6b282a1e929d823e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\QShuru\release_line\client\Release\SnapShot.pdb

Imports

kernel32

OutputDebugStringW
GetCommandLineW
OpenProcess
Sleep
MapViewOfFileEx
FlushInstructionCache
VirtualAlloc
VirtualFree
InterlockedDecrement
MulDiv
GetCPInfo
WideCharToMultiByte
ExitProcess
lstrlenA
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryExW
SetFilePointerEx
OpenMutexW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
GetStringTypeW
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateMutexW
ProcessIdToSessionId
LocalFree
WriteFile
GetFileSize
MultiByteToWideChar
IsBadReadPtr
DeleteFileW
GetTempFileNameW
GetTempPathW
GetSystemDirectoryW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetVersionExW
CreateFileW
SetFilePointer
ReadFile
GetCurrentThreadId
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetTickCount
SystemTimeToFileTime
GetLocalTime
CloseHandle
InterlockedIncrement
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileAttributesW
OutputDebugStringA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
GetVersion
ReadConsoleW
GetProcAddress

user32

SetWindowsHookExW
InflateRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetForegroundWindow
DrawTextW
EndMenu
TrackPopupMenu
DeleteMenu
InsertMenuW
GetMenuItemCount
GetSubMenu
DestroyMenu
LoadMenuW
UnhookWindowsHookEx
ReleaseCapture
SetCapture
EmptyClipboard
SetClipboardData
CloseClipboard
SendInput
GetForegroundWindow
GetWindowThreadProcessId
IsWindowUnicode
GetWindowLongA
SendMessageW
CallWindowProcW
SetWindowPos
IsWindowEnabled
SetWindowLongA
UnregisterClassW
CallNextHookEx
SetPropW
EnableWindow
GetMessageExtraInfo
RegisterClassExW
GetClassInfoExW
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
LoadImageW
GetSystemMetrics
GetDC
ReleaseDC
FillRect
GetDesktopWindow
GetPropW
SetCursor
OffsetRect
UpdateLayeredWindow
UpdateWindow
OpenClipboard
BringWindowToTop
SetWindowPlacement
MoveWindow
GetClassInfoW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadBitmapW
FrameRect
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
KillTimer
SetTimer
GetFocus
SetFocus
SendDlgItemMessageW
GetDlgItem
IsWindowVisible
ShowWindow
CreateWindowExW
PostMessageW
EnumDisplayMonitors
SystemParametersInfoW
GetWindow
MapWindowPoints
EndDialog
CreateDialogParamW
DestroyWindow
GetMonitorInfoW
MonitorFromPoint
IsWindow
LoadCursorW

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
RealizePalette
SelectObject
StretchBlt
GetObjectW
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
LineTo
MoveToEx
Rectangle
CreateFontIndirectW
Ellipse
GetPixel
GetStockObject
SetBkMode
SetPixelV
SetROP2
SetStretchBltMode
SetTextColor
Polygon
GetDeviceCaps
PatBlt
CreateDIBSection
GetDIBits

advapi32

BuildExplicitAccessWithNameW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
ConvertSidToStringSidW
RegSetValueExW
RegDeleteValueW
LookupAccountNameW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW

shlwapi

PathFindExtensionW
PathFileExistsW
PathFindFileNameW

msimg32

AlphaBlend

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28cfd3883f961df6b282a1e929d823e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msimg32

wtsapi32

Sections

.text Size: 399KB - Virtual size: 399KB

.rdata Size: 179KB - Virtual size: 178KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 145KB - Virtual size: 148KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 399KB - Virtual size: 399KB

.rdata
Size: 179KB - Virtual size: 178KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 145KB - Virtual size: 148KB

.reloc
Size: 39KB - Virtual size: 38KB