AltSnap[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AltSnap.exe
Size

77KB
MD5

b8823658f70b4409705b6b004b3db3f9
SHA1

8f0d38a08fc9d4c4ea817cec5d12c62856792647
SHA256

1bf1a5cd436be00cc1919be65fbb067e1341c8cdc022fe5268a33db2e9389c5b
SHA512

0a6b75440fcab914a30769ad327f39db9dddabfc5c2e180a60c5b439412e393b43fa4ed72249190de063e451d2a5e448fd6e43d66c4b133274562f8393baba00
SSDEEP

1536:Cjxgg22S3SItnawIT17UQkkqVhXnohQbtk33SXX4rLDob4163YqJw+2:uItHhvXnohQbtk33SXX4rLDob41onw+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AltSnap.exe

Files

AltSnap.exe
.exe windows:4 windows x64 arch:x64

dbc805511e6cf2eff622aedc29daf077

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

comctl32

InitCommonControls
PropertySheetW

gdi32

CreateFontIndirectW
CreatePen
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
Polyline
Rectangle
SelectObject
SetBkMode
SetROP2
SetTextColor

kernel32

CloseHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetUserDefaultLCID
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
LoadLibraryW
MulDiv
OpenProcess
Sleep
WritePrivateProfileStringW

shell32

ShellExecuteW
Shell_NotifyIconW

user32

AppendMenuW
BeginPaint
CharUpperW
CheckDlgButton
CheckRadioButton
ClientToScreen
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
DrawTextW
EnableWindow
EndPaint
EnumChildWindows
EnumThreadWindows
FillRect
FindWindowW
GetAncestor
GetClassInfoExW
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDlgItem
GetDlgItemTextW
GetFocus
GetGUIThreadInfo
GetKeyNameTextW
GetKeyState
GetMessagePos
GetMessageW
GetMonitorInfoW
GetParent
GetPropW
GetSysColor
GetSystemMetrics
GetUpdateRect
GetWindow
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuW
InvalidateRect
IsDlgButtonChecked
IsWindow
IsWindowVisible
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
MapVirtualKeyW
MessageBoxW
MonitorFromPoint
MoveWindow
OffsetRect
PostMessageW
PostQuitMessage
PtInRect
RegisterClassExW
RegisterWindowMessageW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetRectEmpty
SetWindowLongPtrW
SetWindowPlacement
SetWindowPos
SetWindowsHookExW
ShowWindow
ShowWindowAsync
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
WindowFromPoint

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 864B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dbc805511e6cf2eff622aedc29daf077

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

shell32

user32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 30KB - Virtual size: 29KB

.bss Size: - Virtual size: 864B

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 30KB - Virtual size: 29KB

.bss
Size: - Virtual size: 864B

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 10KB