CLIPStudioPaint[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

CLIPStudioPaint.exe
Size

43.0MB
MD5

e5926de61ff4984115dfaa4662c07b4a
SHA1

2ec80fe23b4b37d743c509580b6f243f30801f70
SHA256

fb5f15747542b0c2eae426919564bd4959a938099e5f62ce59b2d5040dbc47dc
SHA512

e78424fb3a04490f135b57593b4ab9dcd8170b928859393c15dff87379975ec864369eb5d75ed6ef3e52b81c37f42bf586e4a00f5b5f8c1187d95e9850013a01
SSDEEP

786432:vy29pTChKndBQiDAI8cawcG1SiCgXnoR0TfZdRd+om4ifT5E5:nWKndqWZniuXu2ZNjmTTC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CLIPStudioPaint.exe

Files

CLIPStudioPaint.exe
.exe windows:6 windows x64 arch:x64

3422caaad61b443f2082c7ab3ddf8f04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

boost_date_time

??0greg_month@gregorian@boost@@QEAA@G@Z

boost_thread

?get_current_thread_data@detail@boost@@YAPEAUthread_data_base@12@XZ

ws2_32

shutdown

qmpdkdll

QmPdkQumaGetDeviceState

crypt32

CertGetCertificateContextProperty

kernel32

GetVersionExW
GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

ReleaseCapture

advapi32

DeregisterEventSource

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

bcrypt

BCryptGenRandom

shlwapi

PathFindFileNameW

imm32

ImmGetContext

msacm32

acmFormatSuggest

concrt140

?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ

vcruntime140

__RTDynamicCast

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_recalloc

api-ms-win-crt-stdio-l1-1-0

setvbuf

api-ms-win-crt-string-l1-1-0

strcspn

api-ms-win-crt-math-l1-1-0

fmod

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-locale-l1-1-0

setlocale

ailia

ord250

giflib

EGifCloseFile

jpeg62

ord30

libpng16

png_set_expand_gray_1_2_4_to_8

tiff

TIFFNumberOfStrips

libwebp

WebPPictureImportBGRA

libwebpmux

WebPMuxSetChunk

comctl32

ord17

mscms

TranslateColors

rpcrt4

UuidFromStringW

d2d1

ord1

d3d11

D3D11CreateDevice

dcomp

DCompositionCreateDevice2

dwrite

DWriteCreateFactory

avifil32

AVIStreamInfoW

iphlpapi

GetAdaptersAddresses

libfbxsdk

?FindPropertyHierarchical@FbxObject@fbxsdk@@QEBA?AVFbxProperty@2@PEBD_N@Z

zlib

deflateEnd

gdiplus

GdipDrawString

mf

MFEnumDeviceSources

mfplat

MFCreateMediaType

mfreadwrite

MFCreateSourceReaderFromMediaSource

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

dxgi

CreateDXGIFactory1

winmm

timeGetTime

wininet

InternetWriteFile

version

VerQueryValueW

boost_regex

?match@?$perl_matcher@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@V?$allocator@U?$sub_match@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@boost@@@2@U?$regex_traits@DV?$w32_regex_traits@D@boost@@@boost@@@re_detail_107200@boost@@QEAA_NXZ

icuuc65

??1Locale@icu_65@@UEAA@XZ

skia

?drawPath@SkCanvas@@QEAAXAEBVSkPath@@AEBVSkPaint@@@Z

skshaper

?MakeFontMgrRunIterator@SkShaper@@SA?AV?$unique_ptr@VFontRunIterator@SkShaper@@U?$default_delete@VFontRunIterator@SkShaper@@@std@@@std@@PEBD_KAEBVSkFont@@V?$sk_sp@VSkFontMgr@@@@0VSkFontStyle@@PEBVLanguageRunIterator@1@@Z

glu32

gluOrtho2D

opengl32

glPushMatrix

gdi32

CreateFontIndirectW

comdlg32

GetSaveFileNameW

shell32

DragQueryFileW

ole32

StringFromCLSID

oleaut32

VarUI4FromStr

Sections

.text
Size: - Virtual size: 58.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 11.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krv0
Size: - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.krv1
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.krv2
Size: 39.5MB - Virtual size: 39.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3422caaad61b443f2082c7ab3ddf8f04

Headers

DLL Characteristics

File Characteristics

Imports

boost_date_time

boost_thread

ws2_32

qmpdkdll

crypt32

kernel32

user32

advapi32

msvcp140

bcrypt

shlwapi

imm32

msacm32

concrt140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

ailia

giflib

jpeg62

libpng16

tiff

libwebp

libwebpmux

comctl32

mscms

rpcrt4

d2d1

d3d11

dcomp

dwrite

avifil32

iphlpapi

libfbxsdk

zlib

gdiplus

mf

mfplat

mfreadwrite

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

dxgi

winmm

wininet

version

boost_regex

icuuc65

skia

skshaper

glu32

opengl32

gdi32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 58.4MB

.rdata Size: - Virtual size: 11.6MB

.data Size: - Virtual size: 4.3MB

.text
Size: - Virtual size: 58.4MB

.rdata
Size: - Virtual size: 11.6MB

.data
Size: - Virtual size: 4.3MB

.pdata
Size: - Virtual size: 1.8MB

_RDATA
Size: - Virtual size: 9KB

.krv0
Size: - Virtual size: 13.6MB

.krv1
Size: 15KB - Virtual size: 14KB

.krv2
Size: 39.5MB - Virtual size: 39.5MB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB