colorui[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

colorui.dll
Size

69KB
MD5

9ab7b23accebd1ffef312a024c232e32
SHA1

3dc40b037be951bdf5a73cdb99cca3e8b7636e1b
SHA256

6f8790fc74cb4c93d8b69d91cb90c03c341f4c8560328db91b1971f3342d1242
SHA512

bbd8536a5ed939dae450a3f0ed1ad45ff7d6ad59fc8fdc576ab9b280da8e97a61282e7b1cf881af89d8a53506c0c9cf3b4366753b8127347f8214360bf90b6fc
SSDEEP

1536:soGTApW69aWCjJMKFN2MfgowFuglTrSDPHOoTHW0nSopU:hdUtN2JuglTuDPHNW0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
colorui.dll

Files

colorui.dll
.dll regsvr32 windows:10 windows x86 arch:x86

ecb66fb2d36b9bf8603a14c6df2cf739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

colorui.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_callnewh
_ltow_s
_vsnwprintf
_wcsicmp
wcsncpy_s
malloc
free
_purecall
memcpy_s
memset

kernel32

LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
GetLastError
DisableThreadLibraryCalls
CloseHandle
RaiseException
FindResourceExW
LoadResource
GetCommandLineW
LocalFree
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
lstrlenW
GetFileAttributesW
SetFileAttributesW
lstrcmpW
GetCurrentProcessId
SetLastError
GetCurrentProcess
FormatMessageW
GetDateFormatW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
EnterCriticalSection
SizeofResource
GetModuleFileNameW
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetProcAddress

shell32

SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
ord258

winspool.drv

ClosePrinter
EnumPrintersW
OpenPrinterW

user32

RedrawWindow
TrackPopupMenuEx
RemoveMenu
GetClientRect
GetParent
UpdateWindow
ReleaseDC
BeginPaint
EnableWindow
GetWindowTextW
GetWindowLongW
OpenIcon
CallWindowProcW
SetWindowPos
GetWindowPlacement
CharPrevW
SetDlgItemTextW
SetWindowPlacement
ChangeWindowMessageFilterEx
SetWindowLongW
GetDlgItem
SetForegroundWindow
GetWindowThreadProcessId
EnumDisplayDevicesW
SendMessageTimeoutW
LoadStringW
CharNextW
FindWindowW
RegisterWindowMessageW
SetWindowTextW
DefWindowProcW
LoadMenuW
GetWindowRect
UnregisterClassA
EndDialog
PostQuitMessage
RegisterClipboardFormatW
DestroyWindow
GetDC
SetWindowRgn
EnumDisplayMonitors
SendMessageW
GetSubMenu
SetTimer
GetMonitorInfoW
PostMessageW
DialogBoxParamW
GetSystemMetrics
AllowSetForegroundWindow
SetFocus
RegisterClassW
LoadIconW
ShowWindow
LoadCursorW
CreateWindowExW
EndPaint

ole32

ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient3
HWND_UserUnmarshal
ReleaseStgMedium
CoGetObject
StringFromGUID2
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
ObjectStublessClient4
ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
HWND_UserMarshal
ObjectStublessClient5
ObjectStublessClient13
HWND_UserSize
HWND_UserFree
ObjectStublessClient7
ObjectStublessClient12

gdi32

CreatePen
DeleteObject
CreateFontIndirectW
BeginPath
PathToRegion
StrokePath
TextOutW
EndPath
GetTextExtentPointW
SelectObject
PatBlt
SetBkMode
SetTextColor

advapi32

GetFileSecurityW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
GetTokenInformation
RegQueryValueExW
AccessCheck
OpenProcessToken
RegDeleteValueW
DuplicateToken

shlwapi

StrRetToStrW
PathFindFileNameW

mscms

WcsGetUsePerUserProfiles
ColorCplOverwritePerUserAssociationList
ColorCplSetUsePerUserProfiles
ColorCplGetProfileProperties
ColorCplGetDefaultProfileScope
ColorCplGetDefaultRenderingIntentScope
InternalGetDeviceConfig
WcsSetDefaultColorProfile
WcsSetCalibrationManagementState
InternalSetDeviceConfig
InstallColorProfileW
WcsSetDefaultRenderingIntent
WcsEnumColorProfiles
ColorCplLoadAssociationList
InternalWcsDisassociateColorProfileWithDevice
InternalWcsAssociateColorProfileWithDevice
WcsGetDefaultColorProfile
ColorCplReleaseProfileProperties
ColorCplSaveAssociationList
ColorCplHasSystemWideAssociationListChanged
WcsGetCalibrationManagementState
InternalRefreshCalibration
WcsGetDefaultRenderingIntent
WcsGpCanInstallOrUninstallProfiles
ColorCplInitialize
ColorCplUninitialize
ColorCplMergeAssociationLists
GetColorDirectoryW
WcsEnumColorProfilesSize
UninstallColorProfileW
ColorCplResetSystemWideAssociationListChangedWarning

oleaut32

SysStringLen
SysAllocString
SysFreeString
VarUI4FromStr

rpcrt4

IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
IUnknown_Release_Proxy

setupapi

SetupDiGetClassDevsW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

ntdll

WinSqmAddToStream

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
LaunchColorCpl

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecb66fb2d36b9bf8603a14c6df2cf739

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

shell32

winspool.drv

user32

ole32

gdi32

advapi32

shlwapi

mscms

oleaut32

rpcrt4

setupapi

ntdll

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 55KB - Virtual size: 54KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 2KB