comdlg32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

comdlg32.dll
Size

474KB
MD5

d1de1eafde97be41cf6585027ff3e732
SHA1

ade86a81b23f376b782de54832cbdb33ff5e3a13
SHA256

76f17d4df440d6734dc8157092d94eb18c2a73a0a49beea289e7b3ede30e86a2
SHA512

83022409cd77acfea1dd7d8300b949f9c597ea8bd087ebd6f51c33d2483112be0240ee577f1a111edadd97d9c4f959b25aba9f14be26d074db6098e2c8bb97bd
SSDEEP

6144:gTGO8nEW6QL5rR+n3urIw7IPkUqw6/aHoj8sJn3A9UOJwRmvs7l+0yAZ2t:gT5lW6Eo4xIMD/eO8s3A9RwRmvY9TZ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comdlg32.dll

Files

comdlg32.dll
.dll windows:6 windows x86 arch:x86

9cdb9712b209145906aa6f9c0e06ed0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comdlg32.pdb

Imports

msvcrt

wcsrchr
wcsstr
wcschr
iswalpha
memcpy
memmove
wcstok
_vsnwprintf
_ftol2_sse
wcstok_s
_ftol2
_wcsicmp
_XcptFilter
malloc
free
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
memset

ntdll

RtlUnicodeToMultiByteSize
RtlInitUnicodeStringEx
EtwEventRegister
EtwEventUnregister
EtwEventWrite
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
WinSqmAddToStream
RtlNtStatusToDosError
NtFsControlFile
NtQueryInformationFile
WinSqmIncrementDWORD
EtwEventEnabled
RtlIsNameLegalDOS8Dot3

shlwapi

UrlIsW
StrPBrkW
PathRemoveBackslashW
StrIsIntlEqualW
ord270
PathBuildRootW
ord540
StrCmpW
ord168
ord476
PathIsUNCServerW
ord495
ord508
ord499
ord271
StrDupW
PathAddBackslashW
StrChrW
PathSkipRootW
ord388
ord215
ord217
StrRChrW
PathIsRootW
PathRemoveBlanksW
StrCmpNIW
ord174
StrStrW
StrStrIW
ord219
PathFindExtensionW
PathFindFileNameW
ord456
PathFileExistsW
PathGetDriveNumberW
SHStrDupW
PathIsUNCW
ord24
ord618
AssocGetPerceivedType
PathIsNetworkPathW
ord164
ord163
StrCmpIW
ord199
PathCombineW
PathIsFileSpecW
PathMatchSpecExW
ord176
ord172
ord204
ord638
ord479
ord478
ord481
SHRegGetValueW
ord461
PathCanonicalizeW
PathIsRelativeW
ord16
ord178
StrRetToBufW
ord158
ord266
ord630
ord175
ord437
ord225
ord237
PathMatchSpecW
ord355
ord197

user32

SetDlgItemInt
UpdateWindow
GetDlgItemTextW
SendDlgItemMessageW
ReleaseCapture
ClipCursor
RemovePropW
EndDialog
SetWindowPos
SetFocus
PtInRect
ValidateRect
SetCapture
ChildWindowFromPoint
EnableWindow
ShowWindow
AdjustWindowRect
GetDlgItemInt
SetWindowLongW
GetWindowRect
DrawEdge
FillRect
GetParent
SendMessageW
GetPropW
CallWindowProcW
GetDlgItem
GetClientRect
MapWindowPoints
GetFocus
GetDC
InflateRect
DrawFocusRect
ReleaseDC
CopyRect
GetSysColor
FrameRect
GetWindowLongW
EndPaint
BeginPaint
InvalidateRect
SetPropW
GetSysColorBrush
EqualRect
IntersectRect
SetCursor
LoadCursorW
ShowCursor
LoadStringW
GetWindowLongA
CreateWindowExW
ScreenToClient
GetSystemMetrics
GetDialogBaseUnits
CharNextW
CharLowerW
PostMessageW
GrayStringW
RegisterClipboardFormatW
IsProcessDPIAware
ActivateKeyboardLayout
CreateDialogIndirectParamAorW
DialogBoxIndirectParamAorW
DefWindowProcW
SetDlgItemTextW
DlgDirListW
SetWindowTextW
CheckDlgButton
IsDlgButtonChecked
MessageBeep
RegisterWindowMessageW
RegisterWindowMessageA
IsWindow
CheckRadioButton
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
DestroyWindow
IsWindowEnabled
GetKeyboardLayout
GetWindowTextW
MessageBoxW
DrawTextW
DialogBoxIndirectParamW
LoadImageW
LoadIconW
GetKeyState
SetWindowPlacement
GetWindowPlacement
DrawIcon
GetMonitorInfoW
CopyIcon
GetClassLongW
SendMessageTimeoutW
GetAncestor
GetDlgCtrlID
EnumChildWindows
LoadBitmapW
EndDeferWindowPos
GetWindow
DeferWindowPos
BeginDeferWindowPos
MonitorFromWindow
MapDialogRect
PeekMessageW
IsWindowVisible
OffsetRect
EnumDisplayMonitors
MonitorFromRect
GetNextDlgTabItem
TranslateAcceleratorW
CallNextHookEx
DestroyAcceleratorTable
UnhookWindowsHookEx
SetWindowsHookExW
SetTimer
LoadAcceleratorsW
DeleteMenu
GetSystemMenu
GetForegroundWindow
DestroyIcon
SetForegroundWindow
KillTimer
ChangeWindowMessageFilterEx
EnableMenuItem
RedrawWindow
SetParent
CreateDialogIndirectParamW
GetWindowTextLengthW
GetComboBoxInfo
InsertMenuItemW
GetMenuItemCount
DestroyMenu
TrackPopupMenuEx
CreatePopupMenu
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetClassNameW
CreateDialogIndirectParamA
MoveWindow

gdi32

GetLayout
ExtTextOutW
GetTextExtentPoint32W
OffsetWindowOrgEx
SetWindowOrgEx
ExcludeClipRect
EqualRgn
CombineRgn
SetRectRgn
CreateRectRgn
DeleteObject
CreateSolidBrush
Rectangle
SelectObject
GetStockObject
CreatePen
GetNearestColor
DeleteDC
CreateCompatibleDC
RealizePalette
SelectPalette
PatBlt
BitBlt
LineTo
MoveToEx
CreateCompatibleBitmap
CreateDIBitmap
CreateDiscardableBitmap
GetObjectW
GetTextMetricsW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPointW
GetDeviceCaps
GetTextCharset
TextOutW
GetTextCharsetInfo
GetGlyphIndicesW
CreateFontIndirectW
EnumFontFamiliesExW
TranslateCharsetInfo
GetCharWidth32W
SelectClipRgn
CreateRectRgnIndirect
CreateFontW
CreateICW
CreateDCW

comctl32

ord324
ImageList_GetIconSize
ord335
ord336
ord332
ord331
ord328
ord385
ord386
ord16
InitCommonControlsEx
ord338
ImageList_Draw
ImageList_Destroy
CreateToolbarEx
ord341
ord388
ord326
ord323
ord322
ord236
ord321
ord339
ord320
CreatePropertySheetPageW
PropertySheetW
ord410
ord412
ord413
ord329
ord334

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
SheChangeDirExW
ord100
ord155
ord18
ord25
ord64
SHAddDefaultPropertiesByExt
SHCreateItemFromIDList
ord21
SHGetSpecialFolderLocation
ord28
SHCreateItemFromParsingName
SHBindToObject
SHGetDesktopFolder
SHParseDisplayName
SHCreateShellItemArray
SHCreateShellItemArrayFromIDLists
SHCreateItemWithParent
SHGetPathFromIDListW
SHGetIDListFromObject
SHGetKnownFolderIDList
ord814
ord849
ord815
SHGetKnownFolderItem
ord778
SHBindToParent
ord645
ord644
SHCreateShellItemArrayFromDataObject
ord850
ord903
ord654
ord818
SHCreateShellItemArrayFromShellItem
ord68
SHChangeNotifyRegisterThread
SHBindToFolderIDListParent
ord4
ord89
ord71
ord16
ord2
ord152
ord17
ord840
SHCreateItemInKnownFolder
ord195
ord19
ord787
ord761
SHGetFolderLocation
ord77
ord153
ord24
SHBindToFolderIDListParentEx
ord102
SHGetItemFromObject
ord714

kernel32

TlsFree
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
GlobalReAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
DeleteFileW
GlobalAlloc
TlsAlloc
lstrcmpW
GetACP
MulDiv
GetUserDefaultUILanguage
FindResourceA
SetErrorMode
SetCurrentDirectoryW
CreateEventW
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
ResetEvent
FreeLibraryAndExitThread
InitializeCriticalSection
GetVolumeInformationW
GetFullPathNameW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetProcessVersion
LocalSize
WideCharToMultiByte
CloseHandle
SetEvent
GetDriveTypeW
lstrcmpiW
FormatMessageW
CreateFileW
GetCurrentDirectoryW
GetShortPathNameW
GetLastError
EnterCriticalSection
LeaveCriticalSection
SizeofResource
lstrlenW
GetThreadUILanguage
TlsGetValue
SetLastError
LocalAlloc
lstrlenA
MultiByteToWideChar
LocalFree
FindResourceW
LoadResource
TlsSetValue
LockResource
DisableThreadLibraryCalls
ExpandEnvironmentStringsW
FreeResource
GetCurrentThreadId
SetThreadUILanguage
HeapAlloc
GetProcessHeap
HeapFree
FindResourceExW
GetModuleHandleW
CompareStringW
WaitForMultipleObjects
CompareStringOrdinal
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
OpenEventW
GetVolumePathNameW
GetComputerNameExW
GetComputerNameW
DuplicateHandle
RegGetValueW
SystemTimeToFileTime
GetVersionExW
LocalReAlloc
GetCurrentThread
GlobalFree

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
DllCanUnloadNow
DllGetClassObject
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cdb9712b209145906aa6f9c0e06ed0b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

shlwapi

user32

gdi32

comctl32

shell32

kernel32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 342KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 107KB - Virtual size: 106KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 343KB - Virtual size: 342KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 107KB - Virtual size: 106KB

.reloc
Size: 17KB - Virtual size: 16KB