comdlg32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

comdlg32.dll
Size

670KB
MD5

8ab7601ee33794963efe1f3c42d9bb50
SHA1

760bc7c639f4988611e0ff679e36ce8de896fccc
SHA256

212b0745089ccab3ca71fb8b38b178469c6afcae1ecc52ca3ec2c8405202dd80
SHA512

a1664e75ca378f41d58c6c0962e8e7aae89b0bd1ca7ba003197ce6edf18d35aacd999bf33c3aa2ce91fafb837e1414e75565b0f9e6e1ababeee860cb9a423bf0
SSDEEP

12288:gMygwHVa9jn9zns9bHiIb2deoEwrHKTjAllSPVO+IViQdb:BygWVa9D97IT95wrHK3AllyVZIVNdb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comdlg32.dll

Files

comdlg32.dll
.dll windows:10 windows x86 arch:x86

bb3768c81a9de6f6377ba23076d55dbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comdlg32.pdb

Imports

msvcrt

_unlock
_lock
__CxxFrameHandler3
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
realloc
free
malloc
memcpy
_wcsicmp
strncpy_s
__dllonexit
strchr
sprintf_s
_set_errno
wcsncmp
memmove_s
memcpy_s
_vsnprintf_s
wcstok_s
_vsnwprintf
wcsstr
wcsrchr
wcschr
memcmp
memmove
_ftol2_sse
wcstok
_get_errno
_ftol2
towlower
_onexit
memset

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree
LocalReAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
SizeofResource
FreeLibrary
GetModuleHandleW
GetModuleFileNameW
FreeResource
LockResource
FindResourceExW
DisableThreadLibraryCalls
GetProcAddress
FreeLibraryAndExitThread

api-ms-win-core-processthreads-l1-1-0

GetProcessVersion
TlsGetValue
TlsSetValue
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateThread
TlsAlloc
GetCurrentProcessId
TlsFree
OpenProcessToken
OpenThreadToken

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
RaiseException
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FindNLSStringEx
SetThreadUILanguage
GetThreadPreferredUILanguages
FormatMessageW
GetLocaleInfoW
GetACP
GetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-string-l2-1-0

CharLowerW
CharNextW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetVolumeInformationW
CreateFileW
FindClose
GetDriveTypeW
DeleteFileW
FindNextFileW
GetFileAttributesW
FindFirstFileW
GetShortPathNameW
GetVolumePathNameW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateEventExW
LeaveCriticalSection
CreateMutexExW
InitializeSRWLock
OpenEventW
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ResetEvent
SetEvent
InitializeCriticalSection
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSemaphore
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegGetValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoGetMalloc
CoCreateInstance
PropVariantClear
CoTaskMemRealloc
CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoWaitForMultipleHandles
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppendEx
PathCchAppend
PathAllocCombine
PathAllocCanonicalize
PathCchSkipRoot
PathCchRemoveFileSpec
PathCchAddExtension
PathCchStripToRoot
PathCchIsRoot
PathIsUNCEx

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount64
GetVersionExW
GetTickCount

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidCreate

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

NtFsControlFile
RtlNtStatusToDosError
RtlQueryWnfStateData
WinSqmIncrementDWORD
NtQueryWnfStateData
EtwCheckCoverage
NtSetInformationProcess
EtwEventWrite
EtwEventEnabled
NtQueryInformationFile
EtwEventActivityIdControl
EtwEventSetInformation
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
EtwEventUnregister
EtwEventWriteTransfer
EtwEventRegister
RtlUnicodeToMultiByteSize
RtlIsNameLegalDOS8Dot3
RtlInitUnicodeStringEx
WinSqmAddToStream

api-ms-win-shcore-scaling-l1-1-1

GetProcessDpiAwareness

user32

GetClassNameW
CreateDialogIndirectParamA
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
SetMenuDefaultItem
ClientToScreen
RegisterClassW
GetComboBoxInfo
DestroyMenu
TrackPopupMenuEx
CreatePopupMenu
InsertMenuItemW
KillTimer
GetMenuItemCount
GetWindowTextLengthW
CreateDialogIndirectParamW
SetParent
RedrawWindow
IsWindowVisible
SetForegroundWindow
ChangeWindowMessageFilterEx
EnableMenuItem
TranslateAcceleratorW
CallNextHookEx
GetNextDlgTabItem
GetMessageTime
GetMessagePos
DestroyIcon
PeekMessageW
MapDialogRect
GetWindow
DestroyAcceleratorTable
UnhookWindowsHookEx
SetWindowsHookExW
LoadAcceleratorsW
GetSystemMenu
MonitorFromWindow
DeferWindowPos
EnumChildWindows
GetDlgCtrlID
CopyIcon
GetClassLongW
SendMessageTimeoutW
GetAncestor
OffsetRect
DialogBoxIndirectParamAorW
GetWindowLongW
GetPropW
SetPropW
PtInRect
GetDC
ReleaseDC
SetCapture
CopyRect
MapWindowPoints
ClipCursor
ValidateRect
ChildWindowFromPoint
GetDlgItem
GetFocus
SetFocus
ReleaseCapture
InvalidateRect
RemovePropW
EndDialog
SendMessageW
GetDlgItemInt
SetDlgItemInt
UpdateWindow
GetDlgItemTextW
SendDlgItemMessageW
EnableWindow
GetWindowRect
SetWindowPos
BeginPaint
EndPaint
GetSysColor
FrameRect
InflateRect
DrawFocusRect
DrawEdge
FillRect
SetWindowLongW
GetClientRect
ShowWindow
AdjustWindowRect
MoveWindow
GetParent
CallWindowProcW
GetSysColorBrush
IntersectRect
EqualRect
ShowCursor
SetCursor
LoadCursorW
GetDialogBaseUnits
GetSystemMetrics
ScreenToClient
CreateWindowExW
GetWindowLongA
SetWindowTextW
SetDlgItemTextW
CheckDlgButton
PostMessageW
DlgDirListW
MessageBeep
IsDlgButtonChecked
DefWindowProcW
GrayStringW
CreateDialogIndirectParamAorW
IsWindow
RegisterWindowMessageA
RegisterWindowMessageW
DestroyWindow
SetDlgItemTextA
SendDlgItemMessageA
CheckRadioButton
GetDlgItemTextA
NotifyWinEvent
DialogBoxIndirectParamW
GetWindowTextW
MessageBoxW
IsWindowEnabled
GetKeyboardLayout
DrawTextW
LoadIconW
LoadImageW
GetKeyState
DrawIcon
GetWindowPlacement
SetWindowPlacement
RegisterClipboardFormatW
SystemParametersInfoW
SetTimer
ord2707
GetForegroundWindow
DeleteMenu
BeginDeferWindowPos
EndDeferWindowPos
GetMonitorInfoW
MonitorFromRect
EnumDisplayMonitors

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrlenW
lstrlenA
lstrcmpiW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode
SHUnicodeToAnsi

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrPBrkW
StrCmpICW
StrStrIW
QISearch
StrRChrW
StrStrW
StrCmpIW
StrChrW
StrIsIntlEqualW
StrCmpNIW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathIsValidCharW
PathIsRootW
PathGetDriveNumberW
PathRemoveBlanksW
PathFindNextComponentW
PathMatchSpecExW
PathIsFileSpecW
PathFindFileNameW
PathCombineW
PathRemoveExtensionW
PathSkipRootW
PathFileExistsW
PathIsUNCServerW
PathIsUNCW
PathRemoveBackslashW
PathAddBackslashW
PathFindExtensionW
PathMatchSpecW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalReAlloc
LocalSize
GlobalLock
GlobalUnlock

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
FindResourceA

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Read
IStream_Write
SHCreateMemStream

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_Set
IUnknown_SetSite

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW

api-ms-win-shcore-path-l1-1-0

ord170
ord172

api-ms-win-core-url-l1-1-0

UrlIsW
PathIsURLW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

shlwapi

ord388
ord168
ord271
ord197
ord355
ord225
ord266
ord630
ord163
ord178
ord638
ord478
ord481
ord479
AssocGetPerceivedType
ord204
ord514
ord164
ord24
StrRetToStrW
ord540
ord476
StrRetToBufW
ord270
ord618
ord175
ord172
ord619

gdi32

SetTextColor
SetBkMode
GetTextExtentPointW
GetTextCharset
GetGlyphIndicesW
CreateFontIndirectW
GetDeviceCaps
TranslateCharsetInfo
EnumFontFamiliesExW
TextOutW
GetTextCharsetInfo
GetTextMetricsW
CreateRectRgnIndirect
SelectClipRgn
CreateICW
CreateDCW
GetCharWidth32W
CreateRectRgn
CreateDiscardableBitmap
SetRectRgn
CombineRgn
EqualRgn
ExcludeClipRect
GetTextExtentPoint32W
OffsetWindowOrgEx
SetWindowOrgEx
CreateDIBSection
GetLayout
ExtTextOutW
GetObjectW
CreateDIBitmap
CreateCompatibleBitmap
LineTo
MoveToEx
BitBlt
PatBlt
GetNearestColor
CreateCompatibleDC
Rectangle
SetBkColor
SelectObject
GetStockObject
CreatePen
CreateSolidBrush
RealizePalette
SelectPalette
DeleteDC
DeleteObject
CreateFontW

comctl32

ord329
ord386
ord334
CreatePropertySheetPageW
PropertySheetW
ord412
ord413
ord410
ord326
ord323
ord322
ord320
ord388
ImageList_GetIconSize
ImageList_Draw
CreateToolbarEx
ord339
ord236
ord331
ord336
ord385
ord328
ord332
ord335
ord324
ord16
InitCommonControlsEx
ImageList_Destroy
ord341
ord338

shell32

SHGetFileInfoW
ord100
SHGetSpecialFolderPathW
ord714
SheChangeDirExW
ord25
SHParseDisplayName
ord155
ord19
SHGetIDListFromObject
SHGetSpecialFolderLocation
ord18
SHBindToParent
SHCreateItemFromIDList
ord16
ord17
SHBindToObject
SHCreateShellItemArrayFromShellItem
SHCreateItemFromParsingName
SHCreateShellItemArrayFromDataObject
SHGetDesktopFolder
SHCreateItemWithParent
ord21
SHGetKnownFolderItem
ord850
SHBindToFolderIDListParentEx
SHGetKnownFolderPath
SHGetKnownFolderIDList
ord23
SHBindToFolderIDListParent
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArray
ord64
ord853
ord654
SHChangeNotifyRegisterThread
ord778
SHAddDefaultPropertiesByExt
ord68
ord644
ord645
ord903
ord28
ord71
ord4
ord2
ShellExecuteExW
ord89
ShellExecuteW
ord152
SHCreateItemInKnownFolder
ord2000
ord921
ord787
ord195
ord761
SHGetFolderLocation
ord77
ord24
ord153

kernel32

CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
DllCanUnloadNow
DllGetClassObject
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb3768c81a9de6f6377ba23076d55dbe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-1

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-apiquery-l1-1-0

ntdll

api-ms-win-shcore-scaling-l1-1-1

user32

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-shell-shellcom-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-shcore-thread-l1-1-0

shlwapi

gdi32

comctl32

shell32

kernel32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 609KB - Virtual size: 609KB

.data Size: 1024B - Virtual size: 14KB

.idata Size: 18KB - Virtual size: 17KB

.didat Size: 1024B - Virtual size: 528B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 609KB - Virtual size: 609KB

.data
Size: 1024B - Virtual size: 14KB

.idata
Size: 18KB - Virtual size: 17KB

.didat
Size: 1024B - Virtual size: 528B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 37KB - Virtual size: 36KB