comdlg32[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

comdlg32.dll
Size

672KB
MD5

a8f4b650a295544cb91bf621e8c24b8a
SHA1

3888499344e9b51138e38297e8f574c7ea97bce0
SHA256

42f3fd3c64c45934e572d0f0b4203de56c63e899acc001482adeeda1d8961459
SHA512

dc606c190dc1c3b72ae66ff7cd95e95d55c1f85dc75461ddcd0fbe1f13d157d5c896c21a6bfc5d441ec5c98adf5b97a0c9ea5246e309c6c6d92dc259467c5bfd
SSDEEP

12288:ZuwwSyvdGwMomwCzyZNlt7CZbqaQfnRcdT5z0F+ZzIOjQGw:8wwSQdGdorCzyPSqaQfnRA5zg+ZEOk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comdlg32.dll

Files

comdlg32.dll
.dll windows:10 windows x86 arch:x86

c0efc75401de50cb60456b01703b6353

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

comdlg32.pdb

Imports

msvcrt

_unlock
_lock
__CxxFrameHandler3
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
realloc
free
malloc
memcpy
_wcsicmp
strncpy_s
__dllonexit
strchr
sprintf_s
_set_errno
wcsncmp
memmove_s
memcpy_s
_vsnprintf_s
wcstok_s
_vsnwprintf
wcsstr
wcsrchr
wcschr
memcmp
memmove
_ftol2_sse
wcstok
_get_errno
_ftol2
towlower
_onexit
memset

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
GlobalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleExW
FreeLibrary
GetModuleFileNameA
GetProcAddress
LockResource
FreeResource
FindResourceExW
FreeLibraryAndExitThread
LoadStringW
GetModuleFileNameW
LoadResource
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
CreateThread
GetCurrentThread
OpenThreadToken
GetProcessVersion
TlsFree
GetCurrentProcess
TlsAlloc
GetCurrentProcessId
OpenProcessToken
TerminateProcess
TlsGetValue
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetLocaleInfoW
FormatMessageW
FindNLSStringEx
GetACP
GetThreadUILanguage
GetThreadPreferredUILanguages
SetThreadPreferredUILanguages

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
SetCurrentDirectoryW

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
FindClose
FindNextFileW
GetFileAttributesW
FindFirstFileW
GetVolumePathNameW
GetShortPathNameW
DeleteFileW

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSectionEx
InitializeCriticalSection
ReleaseSemaphore
OpenEventW
DeleteCriticalSection
LeaveCriticalSection
CreateEventExW
OpenSemaphoreW
ReleaseMutex
InitializeSRWLock
EnterCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexExW
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockExclusive
ResetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
PropVariantClear
CoCreateInstance
CoGetMalloc
CLSIDFromString

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAddExtension
PathCchAppendEx
PathCchStripToRoot
PathAllocCanonicalize
PathCchSkipRoot
PathCchRemoveFileSpec
PathAllocCombine
PathCchIsRoot
PathCchAppend
PathIsUNCEx

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetComputerNameExW
GetTickCount
GetVersionExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

rpcrt4

UuidCreate

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

NtFsControlFile
RtlNtStatusToDosError
RtlQueryWnfStateData
WinSqmIncrementDWORD
NtQueryWnfStateData
EtwCheckCoverage
NtSetInformationProcess
EtwEventWrite
EtwEventEnabled
NtQueryInformationFile
EtwEventActivityIdControl
EtwEventSetInformation
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
EtwEventUnregister
EtwEventWriteTransfer
EtwEventRegister
RtlUnicodeToMultiByteSize
RtlIsNameLegalDOS8Dot3
RtlInitUnicodeStringEx
WinSqmAddToStream

api-ms-win-shcore-scaling-l1-1-1

GetProcessDpiAwareness

user32

GetClassNameW
CreateDialogIndirectParamA
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
SetMenuDefaultItem
ClientToScreen
RegisterClassW
GetComboBoxInfo
DestroyMenu
TrackPopupMenuEx
CreatePopupMenu
InsertMenuItemW
KillTimer
GetMenuItemCount
GetWindowTextLengthW
CreateDialogIndirectParamW
SetParent
RedrawWindow
IsWindowVisible
SetForegroundWindow
ChangeWindowMessageFilterEx
EnableMenuItem
TranslateAcceleratorW
CallNextHookEx
GetNextDlgTabItem
GetMessageTime
GetMessagePos
DestroyIcon
PeekMessageW
MapDialogRect
GetWindow
DestroyAcceleratorTable
UnhookWindowsHookEx
SetWindowsHookExW
LoadAcceleratorsW
GetSystemMenu
MonitorFromWindow
DeferWindowPos
EnumChildWindows
GetDlgCtrlID
CopyIcon
GetClassLongW
SendMessageTimeoutW
GetAncestor
OffsetRect
DialogBoxIndirectParamAorW
GetWindowLongW
GetPropW
SetPropW
PtInRect
GetDC
ReleaseDC
SetCapture
CopyRect
MapWindowPoints
ClipCursor
ValidateRect
ChildWindowFromPoint
GetDlgItem
GetFocus
SetFocus
ReleaseCapture
InvalidateRect
RemovePropW
EndDialog
SendMessageW
GetDlgItemInt
SetDlgItemInt
UpdateWindow
GetDlgItemTextW
SendDlgItemMessageW
EnableWindow
GetWindowRect
SetWindowPos
BeginPaint
EndPaint
GetSysColor
FrameRect
InflateRect
DrawFocusRect
DrawEdge
FillRect
SetWindowLongW
GetClientRect
ShowWindow
AdjustWindowRect
MoveWindow
GetParent
CallWindowProcW
GetSysColorBrush
IntersectRect
EqualRect
ShowCursor
SetCursor
LoadCursorW
GetDialogBaseUnits
GetSystemMetrics
ScreenToClient
CreateWindowExW
GetWindowLongA
SetWindowTextW
SetDlgItemTextW
CheckDlgButton
PostMessageW
DlgDirListW
MessageBeep
IsDlgButtonChecked
DefWindowProcW
GrayStringW
CreateDialogIndirectParamAorW
IsWindow
RegisterWindowMessageA
RegisterWindowMessageW
DestroyWindow
SetDlgItemTextA
SendDlgItemMessageA
CheckRadioButton
GetDlgItemTextA
NotifyWinEvent
DialogBoxIndirectParamW
GetWindowTextW
MessageBoxW
IsWindowEnabled
GetKeyboardLayout
DrawTextW
LoadIconW
LoadImageW
GetKeyState
DrawIcon
GetWindowPlacement
SetWindowPlacement
RegisterClipboardFormatW
SystemParametersInfoW
SetTimer
ord2707
GetForegroundWindow
DeleteMenu
BeginDeferWindowPos
EndDeferWindowPos
GetMonitorInfoW
MonitorFromRect
EnumDisplayMonitors

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenA
lstrcmpW
lstrlenW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-shcore-unicodeansi-l1-1-0

SHAnsiToUnicode
SHUnicodeToAnsi

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNIW
StrChrW
StrCmpIW
StrStrIW
StrPBrkW
StrCmpICW
QISearch
StrStrW
StrIsIntlEqualW
StrRChrW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathIsRootW
PathFindNextComponentW
PathFileExistsW
PathSkipRootW
PathIsRelativeW
PathMatchSpecExW
PathGetDriveNumberW
PathIsUNCW
PathIsValidCharW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathMatchSpecW
PathCombineW
PathIsUNCServerW
PathAddBackslashW
PathRemoveBackslashW
PathRemoveBlanksW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalReAlloc
GlobalUnlock
LocalSize

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
FindResourceA

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Read
IStream_Write
SHCreateMemStream

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService
IUnknown_Set
IUnknown_SetSite

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW

api-ms-win-shcore-path-l1-1-0

ord170
ord172

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlIsW

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

shlwapi

ord388
ord168
ord271
ord197
ord355
ord225
ord266
ord630
ord163
ord178
ord638
ord478
ord481
ord479
AssocGetPerceivedType
ord204
ord514
ord164
ord24
StrRetToStrW
ord540
ord476
StrRetToBufW
ord270
ord618
ord175
ord172
ord619

gdi32

SetTextColor
SetBkMode
GetTextExtentPointW
GetTextCharset
GetGlyphIndicesW
CreateFontIndirectW
GetDeviceCaps
TranslateCharsetInfo
EnumFontFamiliesExW
TextOutW
GetTextCharsetInfo
GetTextMetricsW
CreateRectRgnIndirect
SelectClipRgn
CreateICW
CreateDCW
GetCharWidth32W
CreateRectRgn
CreateDiscardableBitmap
SetRectRgn
CombineRgn
EqualRgn
ExcludeClipRect
GetTextExtentPoint32W
OffsetWindowOrgEx
SetWindowOrgEx
CreateDIBSection
GetLayout
ExtTextOutW
GetObjectW
CreateDIBitmap
CreateCompatibleBitmap
LineTo
MoveToEx
BitBlt
PatBlt
GetNearestColor
CreateCompatibleDC
Rectangle
SetBkColor
SelectObject
GetStockObject
CreatePen
CreateSolidBrush
RealizePalette
SelectPalette
DeleteDC
DeleteObject
CreateFontW

comctl32

ord329
ord386
ord334
CreatePropertySheetPageW
PropertySheetW
ord412
ord413
ord410
ord326
ord323
ord322
ord320
ord388
ImageList_GetIconSize
ImageList_Draw
CreateToolbarEx
ord339
ord236
ord331
ord336
ord385
ord328
ord332
ord335
ord324
ord16
InitCommonControlsEx
ImageList_Destroy
ord341
ord338

shell32

SHGetFileInfoW
ord100
SHGetSpecialFolderPathW
ord714
SheChangeDirExW
ord25
SHParseDisplayName
ord155
ord19
SHGetIDListFromObject
SHGetSpecialFolderLocation
ord18
SHBindToParent
SHCreateItemFromIDList
ord16
ord17
SHBindToObject
SHCreateShellItemArrayFromShellItem
SHCreateItemFromParsingName
SHCreateShellItemArrayFromDataObject
SHGetDesktopFolder
SHCreateItemWithParent
ord21
SHGetKnownFolderItem
ord850
SHBindToFolderIDListParentEx
SHGetKnownFolderPath
SHGetKnownFolderIDList
ord23
SHBindToFolderIDListParent
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArray
ord64
ord853
ord654
SHChangeNotifyRegisterThread
ord778
SHAddDefaultPropertiesByExt
ord68
ord644
ord645
ord903
ord28
ord71
ord4
ord2
ShellExecuteExW
ord89
ShellExecuteW
ord152
SHCreateItemInKnownFolder
ord2000
ord921
ord787
ord195
ord761
SHGetFolderLocation
ord77
ord24
ord153

kernel32

CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ChooseColorA
ChooseColorW
ChooseFontA
ChooseFontW
CommDlgExtendedError
DllCanUnloadNow
DllGetClassObject
FindTextA
FindTextW
GetFileTitleA
GetFileTitleW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
LoadAlterBitmap
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgExA
PrintDlgExW
PrintDlgW
ReplaceTextA
ReplaceTextW
Ssync_ANSI_UNICODE_Struct_For_WOW
WantArrows
dwLBSubclass
dwOKSubclass

Sections

.text
Size: 611KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0efc75401de50cb60456b01703b6353

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-registry-l1-1-1

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-apiquery-l1-1-0

ntdll

api-ms-win-shcore-scaling-l1-1-1

user32

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-shcore-unicodeansi-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-shell-shellcom-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-shcore-thread-l1-1-0

shlwapi

gdi32

comctl32

shell32

kernel32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 611KB - Virtual size: 611KB

.data Size: 1024B - Virtual size: 14KB

.idata Size: 18KB - Virtual size: 17KB

.didat Size: 1024B - Virtual size: 528B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 611KB - Virtual size: 611KB

.data
Size: 1024B - Virtual size: 14KB

.idata
Size: 18KB - Virtual size: 17KB

.didat
Size: 1024B - Virtual size: 528B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 37KB - Virtual size: 36KB