XpsGdiConverter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

XpsGdiConverter.dll
Size

277KB
MD5

e9e3891a8784c4c5b66eea51aafa5df1
SHA1

2873215b8630c8cb366201548f3dd572cd3e2ac3
SHA256

db4300f5e63338ce0ac4c51a40c40a4d5af8219b08bd7a39d1c0b74e20a796fa
SHA512

7504db9e15ac77ed4836ec3bdfbb51e74c336b1f20271b5a97a0d1851338c3c521d4614874024bb4d5c928f8d984e64f19d85df96cbfc6c7e598620879f405f2
SSDEEP

3072:kmt+FEyQlYmYR3FkCsoDqZ47cOdWeHkHDCgdAYiBMGzH94cJ57Qff:kmt2QljYtFkCLEG3HkRdX6v4cH7Qff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XpsGdiConverter.dll

Files

XpsGdiConverter.dll
.dll windows:6 windows x86 arch:x86

08e33ae981b7dc7418c276444dfe1f7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XpsGdiConverter.pdb

Imports

msvcrt

_initterm
_XcptFilter
_CIacos
_CIasin
_CIfmod
wcsnlen
rand
_amsg_exit
_CIcos
_CIsin
_CIsqrt
floor
_ftol2_sse
ceil
time
_CIatan
__dllonexit
_lock
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
?what@exception@@UBEPBDXZ
_unlock
_CIpow
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_CxxThrowException
_callnewh
srand
memset
_ftol2
??8type_info@@QBEHABV0@@Z
_purecall
??0exception@@QAE@ABQBD@Z
memcpy_s
memmove_s
__CxxFrameHandler3
malloc
??0exception@@QAE@XZ

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetLastError
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
DisableThreadLibraryCalls

ntdll

WinSqmIncrementDWORD

user32

FillRect

gdi32

CreateSolidBrush
GetMiterLimit
SetMiterLimit
ExtCreatePen
CreateRectRgn
SelectClipRgn
SelectClipPath
GetPolyFillMode
SetPolyFillMode
BeginPath
EndPath
FillPath
PolyDraw
MoveToEx
LineTo
GetTextMetricsW
ExtTextOutW
GetTextFaceW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextAlign
SetTextAlign
GetTextColor
SetTextColor
CreateFontIndirectW
SaveDC
CreateDCW
CreateCompatibleDC
SetWorldTransform
ModifyWorldTransform
StretchDIBits
GetStockObject
StartPage
RestoreDC
ResetDCW
EndPage
SetGraphicsMode
SetStretchBltMode
SetBkMode
CreateDIBSection
GdiFlush
SelectObject
StartDocW
ExtEscape
DeleteDC
DeleteObject
EndDoc
AbortDoc
GetDeviceCaps

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
SysFreeString

shlwapi

PathIsRelativeW

shell32

SHGetKnownFolderPath

prntvpt

ord2
ord1
ord10
ord8
ord4

advapi32

EventWrite
EventUnregister
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
EventEnabled
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

d2d1

ord1

dwrite

DWriteCreateFactory

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08e33ae981b7dc7418c276444dfe1f7a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ntdll

user32

gdi32

ole32

oleaut32

shlwapi

shell32

prntvpt

advapi32

d2d1

dwrite

Sections

.text Size: 246KB - Virtual size: 245KB

.data Size: 15KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 246KB - Virtual size: 245KB

.data
Size: 15KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB