XpsGdiConverter[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

XpsGdiConverter.dll
Size

328KB
MD5

bdfbd3467b48d95bfce3a4c87a922fb3
SHA1

1c8adda0287253f110ee209fa3348c1e9e9b6eed
SHA256

ccebde7b4998a7178a3e779786a221f9045ca257fa6318ed5b27793666c8db37
SHA512

a055aca540f16908d3ddc11a0d08907d5e376db0dc4aa1fa5515495a3d6582ced8c688c97d9ca929f33a66edf7c3c1f112d5f647d14a8c8afc9774fa4d5b24ae
SSDEEP

6144:pny93K5Nyu+yivs2LIuicWimdQnX9r6KyyFlPMGC7sP3C9In6wrhpZ9P9o2nJEI+:pny93K54u+yivs2LIuicWimdQnNroyF6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XpsGdiConverter.dll

Files

XpsGdiConverter.dll
.dll windows:6 windows x86 arch:x86

e4a8badf52c5e341d8939e802d85a252

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

XpsGdiConverter.pdb

Imports

msvcrt

_lock
_ftol2
_CIsqrt
_CIsin
_CIpow
_CIfmod
_CIcos
__CxxFrameHandler3
rand
wcsnlen
srand
ceil
memcpy_s
_XcptFilter
_purecall
_initterm
memmove_s
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_unlock
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
_callnewh
_CIatan
_ftol2_sse
??8type_info@@QBEHABV0@@Z
_amsg_exit
floor
memcmp
??0exception@@QAE@ABQBD@Z
malloc
free
memcpy
_CIacos
_CIasin
memset

kernel32

VerSetConditionMask
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
Sleep
GetSystemDefaultLCID
GetLastError
GetTickCount64
GetCurrentThreadId
GetProcAddress
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExA
LocalAlloc
RaiseException
QueryPerformanceFrequency
VerifyVersionInfoW

user32

FillRect

gdi32

CreateSolidBrush
GetMiterLimit
ExtCreatePen
SetMiterLimit
BeginPath
MoveToEx
SelectClipPath
LineTo
SelectClipRgn
PolyDraw
GetPolyFillMode
EndPath
SetPolyFillMode
CreateRectRgn
FillPath
SetTextColor
CreateFontIndirectW
GetTextAlign
AddFontMemResourceEx
GetTextFaceW
SetTextAlign
GetTextColor
EndPage
SetGraphicsMode
ExtEscape
StartPage
DeleteDC
CreateDIBSection
GetDeviceCaps
GdiFlush
ExtTextOutW
GetTextMetricsW
SaveDC
AbortDoc
RestoreDC
ModifyWorldTransform
GetStockObject
EndDoc
ResetDCW
SetWorldTransform
StartDocW
SetStretchBltMode
StretchDIBits
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
CreateDCW
RemoveFontMemResourceEx

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
SysFreeString

shlwapi

PathIsRelativeW

shell32

SHGetKnownFolderPath

prntvpt

ord10
ord2
ord4
ord1
ord8

advapi32

RegQueryValueExW
GetTraceEnableFlags
EventUnregister
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegQueryInfoKeyW
EventEnabled
EventWrite
RegisterTraceGuidsW
GetTraceEnableLevel
EventRegister
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage

d3d11

D3D11CreateDevice

d2d1

ord1
ord5

dwrite

DWriteCreateFactory

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a8badf52c5e341d8939e802d85a252

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

ole32

oleaut32

shlwapi

shell32

prntvpt

advapi32

d3d11

d2d1

dwrite

Sections

.text Size: 280KB - Virtual size: 280KB

.data Size: 21KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 280KB - Virtual size: 280KB

.data
Size: 21KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB