dc2934b1053a74ba3072985ec4689483022c7394a28b2d9f7bcde5e654879169

Sharing

Copy URL Twitter E-mail

General

Target

dc2934b1053a74ba3072985ec4689483022c7394a28b2d9f7bcde5e654879169
Size

3.5MB
MD5

11a6c26e577186dee3e8d0acd5c0831d
SHA1

17fe508ff9e00b9c3ff30292740ce9db55630930
SHA256

dc2934b1053a74ba3072985ec4689483022c7394a28b2d9f7bcde5e654879169
SHA512

599a44d3b2ca7a6c2cb62dd994a3731f15babdbe7de4bc104fd320be00623a66869a2e38e182cba67e44fcdc78b4d01f8b1a322a7b67bdf452c7114262852025
SSDEEP

24576:6OfUuTQZVrxmQz3JN/QWV53TNiicvQMoS4l6su+2Cuif5z0QMJg6Yq411g:6OfDTWJBnV5AiA5oS4l6sfBRbDq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc2934b1053a74ba3072985ec4689483022c7394a28b2d9f7bcde5e654879169

Files

dc2934b1053a74ba3072985ec4689483022c7394a28b2d9f7bcde5e654879169
.exe windows:5 windows x86 arch:x86

7b2f4a34d1132ff340bbdead0d2af8cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\codes\Duilib_ScreenShot\Screenshot\Debug\Screenshot.pdb

Imports

msimg32

AlphaBlend

gdiplus

GdipAddPathPolygonI
GdipAddPathPieI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipAddPathCurveI
GdipAddPathBezierI
GdipAddPathLine2I
GdipStartPathFigure
GdipSetPathFillMode
GdipGetPathFillMode
GdipResetPath
GdipClonePath
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipSetPenColor
GdipGetPenLineJoin
GdipSetPenLineJoin
GdipGetPenDashCap197819
GdipGetPenEndCap
GdipGetPenStartCap
GdipSetPenDashCap197819
GdipSetPenEndCap
GdipSetPenStartCap
GdipGetPenWidth
GdipSetPenWidth
GdipClonePen
GdipSetStringFormatTrimming
GdipSetLineBlend
GdipCreatePen2
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipImageRotateFlip
GdipSetWorldTransform
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipIsOutlineVisiblePathPointI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillEllipseI
GdipFillRectangle
GdipDrawPath
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawBezierI
GdipDrawLineI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipTransformPath
GdiplusStartup
GdipDrawArc
GdipDeleteMatrix
GdipCreateMatrix
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipDrawImageRect
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetImagePaletteSize
GdipGetImagePalette
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown
GdipAddPathEllipseI

winmm

timeKillEvent
timeGetTime
timeSetEvent

comctl32

_TrackMouseEvent
ord17

shlwapi

PathIsRelativeW
PathFileExistsW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetOpenStatus
ImmGetOpenStatus

kernel32

GetCurrentThread
GetSystemInfo
HeapValidate
GetACP
ExitProcess
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
WriteConsoleW
GetFileType
GetModuleHandleExW
OutputDebugStringA
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
SwitchToThread
SetLastError
FormatMessageW
DecodePointer
EncodePointer
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetStringTypeW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
HeapReAlloc
HeapSize
HeapQueryInformation
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
GetModuleFileNameA
GetEnvironmentVariableW
SetFileTime
SetFilePointer
GetFileSize
WideCharToMultiByte
SetEndOfFile
GlobalSize
MulDiv
GetModuleHandleA
OpenProcess
SetCurrentDirectoryW
VerifyVersionInfoW
GetTickCount
VerSetConditionMask
MultiByteToWideChar
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrcpyW
GlobalAddAtomW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcessId
WriteFile
CloseHandle
OutputDebugStringW
CreateFileA
InterlockedCompareExchange
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetSystemDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesW
RaiseException
SetThreadPriority
TerminateThread
WaitForSingleObject
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventW
LockResource
VirtualQuery
SetProcessWorkingSetSize
GetCurrentProcess
GetLastError
LoadResource
SizeofResource
GetStdHandle
CreateMutexW
CreateProcessW
FindResourceW
GetComputerNameW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedExchange
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetModuleHandleW
ReadFile
FindClose
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
CopyFileW

user32

GetDesktopWindow
GetParent
MapWindowPoints
RegisterWindowMessageW
LoadIconW
RegisterHotKey
UnregisterHotKey
PostQuitMessage
IsWindow
UpdateLayeredWindow
SetWindowPos
IsWindowVisible
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetDC
ReleaseDC
GetWindowRect
SetCursor
GetCursorPos
IsRectEmpty
PtInRect
GetWindowLongW
EnumChildWindows
EnumWindows
GetWindowThreadProcessId
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
WaitMessage
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
CallMsgFilterW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SendMessageW
CallWindowProcW
RegisterClassW
GetClassInfoExW
ShowWindow
MoveWindow
IsIconic
SetFocus
GetFocus
GetKeyState
SetCapture
ReleaseCapture
EnableWindow
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetPropW
GetPropW
SetWindowTextW
GetClientRect
ScreenToClient
IntersectRect
SetWindowLongW
GetWindow
LoadCursorW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
IsZoomed
SetForegroundWindow
SetWindowRgn
MessageBoxW
OffsetRect
MonitorFromPoint
CharNextW
UnionRect
GetClipboardData
IsClipboardFormatAvailable
GetAsyncKeyState
ClientToScreen
GetSysColor
wsprintfW
FindWindowW

gdi32

DeleteObject
GetDeviceCaps
GetDIBits
GetStockObject
PatBlt
RealizePalette
SelectObject
SelectPalette
CreateDIBSection
GetObjectW
DeleteDC
GetTextMetricsW
CreateRoundRectRgn
GetObjectType
GetWindowOrgEx
RestoreDC
SaveDC
StretchBlt
SetStretchBltMode
GetObjectA
SetWindowOrgEx
CreateRectRgnIndirect
ExtSelectClipRgn
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
BitBlt

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
ord165
SHFileOperationW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b2f4a34d1132ff340bbdead0d2af8cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

gdiplus

winmm

comctl32

shlwapi

imm32

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 473KB - Virtual size: 473KB

.data Size: 19KB - Virtual size: 27KB

.idata Size: 14KB - Virtual size: 13KB

.msvcjmc Size: 3KB - Virtual size: 2KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 98KB - Virtual size: 97KB

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 473KB - Virtual size: 473KB

.data
Size: 19KB - Virtual size: 27KB

.idata
Size: 14KB - Virtual size: 13KB

.msvcjmc
Size: 3KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 98KB - Virtual size: 97KB