rubyscreen[.]dll | Triage

Sharing

General

Target

rubyscreen.dll
Size

27KB
MD5

69ee5b4f2eec4f25171a8396f38b9ac2
SHA1

596281f5c47a6938c999dbaefd1ad9835b2baa5d
SHA256

777055e7400b49941cc083f86343c8bb5c8c067021b32435809e87e4bebe3807
SHA512

a91ae45228667b07eb323045f6185534dd8b7cee576d4c80c7cbb8a0fde455553a803bebb67eb478a4f420c2b3c280cd0749d73ed449ddf90c12fbaa963656fa
SSDEEP

384:Q2HWflDAyO3nHY16QO/9aeWmAy0A9Eyn+3/zsgrS0khYF2yc4DGGvEAJ0E4:1WdCHY1NheWmAyE5VrS0khYz8A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rubyscreen.dll

Files

rubyscreen.dll
.dll windows:1 windows x86 arch:x86

80873ec99eec430ece0ddf9862803990

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
FlushFileBuffers
GetCurrentThreadId
GetEnvironmentStringsA
GetFileSize
CloseHandle
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
OutputDebugStringA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
WriteFile

user32

GetClientRect
GetWindowThreadProcessId
GetForegroundWindow
GetDC
ReleaseDC
FindWindowExA

gdi32

BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
GetObjectA
DeleteDC
DeleteObject

crtdll

_fdopen
_open_osfhandle
_vsnprintf
fclose
_cexit
malloc
memcmp
memmove
memset
printf
raise
setbuf
strcpy

Exports

Exports

SwapRgb
TakeScreenshot

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 796B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 388B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 100B - Virtual size: 100B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ