Greenshot.exe

File Path: C:\Program Files\Greenshot\Greenshot.exe
Description: Greenshot

Hashes

Type	Hash
MD5	`346D22939E3079901F0DFAC7ADD71C94`
SHA1	`67EA9F4F56C7C4189745AAB05C614A6E615D9E7E`
SHA256	`FDC3900DA9CF5B4B7F4B461EB54F2F7ABF2AF104DE8BFDD0B7F6A46F092F9CC6`
SHA384	`84299E905D6FD521F2EB782B8C209AB42063945A1BF45F055A50E4EE8E3689D43A118D536CBBCEA1BAAF1778CB72CF26`
SHA512	`3D845AEE807F6FC711F212229595BA2DFEEC760C649B7B0F4398CBA8091FAB8EB63DD551B46F49840A2DE2C2B872130B4B5E90F95FF2757381E96BE4B066122D`
SSDEEP	`12288:qIska30pZKIpno9eKXt2w3Po52QIUtMbYKUnwLu8m3mkDGYP8/Gc5oTr6zG/P9PI:YxUR5LgcOoINdSjQk2`
IMP	`F34D5F2D4577ED6D9CEEC516C1F5A744`
PESHA1	`47DA7848C5793C025B226ECA4A5CDC8991E7BD95`
PE256	`A32AD49035B05B071833CCD61737447E263DCD69E8FB7A78E5CBAA8B0D4C99D2`

Runtime Data

Usage (stdout):

Greenshot commandline options:

	/help
		This help.

	/exit
		Tries to close all running instances.

	/reload
		Reload the configuration of Greenshot.

	/language [language code]
		Set the language of Greenshot, e.g. greenshot /language en-US.

	/inidirectory [directory]
		Set the directory where the greenshot.ini should be stored & read.

	[filename]
		Open the bitmap files in the running Greenshot instance or start a new instance

Open Handles:

Path	Type
(R–) C:\Users\user\AppData\Local\Greenshot\Greenshot.log	File
(R-D) C:\Program Files\Greenshot\Greenshot.exe	File
(R-D) C:\Program Files\Greenshot\GreenshotPlugin.dll	File
(R-D) C:\Program Files\Greenshot\LinqBridge.dll	File
(R-D) C:\Program Files\Greenshot\log4net.dll	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotBoxPlugin\GreenshotBoxPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotConfluencePlugin\GreenshotConfluencePlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotDropBoxPlugin\GreenshotDropboxPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\GreenshotExternalCommandPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotFlickrPlugin\GreenshotFlickrPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\GreenshotImgurPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotJiraPlugin\GreenshotJiraPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\GreenshotOfficePlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotPhotobucketPlugin\GreenshotPhotobucketPlugin.gsp	File
(R-D) C:\Program Files\Greenshot\Plugins\GreenshotPicasaPlugin\GreenshotPicasaPlugin.gsp	File
(R-D) C:\Windows\Fonts\StaticCache.dat	File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui	File
(R-D) C:\Windows\System32\en-US\propsys.dll.mui	File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21	File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.508_none_faefa4f37613d18e	File
(RW-) C:\xCyclopedia	File
...\Cor_SxSPublic_IPCBlock	Section
\BaseNamedObjects__ComCatalogCache__	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db	Section
\BaseNamedObjects\C:ProgramDataMicrosoftWindowsCaches*cversions.2	Section
\BaseNamedObjects\Cor_Private_IPCBlock_v4_6068	Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0	Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0	Section
\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\BaseNamedObjects\UrlZonesSM_user	Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters	Section
\Sessions\1\Windows\Theme2547664911	Section
\Windows\Theme3854699184	Section

Loaded Modules:

Path
C:\Program Files\Greenshot\Greenshot.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\System32\ADVAPI32.dll
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\SYSTEM32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.dll
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHLWAPI.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\SYSTEM32\ucrtbase_clr0400.dll
C:\Windows\System32\USER32.dll
C:\Windows\SYSTEM32\VCRUNTIME140_CLR0400.dll
C:\Windows\SYSTEM32\VERSION.dll
C:\Windows\System32\win32u.dll

Signature

Status: Signature verified.
Serial: 66C5DCC14B517809C172B44B7E9784F7
Thumbprint: 6DFA88FEDBA957855DB938B38082378F14C7CCCC
Issuer: CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Subject: E=getgreenshot@gmail.com, CN=”Open Source Developer, Robin Krom”, O=Open Source Developer, C=DE

File Metadata

Original Filename: Greenshot.exe
Product Name: Greenshot
Company Name: Greenshot
File Version: 1.2.10.6
Product Version: 1.2.10.6-RELEASE-c2414cf0149a1475ea00520effc01b40087c225c
Language: Language Neutral
Legal Copyright:
Machine Type: 32-bit

File Scan

VirusTotal Detections: 0/67
VirusTotal Link: https://www.virustotal.com/gui/file/fdc3900da9cf5b4b7f4b461eb54f2f7abf2af104de8bfdd0b7f6a46f092f9cc6/detection/

Possible Misuse

The following table contains possible examples of Greenshot.exe being misused. While Greenshot.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	registry_event_asep_reg_keys_modification_currentversion.yml	`TargetObject\\|endswith: '\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Greenshot'`	DRL 1.0
sigma	registry_event_asep_reg_keys_modification_currentversion.yml	`Details: 'C:\Program Files\Greenshot\Greenshot.exe'`	DRL 1.0