Should I block it?

No, this file is 100% safe to run.

Additional versions

4.7	71.43%
4.6	14.29%
4.5	14.29%

Relationships

printscreenpro.exe (Gadwin PrintScreen Professional by Gadwin)

PE file structure

Show functions

Import table

advapi32.dll

RegOpenKeyA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegDeleteValueA, RegOpenKeyExA, RegCreateKeyExA, RegQueryInfoKeyA, RegEnumKeyA, RegQueryValueA, GetUserNameA, RegEnumValueA, RegEnumKeyExA, RegDeleteKeyA

comctl32.dll

ImageList_GetIconSize

comdlg32.dll

GetOpenFileNameA, GetFileTitleA

gdi32.dll

SelectClipRgn, CreatePen, GetViewportExtEx, GetWindowExtEx, GetPixel, OffsetViewportOrgEx, ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, CreatePatternBrush, CreateBitmap, GetObjectType, CreateHatchBrush, SetRectRgn, CreateDIBitmap, EnumFontFamiliesA, GetTextCharsetInfo, GetTextColor, CreateEllipticRgn, Ellipse, Polygon, GetPaletteEntries, GetNearestPaletteIndex, GetSystemPaletteEntries, GetRgnBox, SetDIBColorTable, SetPixel, EnumFontFamiliesExA, GetWindowOrgEx, GetViewportOrgEx, PtInRegion, FillRgn, GetBoundsRect, ExtFloodFill, SetPaletteEntries, GetTextFaceA, SetPixelV, SetStretchBltMode, RealizePalette, SetLayout, GetLayout, CreateDIBSection, SelectPalette, SetTextAlign, IntersectClipRect, ExcludeClipRect, SetMapMode, SetROP2, SetPolyFillMode, SetBkMode, CreateRectRgnIndirect, SetBkColor, SetTextColor, CopyMetaFileA, SetViewportExtEx, SetViewportOrgEx, GetClipBox, LineTo, MoveToEx, RestoreDC, ExtSelectClipRgn, CreateEllipticRgnIndirect, LPtoDP, SaveDC, GetBkColor, DeleteObject, CreatePalette, BitBlt, SelectObject, PatBlt, GetMapMode, Rectangle, ResetDCA, DeleteDC, AbortDoc, EndDoc, EndPage, StartPage, DPtoLP, StartDocA, SetAbortProc, CreateDCA, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetTextMetricsA, GetDeviceCaps, GetTextExtentPoint32A, CreateICA, EqualRgn, CombineRgn, CreateRectRgn, CreateRoundRectRgn, CreatePolygonRgn, FrameRgn, OffsetRgn, CreateSolidBrush, CreateFontIndirectA, GetStockObject, StretchBlt, CreateCompatibleBitmap, CreateCompatibleDC, GetObjectA, Polyline, CreatePenIndirect

gdiplus.dll

GdipGetImagePalette, GdipGetImagePaletteSize, GdipSaveImageToFile, GdipSetImagePalette, GdipSaveImageToStream, GdipGetImageRawFormat, GdipFillRectangleI, GdipDrawString, GdipSetStringFormatLineAlign, GdipSetStringFormatAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipCreateFontFamilyFromName, GdipDeleteFontFamily, GdipGetGenericFontFamilySansSerif, GdipCreateFont, GdipClosePathFigure, GdipAddPathLine, GdipDrawImageI, GdipDrawImageRectRectI, GdipFillPath, GdipDeletePath, GdipCreatePath, GdipSetWorldTransform, GdipDeleteMatrix, GdipCreateMatrix2, GdipCreateBitmapFromGraphics, GdipFillRectangle, GdipGetImageGraphicsContext, GdipDrawImageRectI, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCloneBitmapAreaI, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0, GdipDeleteRegion, GdipGetImagePixelFormat, GdipDrawEllipseI, GdipDeletePen, GdipCreatePen1, GdiplusShutdown, GdiplusStartup, GdipDrawImageRectRect, GdipDeleteFont, GdipGetImageWidth, GdipGetImageHeight, GdipCreateFromHDC, GdipDeleteGraphics, GdipSetPageUnit, GdipSetSmoothingMode, GdipSetCompositingMode, GdipSetInterpolationMode, GdipCreateSolidFill, GdipDeleteBrush, GdipFree, GdipAlloc, GdipCloneBrush, GdipCreateBitmapFromHBITMAP, GdipCloneImage, GdipDisposeImage, GdipAddPathArc

imm32.dll

ImmGetOpenStatus, ImmReleaseContext, ImmGetContext

kernel32.dll

DllMain, HeapAlloc, HeapFree, HeapReAlloc, GetTimeFormatA, GetDateFormatA, GetSystemTimeAsFileTime, VirtualAlloc, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RtlUnwind, RaiseException, ExitProcess, ExitThread, CreateThread, SetStdHandle, GetFileType, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, IsValidCodePage, HeapDestroy, HeapCreate, LCMapStringA, LCMapStringW, SetHandleCount, GetTimeZoneInformation, GetStringTypeA, GetStringTypeW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetConsoleCP, GetConsoleMode, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, GetOEMCP, GetCPInfo, InterlockedIncrement, GlobalFlags, GetProfileIntA, WritePrivateProfileStringA, GetFileTime, GetFileAttributesA, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, TlsGetValue, LocalAlloc, CreateEventA, SuspendThread, WaitForSingleObject, ResumeThread, SetThreadPriority, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, SetErrorMode, CreateFileA, GetFullPathNameA, GetVolumeInformationA, DuplicateHandle, CloseHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, ReadFile, GetThreadLocale, FormatMessageA, LocalFree, GetCurrentProcessId, InterlockedDecrement, GetModuleFileNameW, MulDiv, FreeResource, GlobalFindAtomA, lstrcmpW, FileTimeToSystemTime, FileTimeToLocalFileTime, DeleteFileA, GlobalReAlloc, WriteFile, GetStdHandle, FindNextChangeNotification, ResetEvent, DeleteCriticalSection, WaitForMultipleObjects, FindCloseChangeNotification, FindFirstChangeNotificationA, InitializeCriticalSection, Sleep, LeaveCriticalSection, EnterCriticalSection, SetEvent, GetFileInformationByHandle, CompareStringW, CompareStringA, GetVersion, InterlockedExchange, GetVersionExA, CreateDirectoryA, GetComputerNameA, GlobalAddAtomA, LoadLibraryExA, GlobalSize, lstrcmpiA, lstrcatA, lstrcmpA, lstrcpyA, FindClose, FindFirstFileA, GetModuleFileNameA, GlobalDeleteAtom, GlobalGetAtomNameA, FreeLibrary, lstrcpynA, MultiByteToWideChar, GlobalFree, lstrlenA, GlobalUnlock, GlobalLock, GlobalAlloc, LoadLibraryA, FindResourceA, GetLastError, LoadResource, SetLastError, LockResource, SizeofResource, GetCurrentProcess, WideCharToMultiByte, FlushInstructionCache, GetProcAddress, GetModuleHandleA, VirtualFree, GetCurrentThreadId

msimg32.dll

AlphaBlend, TransparentBlt

ole32.dll

CreateStreamOnHGlobal, CoTaskMemFree, ReleaseStgMedium, CoTaskMemAlloc, OleDuplicateData, CoUninitialize, CoCreateInstance, CoInitializeEx, CoCreateGuid, CoInitialize, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator, OleLockRunning, DoDragDrop, RevokeDragDrop, CoLockObjectExternal, RegisterDragDrop, OleGetClipboard

shell32.dll

DragQueryFileA, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetFileInfoA, SHGetDesktopFolder, ShellExecuteA, DragFinish, SHAppBarMessage, Shell_NotifyIconA, SHBrowseForFolderA

shlwapi.dll

PathFindExtensionA, PathFindFileNameA, PathStripToRootA, PathRemoveFileSpecW, PathIsUNCA

user32.dll

DllMain

winmm.dll

PlaySoundA

winspool.drv

OpenPrinterA, GetJobA, DocumentPropertiesA, ClosePrinter

printscreen.exe

Gadwin PrintScreen by Gadwin (Signed)

Remove printscreen.exe

Version:	4.6
MD5:	755db0fabd639de8d9fa6d446ba90d36
SHA1:	f9b7ee12630fe15f60ed299d9406bfca25725ccc
SHA256:	144a3975545311270825e64fe564f16a8895573abf0b4c0ad07a766d4e8d86dc

Overview

printscreen.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It is installed with a couple of know programs including Gadwin PrintScreen published by Gadwin Systems, Inc., Gadwin PrintScreen from Gadwin Systems, Inc. and Gadwin PrintScreen by Gadwin Systems, Inc.. The file is digitally signed by Gadwin which was issued by the COMODO CA Limited certificate authority (CA).

Details

File name:	printscreen.exe
Publisher:	Gadwin Systems, Inc
Product name:	Gadwin PrintScreen
Typical file path:	C:\Program Files\gadwin systems\printscreen\printscreen.exe
File version:	4.6
Size:	476 KB (487,424 bytes)
Certificate
Issued to:	Gadwin
Authority (CA):	COMODO CA Limited
Effective date:	Thursday, May 10, 2012
Expiration date:	Thursday, May 11, 2017
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Programs

The following programs will install this file

Gadwin PrintScreen

Gadwin Systems, Inc.

7% remove

“There are several hotkey combos to choose from (PrintScreen is the default). Once you've chosen your favorite combo, head to the Destination tab and have the screen print out instantly, copy the capture to the clipboard, save it to a specific folder, or even send it through e-mail. You can perform full screen captures, or only capture a specific window. Gadwin PrintScreen Professional combines the power of a first-class screen capture ...”

Behaviors

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'Gadwin PrintScreen' → C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00015062%	0.028634%
Kernel CPU:	0.00011727%	0.013761%
User CPU:	0.00003335%	0.014873%
Kernel CPU time:	219 ms/min	100,923,805ms/min
Memory
Private memory:	1.26 MB	21.59 MB
Private (maximum):	3.74 MB
Private (minimum):	60 KB
Non-paged memory:	1.26 MB	21.59 MB
Virtual memory:	37.05 MB	140.96 MB
Virtual memory (peak):	38.12 MB	169.69 MB
Working set:	520 KB	18.61 MB
Working set (peak):	3.74 MB	37.95 MB
Page faults:	3,636/min	2,039/min
I/O
I/O read transfer:	93 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O other transfer:	152 Bytes/sec	448.09 KB/min
I/O other operations:	2/sec	1,671/min
Resource allocations
Threads:	2	12
Handles:	44	600
GUI GDI count:	18	103
GUI USER count:	17	49

Process properties

Tray notification:	Yes
Integrety level:	Undefined
Platform:	32-bit
Command line:	"C:\Program Files\gadwin systems\printscreen\printscreen.exe" /nosplash
Owner:	User
Parent process:	Explorer.EXE (Windows Explorer by Microsoft)

Threads

Averages

PrintScreen.exe (main module)
Total CPU:	0.00020167%	0.272967%
Kernel CPU:	0.00015125%	0.107585%
User CPU:	0.00005042%	0.165382%
Memory:	492 KB	1.16 MB
gdiplus.dll
Total CPU:	0.00002521%
Kernel CPU:	0.00000000%
User CPU:	0.00002521%
Memory:	1.67 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Distribution by Windows OS

OS version	distribution
Windows 7 Home Premium	57.14%
Microsoft Windows XP	42.86%

Distribution by country

United States installs about 57.14% of Gadwin PrintScreen.

Distribution by PC manufacturer

PC Manufacturer	distribution
Intel	66.67%
Acer	33.33%

Remove Adware and Spyware Programs, FREE Download!