diff --git a/modules/signatures/decoy_image.py b/modules/signatures/decoy_image.py
index a9fb98dd..19b33cbb 100644
--- a/modules/signatures/decoy_image.py
+++ b/modules/signatures/decoy_image.py
@@ -34,7 +34,7 @@ def on_call(self, call, process):
                 path = self.get_argument(call, "FilePath")
                 if path:
                     if path.lower().endswith((".jpg", ".jpeg", ".png", ".bmp", ".tiff")):
-                        self.data.append(path)
+                        self.data.append({"path": path})
                         if self.pid:
                             self.mark_call()
 
@@ -46,7 +46,7 @@ def on_complete(self):
                     if "image data," in filetype or "PC bitmap," in filetype:
                         for filepath in dropped.get("guest_paths", []) or []:
                             for decoy in self.data:
-                                if filepath == decoy:
+                                if filepath in decoy.get("path", ""):
                                     return True
 
         return False