PrintWiz[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PrintWiz.exe
Size

108KB
MD5

caea4a27ec0d1feca526a3185f147d9d
SHA1

6c14e32b52afc0724c79bd296e370c7de99d2abf
SHA256

8c4dc4501063cbcd4598bcd0a8eb9a5517a829b5d6b0e025a258d7f534cdd86e
SHA512

c24286aaecd8b16255dba5d11b5680ff5df7aa9db3461817f3d56bc3ebf7bf67be2e257b69c9343be3a255fbad4e380586980ba9eb19f4b1b82851a3a47f7639
SSDEEP

1536:4q7gSwq2m8R1dc9f+hgB5Rd2rIiBd9HnhsVCcVROtD/DxzSnOUsrpoO5J:4DqVPRd2rIiBPHhsJRWbDhSn8X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintWiz.exe

Files

PrintWiz.exe
.exe windows:4 windows x86

1144f4554119347755ab7c29c45d2cd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crlutl

?GetInst@IGLB_UILanguage@@SAAAV1@XZ
_INIGetCorelPrnIniFile@8

crli18n

_CorIsFarEastWindow@0
_CorIsJapaneseWindows@0
_CorGetDefaultFarEastFontName@0
_CorGetCharSet@0

crlctl

??0WCmnUI_PropertySheet@@QAE@IPAVCWnd@@I@Z
?GetThisMessageMap@WCmnUI_PropertyPage@@KGPBUAFX_MSGMAP@@XZ
??0WCmnUI_PropertyPage@@QAE@IIK@Z
??1WCmnUI_PropertyPage@@UAE@XZ
?GetRuntimeClass@WCmnUI_PropertyPage@@UBEPAUCRuntimeClass@@XZ
?BuildPropPageArray@WCmnUI_PropertySheet@@UAEXXZ
?PreTranslateMessage@WCmnUI_PropertySheet@@UAEHPAUtagMSG@@@Z
??1WCmnUI_PropertySheet@@UAE@XZ
?AddPage@WCmnUI_PropertySheet@@QAEXPAVCPropertyPage@@@Z
?GetMessageMap@WCmnUI_PropertyPage@@MBEPBUAFX_MSGMAP@@XZ
?OnInitDialog@WCmnUI_PropertySheet@@UAEHXZ
?GetThisClass@WCmnUI_PropertySheet@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@WCmnUI_PropertySheet@@KGPBUAFX_MSGMAP@@XZ

mfc71u

ord4884
ord2011
ord1662
ord1661
ord5908
ord1392
ord5207
ord4714
ord4276
ord1513
ord4256
ord2366
ord1908
ord3678
ord741
ord2651
ord6115
ord4574
ord762
ord1079
ord3204
ord1925
ord3155
ord3280
ord1271
ord1270
ord5633
ord2086
ord4234
ord5210
ord2985
ord3311
ord572
ord266
ord602
ord347
ord265
ord6013
ord5640
ord589
ord330
ord709
ord501
ord3126
ord2362
ord3198
ord1720
ord3922
ord1403
ord2491
ord3289
ord530
ord722
ord6001
ord1176
ord5710
ord380
ord5489
ord3237
ord4730
ord3281
ord3157
ord5638
ord3995
ord4117
ord5636
ord5637
ord746
ord629
ord1430
ord5319
ord2897
ord3451
ord1626
ord1534
ord3151
ord502
ord2361
ord583
ord1386
ord3590
ord1182
ord1178
ord6086
ord760
ord4320
ord2009
ord1007
ord5096
ord566
ord2121
ord776
ord870
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord577
ord5398
ord2468
ord283
ord293
ord4098
ord4026
ord3756
ord774
ord3927
ord1542
ord6063
ord1582
ord5803
ord899
ord2701
ord2895
ord2311
ord268
ord280
ord2460
ord383
ord3383
ord896
ord1058
ord4027
ord287
ord1156
ord4207
ord5178
ord4184
ord4838
ord4611
ord4791
ord5065
ord1198
ord4861
ord1955
ord1573
ord4266
ord4480
ord2856
ord5196
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1512
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4274
ord4716
ord3397
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord2027
ord1117
ord764
ord757
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677
ord4535
ord5440

msvcr71

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
_resetstkoflw
_waccess
calloc
wcsncpy
_wsplitpath
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsrchr
_except_handler3
_purecall
_CxxThrowException
wcscmp
wcslen
__CxxFrameHandler
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
malloc
wcscpy
_onexit
__security_error_handler
free
_controlfp
?terminate@@YAXXZ

kernel32

GetCurrentProcessId
CreateEventW
GetModuleHandleW
GetModuleHandleA
GetProcAddress
InterlockedExchange
lstrcpyW
GetProfileStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetSystemTimeAsFileTime
GetFileAttributesW
GetVersion
QueryPerformanceCounter
WaitForSingleObject
GlobalDeleteAtom
GlobalFindAtomW
ReleaseMutex
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
SetUnhandledExceptionFilter
FreeLibrary
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetUserDefaultLCID
HeapFree
HeapAlloc
GetProcessHeap
GetFileSize
OutputDebugStringW
ReadFile
CreateFileW
lstrcmpiW
LockResource
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetStartupInfoW
GetACP
ExitProcess
GetTickCount
CloseHandle
GetVersionExA
GetCurrentThreadId

user32

EnableWindow
IsWindow
UpdateLayeredWindow
LoadCursorW
GetDesktopWindow
ShowWindow
EndDialog
RedrawWindow
FindWindowW
BeginPaint
EndPaint
IsRectEmpty
SetWindowTextW
GetDC
SetRect
LoadStringW
CopyRect
ReleaseDC
GetSysColor
GetWindowLongW
AdjustWindowRect
MessageBeep
CreateDialogParamW
InflateRect
GetSystemMetrics
DestroyWindow
InvalidateRect
UpdateWindow
GetWindowRect
DdeNameService
DdeUninitialize
PostThreadMessageW
DrawTextW
OffsetRect
SendMessageW
LoadImageW
GetClientRect
PostMessageW
SetWindowPos
GetParent

gdi32

SetDIBColorTable
SelectPalette
SaveDC
RestoreDC
SetBkColor
SetTextColor
SetBkMode
SetTextAlign
TextOutW
RectVisible
DeleteDC
SelectObject
GetTextMetricsW
GetTextFaceW
DeleteObject
GetTextExtentPoint32W
GetNearestColor
CreateSolidBrush
StretchDIBits
EndDoc
EndPage
StartPage
StartDocW
Rectangle
Polyline
CreateDCW
CreateFontIndirectW
CreatePen
GetStockObject
GetDIBColorTable
StretchBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
CreatePalette
GetObjectW
CreateDIBSection

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comctl32

ord17

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipGetImagePixelFormat

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1144f4554119347755ab7c29c45d2cd9

Headers

File Characteristics

Imports

crlutl

crli18n

crlctl

mfc71u

msvcr71

kernel32

user32

gdi32

winspool.drv

comctl32

gdiplus

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 28KB