spoolsv.pdb
Static task
static1
1 signatures
General
-
Target
spoolsv.exe
-
Size
817KB
-
MD5
ec28f75786e3150b9ca11ea71e20d72a
-
SHA1
d8d563a7d24d395d3e1032deb2fed702d3bdf14d
-
SHA256
3daaf630bbb7cbf3349e1c3cc42f2f8882080fb8cc27b309cdf58a796cc32914
-
SHA512
d9cf26bcd60163bf19bdc7f76a031ee1f8855373b194659db6b00a3088c5ca459bc1d1ef4119fe48c80308703982d04267cd7a51d460e5495b4e51cc40fbc93a
-
SSDEEP
24576:3NRZO0cpj3ZhQiOhPTJRgyFT/y3DmbEVqK1y:3NnOLpj3ZhQiOhPTJRgyFT/HEVqKg
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource spoolsv.exe
Files
-
spoolsv.exe.exe windows:10 windows x64 arch:x64
a73acec9e3e3e98034374977a7639495
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
user32
SendNotifyMessageW
TranslateMessage
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
UnregisterDeviceNotification
RegisterDeviceNotificationW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
msvcrt
_amsg_exit
_XcptFilter
__set_app_type
exit
_exit
_cexit
_callnewh
malloc
__setusermatherr
_initterm
_fmode
_commode
_lock
free
_stricmp
__C_specific_handler
_wcsicmp
memmove_s
_purecall
memcpy_s
_vsnwprintf
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memmove
memcpy
memcmp
__getmainargs
swprintf_s
wcschr
_wcsnicmp
wcsstr
towupper
_strnicmp
__CxxFrameHandler3
towlower
memset
ntdll
NtQueryValueKey
NtOpenKeyEx
NtDeleteKey
NtQueryLicenseValue
NtSetInformationThread
NtQueryWnfStateData
RtlIsThreadWithinLoaderCallout
NtOpenThreadToken
NtClose
NtOpenProcessToken
RtlFreeHeap
RtlInitUnicodeString
NtSetInformationToken
RtlAllocateHeap
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
EtwEventWrite
EtwEventEnabled
RtlIpv4AddressToStringW
TpAllocPool
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
TpReleaseWork
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
RtlReportException
RtlVirtualUnwind
WinSqmIsOptedIn
WinSqmSetDWORD
WinSqmAddToStreamEx
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlCaptureContext
RtlValidRelativeSecurityDescriptor
EtwEventWriteTransfer
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwUnregisterTraceGuids
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlIpv6AddressToStringW
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
api-ms-win-core-synch-l1-1-0
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
SetEvent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
OpenEventW
ResetEvent
ReleaseMutex
CreateMutexW
WaitForSingleObject
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapCreate
HeapFree
HeapSetInformation
HeapDestroy
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
GetErrorMode
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
api-ms-win-core-processthreads-l1-1-0
TlsSetValue
SetThreadToken
OpenThreadToken
GetCurrentProcessId
ExitThread
TlsFree
TerminateProcess
ExitProcess
CreateThread
TlsAlloc
SetPriorityClass
TlsGetValue
GetCurrentThread
GetCurrentThreadId
OpenProcessToken
CreateProcessAsUserW
GetCurrentProcess
api-ms-win-core-processthreads-l1-1-1
SetProcessMitigationPolicy
OpenProcess
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-registry-l1-1-0
RegOpenCurrentUser
RegDeleteValueW
RegSetValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegQueryInfoKeyW
RegSetKeySecurity
RegDisablePredefinedCacheEx
RegCreateKeyExW
RegQueryValueExW
RegGetKeySecurity
RegDeleteTreeW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemTime
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
Sleep
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
rpcrt4
RpcServerSubscribeForNotification
I_RpcExceptionFilter
RpcServerTestCancel
RpcAsyncAbortCall
RpcSsContextLockExclusive
RpcServerInqCallAttributesW
RpcServerInqBindingHandle
I_RpcSessionStrictContextHandle
I_RpcBindingInqTransportType
RpcServerInterfaceGroupDeactivate
RpcSmDestroyClientContext
RpcRaiseException
RpcBindingToStringBindingW
NdrServerCall2
RpcServerUnsubscribeForNotification
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrClientCall3
Ndr64AsyncServerCallAll
NdrServerCallAll
Ndr64AsyncClientCall
NdrAsyncServerCall
RpcStringBindingParseW
RpcObjectSetType
RpcBindingVectorFree
RpcBindingServerFromClient
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf
RpcServerRegisterIf2
RpcBindingFree
RpcAsyncCompleteCall
RpcRevertToSelfEx
I_RpcBindingIsClientLocal
RpcServerInterfaceGroupActivate
RpcRevertToSelf
RpcImpersonateClient
RpcMgmtSetServerStackSize
RpcStringFreeW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerInterfaceGroupCreateW
RpcBindingInqAuthClientW
api-ms-win-security-base-l1-1-0
GetAclInformation
GetSecurityDescriptorDacl
AddAccessDeniedAceEx
AllocateAndInitializeSid
EqualSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
SetTokenInformation
DuplicateTokenEx
IsWellKnownSid
DuplicateToken
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
CheckTokenMembership
GetLengthSid
RevertToSelf
GetAce
GetSidSubAuthorityCount
CopySid
GetSidSubAuthority
CreateWellKnownSid
SetSecurityDescriptorDacl
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
kernelbase
GetIsEdpEnabled
LocalAlloc
lstrcmpiW
kernel32
AddVectoredExceptionHandler
LoadLibraryExW
GetComputerNameW
FreeLibrary
GetTickCount64
dsrole
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
api-ms-win-core-file-l1-1-0
DeleteFileW
ReadFile
CreateFileW
GetTempFileNameW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
api-ms-win-core-registry-l1-1-1
RegDeleteKeyValueW
RegSetKeyValueW
api-ms-win-core-console-l1-1-0
SetConsoleCtrlHandler
dnsapi
DnsFree
DnsQuery_W
api-ms-win-security-lsalookup-l2-1-0
LookupAccountNameW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
bcrypt
BCryptHashData
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
Exports
Exports
GetSpoolerTlsIndexes
PrvAbortPrinter
PrvAddFormW
PrvAddJobW
PrvAddMonitorW
PrvAddPerMachineConnectionW
PrvAddPortExW
PrvAddPortW
PrvAddPrintProcessorW
PrvAddPrintProvidorW
PrvAddPrinterConnectionW
PrvAddPrinterDriverExW
PrvAddPrinterDriverW
PrvAddPrinterExW
PrvAddPrinterW
PrvAdjustPointers
PrvAdjustPointersInStructuresArray
PrvAlignKMPtr
PrvAlignRpcPtr
PrvAllocSplStr
PrvAllowRemoteCalls
PrvAppendPrinterNotifyInfoData
PrvBuildOtherNamesFromMachineName
PrvCacheAddName
PrvCacheCreateAndAddNode
PrvCacheCreateAndAddNodeWithIPAddresses
PrvCacheDeleteNode
PrvCacheIsNameCluster
PrvCacheIsNameInNodeList
PrvCallDrvDevModeConversion
PrvCallRouterFindFirstPrinterChangeNotification
PrvCheckLocalCall
PrvClosePrinter
PrvConfigurePortW
PrvCreatePrinterIC
PrvDeleteFormW
PrvDeleteJobNamedProperty
PrvDeleteMonitorW
PrvDeletePerMachineConnectionW
PrvDeletePortW
PrvDeletePrintProcessorW
PrvDeletePrintProvidorW
PrvDeletePrinter
PrvDeletePrinterConnectionW
PrvDeletePrinterDataExW
PrvDeletePrinterDataW
PrvDeletePrinterDriverExW
PrvDeletePrinterDriverW
PrvDeletePrinterIC
PrvDeletePrinterKeyW
PrvDllAllocSplMem
PrvDllAllocSplStr
PrvDllFreeSplMem
PrvDllFreeSplStr
PrvDllReallocSplMem
PrvDllReallocSplStr
PrvEndDocPrinter
PrvEndPagePrinter
PrvEnumFormsW
PrvEnumJobsW
PrvEnumMonitorsW
PrvEnumPerMachineConnectionsW
PrvEnumPortsW
PrvEnumPrintProcessorDatatypesW
PrvEnumPrintProcessorsW
PrvEnumPrinterDataExW
PrvEnumPrinterDataW
PrvEnumPrinterDriversW
PrvEnumPrinterKeyW
PrvEnumPrintersW
PrvFindClosePrinterChangeNotification
PrvFlushPrinter
PrvFormatPrinterForRegistryKey
PrvFormatRegistryKeyForPrinter
PrvFreeOtherNames
PrvFreePrintPropertyValue
PrvGetFormW
PrvGetJobAttributes
PrvGetJobAttributesEx
PrvGetJobNamedPropertyValue
PrvGetJobW
PrvGetNetworkId
PrvGetPrintProcessorDirectoryW
PrvGetPrinterDataExW
PrvGetPrinterDataW
PrvGetPrinterDriverDirectoryW
PrvGetPrinterDriverExW
PrvGetPrinterDriverW
PrvGetPrinterW
PrvGetServerPolicy
PrvGetShrinkedSize
PrvGetSpoolerTlsIndexes
PrvImpersonatePrinterClient
PrvInitializeRouter
PrvIsNameTheLocalMachineOrAClusterSpooler
PrvIsNamedPipeRpcCall
PrvMIDL_user_allocate
PrvMIDL_user_allocate1
PrvMIDL_user_free
PrvMIDL_user_free1
PrvMarshallDownStructure
PrvMarshallDownStructuresArray
PrvMarshallUpStructure
PrvMarshallUpStructuresArray
PrvOldGetPrinterDriverW
PrvOpenPrinter2W
PrvOpenPrinterExW
PrvOpenPrinterPort2W
PrvOpenPrinterPortWithClientInfo
PrvOpenPrinterW
PrvPackStrings
PrvPartialReplyPrinterChangeNotification
PrvPlayGdiScriptOnPrinterIC
PrvPrinterHandleRundown
PrvPrinterMessageBoxW
PrvProvidorFindClosePrinterChangeNotification
PrvProvidorFindFirstPrinterChangeNotification
PrvReadPrinter
PrvReallocSplMem
PrvReallocSplStr
PrvRemoteFindFirstPrinterChangeNotification
PrvReplyClosePrinter
PrvReplyOpenPrinter
PrvReplyPrinterChangeNotification
PrvReplyPrinterChangeNotificationEx
PrvReportJobProcessingProgress
PrvResetPrinterW
PrvRevertToPrinterSelf
PrvRouterAddPrinterConnection2
PrvRouterAllocBidiMem
PrvRouterAllocBidiResponseContainer
PrvRouterAllocPrinterNotifyInfo
PrvRouterBroadcastMessage
PrvRouterCorePrinterDriverInstalled
PrvRouterCreatePrintAsyncNotificationChannel
PrvRouterDeletePrinterDriverPackage
PrvRouterFindCompatibleDriver
PrvRouterFindFirstPrinterChangeNotification
PrvRouterFindNextPrinterChangeNotification
PrvRouterFreeBidiMem
PrvRouterFreeBidiResponseContainer
PrvRouterFreePrinterNotifyInfo
PrvRouterGetCorePrinterDrivers
PrvRouterGetPrintClassObject
PrvRouterGetPrinterDriverPackagePath
PrvRouterInstallPrinterDriverFromPackage
PrvRouterInstallPrinterDriverPackageFromConnection
PrvRouterInternalGetPrinterDriver
PrvRouterRefreshPrinterChangeNotification
PrvRouterRegisterForPrintAsyncNotifications
PrvRouterReplyPrinter
PrvRouterSpoolerSetPolicy
PrvRouterUnregisterForPrintAsyncNotifications
PrvRouterUploadPrinterDriverPackage
PrvScheduleJob
PrvSeekPrinter
PrvSendRecvBidiData
PrvSetFormW
PrvSetJobNamedProperty
PrvSetJobW
PrvSetPortW
PrvSetPrinterDataExW
PrvSetPrinterDataW
PrvSetPrinterW
PrvSplCloseSpoolFileHandle
PrvSplCommitSpoolData
PrvSplDriverUnloadComplete
PrvSplGetClientUserHandle
PrvSplGetSpoolFileInfo
PrvSplGetUserSidStringFromToken
PrvSplInitializeWinSpoolDrv
PrvSplIsSessionZero
PrvSplIsUpgrade
PrvSplProcessPnPEvent
PrvSplProcessSessionEvent
PrvSplPromptUIInUsersSession
PrvSplQueryUserInfo
PrvSplReadPrinter
PrvSplRegisterForDeviceEvents
PrvSplRegisterForSessionEvents
PrvSplShutDownRouter
PrvSplUnregisterForDeviceEvents
PrvSplUnregisterForSessionEvents
PrvSpoolerFindClosePrinterChangeNotification
PrvSpoolerFindFirstPrinterChangeNotification
PrvSpoolerFindNextPrinterChangeNotification
PrvSpoolerFreePrinterNotifyInfo
PrvSpoolerHasInitialized
PrvSpoolerInit
PrvSpoolerRefreshPrinterChangeNotification
PrvStartDocPrinterW
PrvStartPagePrinter
PrvUndoAlignKMPtr
PrvUndoAlignRpcPtr
PrvUpdateBufferSize
PrvUpdatePrinterRegAll
PrvUpdatePrinterRegAllEx
PrvUpdatePrinterRegUser
PrvWaitForPrinterChange
PrvWaitForSpoolerInitialization
PrvWritePrinter
PrvXcvDataW
PrvbGetDevModePerUser
PrvbSetDevModePerUser
RouterLogJobInfoForBranchOffice
ServerGetPrintClassObject
SplUalCollectData
YAbortPrinter
YAddJob
YDriverUnloadComplete
YEndDocPrinter
YEndPagePrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSetPrinter
YSplReadPrinter
YStartDocPrinter
YStartPagePrinter
YWritePrinter
Sections
.text Size: 489KB - Virtual size: 488KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 231KB - Virtual size: 231KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 416B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ