PrintConfig[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintConfig.dll
Size

2.6MB
MD5

d0818657648366b03c7cb4aa2dced253
SHA1

f2db90ce4ec5328d08429ae90db68f14bd389f99
SHA256

2ac0fb8b679f51c6ebf5346f75ac543797ea1617d1f69a2830f305823ab7b35d
SHA512

c5e12d1379b764de838286e7937f8783d7036448d978b8f09058a3946d70ac54025a79ae3c84c49c46edfac8107502b67a62dd191d40d1145f73cfba27c37da2
SSDEEP

49152:q6SbH4jcgJKFBSCribvu8Y0BCQGRuWcavm5o8:2bHacQKFBS2CvNY0rGRxn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintConfig.dll

Files

PrintConfig.dll
.dll regsvr32 windows:10 windows x86 arch:x86

d52df4278e26c6d53d1c2b4cae5871ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintConfig.pdb

Imports

msvcrt

fflush
wcschr
ungetwc
ungetc
fputwc
fgetwc
fgetc
strncmp
_wtoi
wcstol
ldexp
_errno
_wtol
strcspn
localeconv
sprintf_s
memchr
calloc
_wfsopen
___lc_collate_cp_func
setvbuf
fsetpos
_fseeki64
fgetpos
memmove_s
wcscat_s
wcsncpy_s
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_wcsnicmp
__crtCompareStringW
memcmp
__mb_cur_max
fwrite
fclose
strchr
realloc
wcstoul
fseek
_wtof
memset
_callnewh
_CxxThrowException
setlocale
__CxxFrameHandler3
memcpy
strerror
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
__pctype_func
isupper
__crtLCMapStringA
islower
fprintf
_wsplitpath_s
_wmakepath_s
vfprintf
floor
abort
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
_ftol2
__crtLCMapStringW
__uncaught_exception
isspace
tolower
strtod
wcscpy_s
_stricmp
_vsnprintf_s
memcpy_s
??8type_info@@QBEHABV0@@Z
memmove
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_ftol2_sse
ceil
fputc
atoi
_itow
wcsncmp
_vsnprintf
qsort
wcstod
iswspace
_ultoa
strrchr
iswctype
_strnicmp
wcsstr
wcstok_s
towupper
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnwprintf
wcsrchr
_resetstkoflw
free
malloc
_purecall
_wcsicmp
??_V@YAXPAX@Z
??3@YAXPAX@Z

kernel32

LoadLibraryExA
GetSystemInfo
VirtualQuery
VirtualProtect
OutputDebugStringA
MulDiv
GetTempFileNameW
HeapCreate
SetErrorMode
SetFilePointer
GetFileTime
GetSystemDirectoryW
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringW
LockResource
FindResourceW
lstrlenW
GetSystemDefaultLCID
GetACP
GetUserDefaultUILanguage
VirtualFree
GetFullPathNameW
GetCPInfo
VirtualAlloc
GetSystemTimeAsFileTime
CloseHandle
GetLastError
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
GetFileAttributesExW
WaitForSingleObject
GetFileSize
GetCurrentProcess
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
OpenMutexW
CreateMutexW
RemoveDirectoryW
CreateDirectoryW
WriteFile
DeleteFileW
CreateFileMappingW
CreateProcessW
SetEvent
LoadLibraryExW
GetModuleFileNameW
GetCurrentThreadId
HeapAlloc
HeapFree
FormatMessageW
SetLastError
ReleaseSemaphore
WaitForSingleObjectEx
CreateActCtxW
ReleaseActCtx
GetModuleHandleExW
GetModuleFileNameA
OutputDebugStringW
GetProcessHeap
OpenSemaphoreW
CreateEventW
QueueUserWorkItem
InitOnceBeginInitialize
InitOnceComplete
GetCurrentProcessId
CreateSemaphoreExW
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount64
MultiByteToWideChar
RaiseException
LoadResource
SizeofResource
FindResourceExW
GetModuleHandleW
lstrcmpiW
TerminateJobObject
CreateWaitableTimerW
WaitForMultipleObjects
IsWow64Process
WideCharToMultiByte
LocalAlloc
OpenProcess
GetProcessId
LocalFree
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
TerminateProcess
IsDebuggerPresent
IsProcessInJob
GetSystemWindowsDirectoryW
SetWaitableTimer
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CopyFileW
CompareStringOrdinal
GlobalSize
GlobalLock
GlobalUnlock
ResetEvent
CompareFileTime
CreateThread
GetComputerNameW
SystemTimeToTzSpecificLocalTime
OpenEventW
lstrcmpW
GetLocaleInfoW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
EnumUILanguagesW
GetThreadPreferredUILanguages
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter

oleaut32

VariantChangeType
SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi
VariantCopy
SystemTimeToVariantTime
VarBstrCat
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal

ole32

GetHGlobalFromStream
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
CoGetCallerTID
CoGetContextToken
CoWaitForMultipleHandles
CoRevertToSelf
CreateStreamOnHGlobal
CoImpersonateClient
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoGetClassObject
CoSuspendClassObjects
CoResumeClassObjects
CoCreateInstance

rpcrt4

IUnknown_AddRef_Proxy
UuidFromStringW
CStdStubBuffer_Connect
RpcStringFreeW
UuidToStringW
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
RpcServerInqCallAttributesW
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
UuidCreate

winspool.drv

DeviceCapabilitiesW
EnumFormsW
OpenPrinterW
ClosePrinter
GetPrinterDataExW
GetPrinterDataW
OpenPrinter2W
SetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterW
EnumPrinterDataExW
SetPrinterDataExW
DeletePrinterDataExW
DeletePrinterDataW
SetJobW
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
EnumPrintersW
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
GetPrinterDriverW
EnumJobsW
DeleteFormW
AddFormW
SetPrinterW
GetFormW

advapi32

CreateProcessAsUserW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
CreateWellKnownSid
AddAccessAllowedAceEx
RegGetValueW
RegDeleteKeyW
SetThreadToken
EventUnregister
EventActivityIdControl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
ConvertSidToStringSidW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
SaferCloseLevel
SaferComputeTokenFromLevel
SaferCreateLevel
RegEnumValueW
DuplicateTokenEx
CreateRestrictedToken
DeleteService
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
EventWrite
EventWriteTransfer
EventRegister

shlwapi

SHCreateStreamOnFileEx

prntvpt

ord1
ord3
ord6
ord9
ord8
ord10
ord7
ord4
ord2

user32

GetGUIThreadInfo
GetAppCompatFlags2
DialogBoxParamW
LoadIconW
SetDlgItemTextA
SetDlgItemTextW
EndDialog
CheckRadioButton
MessageBoxW
MessageBeep
WinHelpW
SendDlgItemMessageW
GetDlgItemTextW
SetCursor
LoadCursorW
InvalidateRect
CheckDlgButton
DispatchMessageW
UnregisterClassA
AllowSetForegroundWindow
GetWindowThreadProcessId
LoadStringW
CharNextW
GetDlgItem
PostMessageW
ShowWindow
SendMessageW
GetParent
GetWindowLongW
SetWindowLongW
GetAncestor
SetFocus
SetForegroundWindow
SetActiveWindow
EnableWindow
GetFocus
GetActiveWindow
IsGUIThread
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

CreateICW
EnumFontFamiliesW
SetGraphicsMode
CreateDCW
GetDeviceCaps
DeleteDC
ExtEscape

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
GetStandardMessageForPrinterStatus
MxdcGetPDEVAdjustment
NotifyEntry
ServiceMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 927KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d52df4278e26c6d53d1c2b4cae5871ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

rpcrt4

winspool.drv

advapi32

shlwapi

prntvpt

user32

version

gdi32

userenv

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 57KB - Virtual size: 60KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 927KB - Virtual size: 928KB

.reloc Size: 98KB - Virtual size: 97KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 57KB - Virtual size: 60KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 927KB - Virtual size: 928KB

.reloc
Size: 98KB - Virtual size: 97KB