PrintHook64[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintHook64.dll
Size

398KB
MD5

c51a21144dc500311dcbdc7dec56fae5
SHA1

208844dc16beee488fc1a3c7c1ec5a82ef3d97f4
SHA256

f4d40cec5e6e381e0d9fa91886a6cb0e9ad164033cf38fef9633fca496f838fe
SHA512

725fb6e0807863d195bc7e827b682e34689ca4953e08c22c4e221cb52051822c997b2d0653686addfd784e034aaf1c492e9d80cc7dde87d116396f5dc82551ae
SSDEEP

6144:571iBv5kdthl4hz+4ITlH6RyzxMLg1VbU2EJXF+0DcoZObMuHOqqD6mWEz:l1I5kdthl4h+4PR2RB4BF+VoqMFD

Score

1^/10

Malware Config

Signatures

Files

PrintHook64.dll
.dll windows:4 windows x64 arch:x64

bacec1eb5363d3b59b731f2ac3c9cf9d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:b7:f7:e6:8b:d3:06:42:9e:7d:d5:fc:de:67:54:21
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Finn International Ltd [websupergoo.com],O=Finn International Ltd [websupergoo.com],POSTALCODE=-,STREET=Li Yuen Street East+STREET=24B Li Dong Building,L=Central,ST=-,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:86:2a:75:8a:f2:ac:b1:fe:31:94:d5:20:3b:bc:c8:dd:fd:5a:e4
Signer

Actual PE Digest

b2:86:2a:75:8a:f2:ac:b1:fe:31:94:d5:20:3b:bc:c8:dd:fd:5a:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\WSG\Projects\ABCpdf\Source\ABCpdf7021\SilentPrint\lib\x64\release\PrintHook64.pdb

Imports

kernel32

GlobalUnlock
lstrlenA
lstrlenW
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ResumeThread
CreateProcessA
CreateProcessW
GetCurrentProcessId
GetSystemInfo
VirtualProtect
VirtualQuery
VirtualAlloc
OpenThread
CloseHandle
SuspendThread
GetThreadContext
SetThreadContext
VirtualAllocEx
WriteProcessMemory
GetCurrentProcess
ReadProcessMemory
GlobalLock
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
GetModuleFileNameW
WideCharToMultiByte
GlobalAlloc
GetCommandLineW
TerminateProcess
ExpandEnvironmentStringsW
OpenProcess
VirtualQueryEx
CreateFileA
ReadFile
SetEndOfFile
GetLocaleInfoW
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
EnterCriticalSection
CreateRemoteThread
GlobalFree
HeapReAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapDestroy
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetLastError
GetCommandLineA
GetFileAttributesW
DisableThreadLibraryCalls
HeapCreate
HeapSetInformation
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapFree
GetCurrentThreadId
FlsSetValue
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlVirtualUnwind
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA

user32

wsprintfW
GetClassNameW
GetWindowTextW
PostMessageA
ShowWindow
ShowWindowAsync
SetWindowPos
DeferWindowPos
CreateWindowExA
CreateWindowExW
GetDlgItem

gdi32

StartDocA
StartDocW

winspool.drv

OpenPrinterW
OpenPrinterA
GetPrinterA
ClosePrinter
GetPrinterW

advapi32

RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserA
CreateProcessWithLogonW
CreateProcessAsUserW
RegCloseKey

shlwapi

PathAppendW
PathRemoveFileSpecW

Exports

Exports

InjectHook
Patch
StartHook
StopHook
WorkerProcess
distorm_decode64
distorm_version

Sections

.text
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bacec1eb5363d3b59b731f2ac3c9cf9d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:b7:f7:e6:8b:d3:06:42:9e:7d:d5:fc:de:67:54:21Certificate

Extended Key Usages

Key Usages

b2:86:2a:75:8a:f2:ac:b1:fe:31:94:d5:20:3b:bc:c8:dd:fd:5a:e4Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 257KB - Virtual size: 257KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 48KB - Virtual size: 59KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 7KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:b7:f7:e6:8b:d3:06:42:9e:7d:d5:fc:de:67:54:21
Certificate

b2:86:2a:75:8a:f2:ac:b1:fe:31:94:d5:20:3b:bc:c8:dd:fd:5a:e4
Signer

.text
Size: 257KB - Virtual size: 257KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 48KB - Virtual size: 59KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 7KB - Virtual size: 7KB