PrintConfig[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintConfig.dll
Size

2.7MB
MD5

1436616bfa938b067b1f35377530ace3
SHA1

69cfda8ca966bc19686f72901cca02a8a0f56d60
SHA256

27159c3e11e89e4b59fa8662ffe74f5cc11d5a71a8fc8044cb897c6ac98721ff
SHA512

2cc8d5676983c31dd51d5c4779c232e6b82024616963456881953227449cca5cc80b2d3caf4df01990a1611b8c1b4305474b2e63932527e9790f5244a2dccc05
SSDEEP

49152:8Q/K5er6FwOvwfiIx69p0daJV2QRFiDRgOrjCx0:iyxfiIx7aJgQRORgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintConfig.dll

Files

PrintConfig.dll
.dll regsvr32 windows:10 windows x86 arch:x86

711cbc782e065cae4b1a56e02432b784

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintConfig.pdb

Imports

msvcrt

fflush
wcschr
ungetwc
ungetc
fputwc
fgetwc
fgetc
strncmp
_wtoi
wcstol
ldexp
_errno
_wtol
strcspn
setvbuf
sprintf_s
_wfsopen
___lc_collate_cp_func
fsetpos
_fseeki64
fgetpos
__mb_cur_max
__crtLCMapStringW
calloc
memmove_s
wcscat_s
wcsncpy_s
??1bad_cast@@UAE@XZ
__crtCompareStringW
memcmp
islower
abort
fwrite
fclose
strchr
realloc
wcstoul
fputc
fseek
memset
_callnewh
_CxxThrowException
setlocale
__CxxFrameHandler3
memcpy
strerror
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
__pctype_func
isupper
localeconv
__crtLCMapStringA
_XcptFilter
fprintf
_wsplitpath_s
_wmakepath_s
floor
vfprintf
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
__uncaught_exception
isspace
tolower
strtod
memchr
??0bad_cast@@QAE@ABV0@@Z
_wcsnicmp
wcscpy_s
_stricmp
_vsnprintf_s
memcpy_s
??8type_info@@QBEHABV0@@Z
memmove
ceil
_ftol2
_wtof
_ftol2_sse
_swprintf_c_l
atoi
_itow
_wcsdup
wcstok_s
wcsncmp
_vsnprintf
qsort
wcstod
iswspace
_ultoa
strrchr
iswctype
_strnicmp
towupper
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnwprintf
wcsrchr
wcsstr
_resetstkoflw
free
malloc
_purecall
_wcsicmp
??_V@YAXPAX@Z
??3@YAXPAX@Z

kernel32

VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
SetThreadUILanguage
GetThreadUILanguage
LocaleNameToLCID
MulDiv
GetTempFileNameW
HeapCreate
SetErrorMode
SetFilePointer
GetFileTime
GetSystemDirectoryW
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringW
LockResource
FindResourceW
lstrlenW
GetSystemDefaultLCID
GetACP
GetUserDefaultUILanguage
VirtualFree
GetFullPathNameW
GetCPInfo
CloseHandle
GetLastError
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
GetFileAttributesExW
WaitForSingleObject
GetFileSize
GetCurrentProcess
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
OpenMutexW
CreateMutexW
RemoveDirectoryW
CreateDirectoryW
WriteFile
DeleteFileW
CreateFileMappingW
CreateProcessW
SetEvent
LoadLibraryExW
GetModuleFileNameW
GetCurrentThreadId
HeapAlloc
HeapFree
FormatMessageW
SetLastError
ReleaseSemaphore
WaitForSingleObjectEx
CreateActCtxW
ReleaseActCtx
GetModuleHandleExW
GetModuleFileNameA
OutputDebugStringW
GetProcessHeap
OpenSemaphoreW
CreateEventW
QueueUserWorkItem
InitOnceBeginInitialize
InitOnceComplete
GetCurrentProcessId
CreateSemaphoreExW
CreateMutexExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount64
MultiByteToWideChar
RaiseException
LoadResource
SizeofResource
FindResourceExW
GetModuleHandleW
lstrcmpiW
TerminateJobObject
CreateWaitableTimerW
WaitForMultipleObjects
IsWow64Process
WideCharToMultiByte
LocalAlloc
OpenProcess
GetProcessId
LocalFree
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
TerminateProcess
IsDebuggerPresent
IsProcessInJob
GetSystemWindowsDirectoryW
SetWaitableTimer
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CopyFileW
CompareStringOrdinal
GlobalSize
GlobalLock
GlobalUnlock
ResetEvent
CompareFileTime
CreateThread
GetComputerNameW
SystemTimeToTzSpecificLocalTime
OpenEventW
lstrcmpW
GetLocaleInfoW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
EnumUILanguagesW
GetThreadPreferredUILanguages
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
VirtualAlloc

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi
VariantCopy
SystemTimeToVariantTime
VarBstrCat
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VariantChangeType

ole32

GetHGlobalFromStream
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CLSIDFromProgID
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
CoGetCallerTID
CoGetContextToken
CoWaitForMultipleHandles
CreateStreamOnHGlobal
CoRevertToSelf
CoImpersonateClient
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoGetClassObject
CoSuspendClassObjects
CoResumeClassObjects
CoCreateInstance

rpcrt4

NdrOleFree
NdrCStdStubBuffer2_Release
RpcStringFreeW
UuidToStringW
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
RpcServerInqCallAttributesW
UuidFromStringW
UuidCreate

winspool.drv

DeviceCapabilitiesW
OpenPrinterW
ClosePrinter
GetPrinterDataExW
GetPrinterDataW
OpenPrinter2W
SetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterW
EnumPrinterDataExW
SetPrinterDataExW
DeletePrinterDataExW
DeletePrinterDataW
SetJobW
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
EnumPrintersW
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
GetPrinterDriverW
EnumJobsW
DeleteFormW
AddFormW
SetPrinterW
GetFormW
EnumFormsW

advapi32

SaferCreateLevel
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
CreateWellKnownSid
AddAccessAllowedAceEx
RegGetValueW
RegDeleteKeyW
SetThreadToken
EventUnregister
EventRegister
EventWriteTransfer
EventWrite
EventActivityIdControl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
ConvertSidToStringSidW
RegNotifyChangeKeyValue
RegOpenKeyW
RegCreateKeyW
SaferCloseLevel
SaferComputeTokenFromLevel
RegEnumValueW
CreateProcessAsUserW
DuplicateTokenEx
CreateRestrictedToken
DeleteService
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW

shlwapi

SHCreateStreamOnFileEx

prntvpt

ord1
ord3
ord6
ord9
ord8
ord10
ord7
ord4
ord2

user32

DialogBoxParamW
GetGUIThreadInfo
GetAppCompatFlags2
LoadIconW
SetDlgItemTextA
SetDlgItemTextW
EndDialog
CheckRadioButton
MessageBoxW
MessageBeep
WinHelpW
SendDlgItemMessageW
GetDlgItemTextW
SetCursor
LoadCursorW
InvalidateRect
CheckDlgButton
DispatchMessageW
UnregisterClassA
AllowSetForegroundWindow
GetWindowThreadProcessId
LoadStringW
CharNextW
GetDlgItem
PostMessageW
ShowWindow
SendMessageW
GetParent
GetWindowLongW
SetWindowLongW
GetAncestor
SetFocus
SetForegroundWindow
SetActiveWindow
EnableWindow
GetFocus
GetActiveWindow
IsGUIThread
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects

version

GetFileVersionInfoExW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeExW

gdi32

GetDeviceCaps
ExtEscape
CreateICW
EnumFontFamiliesW
SetGraphicsMode
CreateDCW
DeleteDC

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
GetStandardMessageForPrinterStatus
MxdcGetPDEVAdjustment
NotifyEntry
ServiceMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 927KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

711cbc782e065cae4b1a56e02432b784

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

rpcrt4

winspool.drv

advapi32

shlwapi

prntvpt

user32

version

gdi32

userenv

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 57KB - Virtual size: 60KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 927KB - Virtual size: 928KB

.reloc Size: 102KB - Virtual size: 102KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 57KB - Virtual size: 60KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 927KB - Virtual size: 928KB

.reloc
Size: 102KB - Virtual size: 102KB