PrintConfig[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintConfig.dll
Size

2.4MB
MD5

b2b8a23f003b72cfdb20bfb739f41534
SHA1

07423775c1632432f0f476639ef5d4761dc9c881
SHA256

715c4173b49e602ccbfbe6d20ae721204142b567cde94e680415855de80087bf
SHA512

0ed59fb8d94c3d85e9228899971ff18066d119c593f8fa341ad14aa43ee39a680d3a0df499844a0ab9cfbdafd60d0272bd05f7ac313f8fb0c736519279e16c63
SSDEEP

49152:10QqghUtFdykiSOguBZPCNaGfxk5D3rmUCq426mrC:yghUtFdPiSoBFCNaGfWD3rmUCs7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintConfig.dll

Files

PrintConfig.dll
.dll regsvr32 windows:6 windows x86 arch:x86

b0147e96cfe3d5ece11fdfb9893d6b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintConfig.pdb

Imports

msvcrt

calloc
localeconv
sprintf_s
memchr
___mb_cur_max_func
_ftol2_sse
memmove_s
wcscat_s
__crtLCMapStringW
strerror
__uncaught_exception
isspace
tolower
_wtol
??3@YAXPAX@Z
___lc_collate_cp_func
__crtCompareStringW
memcmp
abort
_XcptFilter
_amsg_exit
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
vfprintf
_wmakepath_s
_errno
strncmp
ldexp
wcstol
_ftol2
wcschr
strchr
realloc
wcstoul
memset
_callnewh
_CxxThrowException
setlocale
__CxxFrameHandler3
memcpy
__pctype_func
_wsplitpath_s
___lc_handle_func
___lc_codepage_func
strtod
wcsncpy_s
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_wcsnicmp
wcscpy_s
memcpy_s
??8type_info@@QBEHABV0@@Z
?what@exception@@UBEPBDXZ
fprintf
strcspn
atoi
_itow
wcsncmp
_stricmp
qsort
_vsnprintf
ceil
wcstod
iswspace
_ultoa
strrchr
_strnicmp
iswctype
wcstok_s
_wcsdup
towupper
memmove
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnwprintf
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
wcsrchr
wcsstr
_resetstkoflw
free
malloc
_purecall
_wcsicmp
??_V@YAXPAX@Z
_wtoi
floor

kernel32

MulDiv
GetTempFileNameW
HeapCreate
SetErrorMode
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
GetFileTime
GetSystemDirectoryW
LoadLibraryW
CloseHandle
GetLastError
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
GetFileAttributesExW
WaitForSingleObject
GetFileSize
GetCurrentProcess
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
GetPrivateProfileStringW
CreateMutexW
CreateDirectoryW
RemoveDirectoryW
GetTickCount
MoveFileExW
DeleteFileW
WriteFile
CreateFileMappingW
CreateProcessW
SetEvent
GetModuleFileNameW
CreateActCtxW
ReleaseActCtx
CreateEventW
QueueUserWorkItem
HeapAlloc
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount64
MultiByteToWideChar
RaiseException
LoadResource
SizeofResource
FindResourceExW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
TerminateJobObject
CreateWaitableTimerW
WaitForMultipleObjects
GetModuleHandleExW
IsWow64Process
WideCharToMultiByte
GetSystemWindowsDirectoryW
SetWaitableTimer
LocalFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GlobalSize
GlobalLock
GlobalUnlock
OpenProcess
ResetEvent
GetFileAttributesW
lstrcmpW
GetProcessId
LocalAlloc
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
TerminateProcess
IsDebuggerPresent
IsProcessInJob
CompareFileTime
CreateThread
GetComputerNameW
GetCurrentThreadId
SystemTimeToTzSpecificLocalTime
OpenEventW
GetLocaleInfoW
HeapDestroy
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetStringTypeW
Sleep
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
GetPrivateProfileIntW
OpenMutexW
LockResource
FindResourceW
GetPrivateProfileSectionW
CopyFileW
lstrlenW
GetSystemDefaultLCID
GetACP
GetUserDefaultUILanguage
GetFullPathNameW
GetCPInfo
VirtualFree
VirtualAlloc
GetSystemInfo

oleaut32

VarBstrCat
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VariantChangeType
SysAllocString
SysFreeString
VariantInit
SystemTimeToVariantTime
VariantCopy
LoadRegTypeLi
SysAllocStringLen
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
SysStringLen

ole32

StringFromGUID2
CoCreateGuid
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
CoGetCallerTID
CoRevertToSelf
CoImpersonateClient
CoGetContextToken
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
GetHGlobalFromStream
CreateStreamOnHGlobal
CoSetProxyBlanket
CoGetClassObject
CoSuspendClassObjects
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree

rpcrt4

UuidToStringW
NdrDllGetClassObject
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
RpcStringFreeW
CStdStubBuffer_DebugServerRelease
RpcServerInqCallAttributesW
UuidFromStringW
UuidCreate
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs
NdrStubCall2
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface

winspool.drv

OpenPrinterW
ClosePrinter
GetPrinterDataExW
GetPrinterDataW
OpenPrinter2W
SetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterW
SetJobW
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
EnumPrintersW
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
GetPrinterDriverW
EnumJobsW
SetPrinterDataExW
DeviceCapabilitiesW
DeleteFormW
AddFormW
SetPrinterW
EnumFormsW
GetFormW
DeletePrinterDataW

advapi32

RegEnumValueW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
CreateWellKnownSid
AddAccessAllowedAceEx
RegDeleteKeyW
SetThreadToken
SaferCloseLevel
SaferComputeTokenFromLevel
SaferCreateLevel
CreateProcessAsUserW
DuplicateTokenEx
CreateRestrictedToken
ConvertSidToStringSidW
RegNotifyChangeKeyValue
RegOpenKeyW
RegCreateKeyW
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
DeleteService
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
EventWrite

prntvpt

ord1
ord3
ord6
ord9
ord8
ord10
ord7
ord4

user32

GetFocus
MsgWaitForMultipleObjects
GetGUIThreadInfo
GetAppCompatFlags2
PeekMessageW
TranslateMessage
CheckDlgButton
InvalidateRect
LoadCursorW
SetCursor
GetDlgItemTextW
SendDlgItemMessageW
WinHelpW
MessageBeep
MessageBoxW
CheckRadioButton
EndDialog
SetDlgItemTextW
SetDlgItemTextA
LoadIconW
DialogBoxParamW
UnregisterClassA
AllowSetForegroundWindow
GetWindowThreadProcessId
LoadStringW
CharNextW
GetDlgItem
PostMessageW
ShowWindow
SendMessageW
GetParent
GetWindowLongW
SetWindowLongW
GetAncestor
SetFocus
SetForegroundWindow
SetActiveWindow
EnableWindow
GetActiveWindow
IsGUIThread
DispatchMessageW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdi32

SetGraphicsMode
ExtEscape
CreateDCW
GetDeviceCaps
DeleteDC
EnumFontFamiliesW
CreateICW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
GetStandardMessageForPrinterStatus
MxdcGetPDEVAdjustment
NotifyEntry
ServiceMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 870KB - Virtual size: 872KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0147e96cfe3d5ece11fdfb9893d6b58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

rpcrt4

winspool.drv

advapi32

prntvpt

user32

version

gdi32

userenv

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.orpc Size: 512B - Virtual size: 290B

.data Size: 55KB - Virtual size: 57KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 870KB - Virtual size: 872KB

.reloc Size: 87KB - Virtual size: 86KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.orpc
Size: 512B - Virtual size: 290B

.data
Size: 55KB - Virtual size: 57KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 870KB - Virtual size: 872KB

.reloc
Size: 87KB - Virtual size: 86KB