PrintWorkflowService[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintWorkflowService.dll
Size

136KB
MD5

a3b3d4067b02d84ba8e16e1463d87d6b
SHA1

56328c906f3fddc1d130d0f0f43a6179ee5217a5
SHA256

617e8ae54a69279c8ac05b68895fec9c9aba6891abfeaa837eda08f458076be4
SHA512

954091814cabb80a28e7ae29bc6a83eb937472cd936260ef32229504b62d1d2766a735c4aff913b8bb9ff9eabef16c41c3e942130b4d36129384820c11916e68
SSDEEP

3072:60b+TmUVrWLn+WsLjmToep2ExDsGX0DLwYjKc6K1:nbTIrW6WujmLNNsGkDUYjN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintWorkflowService.dll

Files

PrintWorkflowService.dll
.dll windows:10 windows x86 arch:x86

cb8b3c46a8db791e7c9cce53965bd284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintWorkflowService.pdb

Imports

msvcrt

_itow_s
wcsrchr
toupper
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
wcscspn
_except_handler4_common
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?what@exception@@UBEPBDXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
memcpy
memmove
_callnewh
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPAX@Z
_CxxThrowException
memset

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
StringFromGUID2
CoReleaseServerProcess
CoGetCallContext
CoImpersonateClient
CoDisconnectContext
CoGetMalloc
CoTaskMemFree
CoRevokeClassObject
CoTaskMemAlloc
CoInitializeSecurity
CoRevertToSelf
CoCreateGuid
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoAddRefServerProcess
CoRegisterClassObject

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthorityCount
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSidSubAuthority

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
WaitForSingleObject
ReleaseMutex
CreateEventW
ReleaseSemaphore
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
DeleteCriticalSection
AcquireSRWLockExclusive
CreateEventExW
SetEvent
EnterCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
ReleaseSRWLockExclusive
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsSubstringWithSpecifiedLength

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventActivityIdControl
EventProviderEnabled
EventRegister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
OpenThreadToken
GetCurrentThread
GetProcessId
GetCurrentProcess
GetExitCodeThread

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoRevokeActivationFactories
RoInitialize
RoGetActivationFactory
RoUninitialize
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

combase

ord69
ord66
ord68
ord67

ntdll

RtlInitUnicodeString

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetCurrentProcessorNumber

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegGetValueW
RegCloseKey

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

api-ms-win-rtcore-ntuser-window-l1-1-0

TranslateMessage
PostMessageW
RegisterClassExW
PeekMessageW
DispatchMessageW

api-ms-win-core-biptcltapi-l1-1-7

BiPtActivateInBackground

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb8b3c46a8db791e7c9cce53965bd284

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

combase

ntdll

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-devices-query-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-biptcltapi-l1-1-7

api-ms-win-core-string-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-appmodel-unlock-l1-1-0

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 7KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 40B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 7KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 40B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB