PrintConfig[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintConfig.dll
Size

2.7MB
MD5

07f2c0ceba6c0ed32f6829f5afa58460
SHA1

e8d3c0a809c2f145554122fb99f975120f22bd0f
SHA256

68692cbe107bd233b0599d76d35a1316689ec14678ee329dab5427cca4b5bb65
SHA512

b01380103a4af46eeccd8ba81b5492fc44b75b5feca56812c23859443196d0a66bfcabe3b2bdb3e5e049dd17f29c6cc75ef72d8c8cb61387f28617a8d95bf6ac
SSDEEP

49152:OnCMBmcppz2k20rXQetEtmV59a6LHACP/LWyb53+:IBpZS0rgeqtmk6LHjr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintConfig.dll

Files

PrintConfig.dll
.dll regsvr32 windows:10 windows x86 arch:x86

0d3a1edf41ab8f39ec5dafc01102fe9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintConfig.pdb

Imports

msvcrt

ungetc
fputwc
fgetwc
fgetc
strncmp
_wtoi
wcstol
ldexp
_errno
_wtol
strcspn
localeconv
_wfsopen
___lc_collate_cp_func
wcschr
fflush
setvbuf
fsetpos
sprintf_s
memchr
__crtLCMapStringW
memmove_s
wcscat_s
wcsncpy_s
__crtCompareStringW
memcmp
islower
abort
_XcptFilter
_amsg_exit
_initterm
ungetwc
_fseeki64
fgetpos
__mb_cur_max
fwrite
fclose
strchr
realloc
wcstoul
fseek
_wtof
_callnewh
_CxxThrowException
setlocale
memcpy
strerror
memmove
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
__pctype_func
isupper
__crtLCMapStringA
?terminate@@YAXXZ
fprintf
_wsplitpath_s
memset
_wmakepath_s
vfprintf
_except_handler4_common
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
floor
__uncaught_exception
isspace
tolower
strtod
calloc
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
_wcsnicmp
wcscpy_s
_stricmp
_vsnprintf_s
memcpy_s
??8type_info@@QBEHABV0@@Z
ceil
_ftol2_sse
_ftol2
fputc
_swprintf_c_l
atoi
_itow
wcsncmp
_vsnprintf
qsort
wcstod
iswspace
_ultoa
strrchr
iswctype
_strnicmp
wcsstr
wcstok_s
towupper
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnwprintf
wcsrchr
_resetstkoflw
free
malloc
_purecall
_wcsicmp
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z

kernel32

LoadLibraryExA
GetSystemInfo
VirtualQuery
GetCPInfo
VirtualProtect
SetThreadUILanguage
LocaleNameToLCID
SetThreadPreferredUILanguages
MulDiv
GetTempFileNameW
HeapCreate
SetErrorMode
SetFilePointer
GetFileTime
GetSystemDirectoryW
LoadLibraryW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringW
LockResource
FindResourceW
lstrlenW
GetSystemDefaultLCID
GetACP
GetUserDefaultUILanguage
CloseHandle
GetLastError
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
GetFileAttributesExW
WaitForSingleObject
GetFileSize
GetCurrentProcess
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
OpenMutexW
CreateMutexW
RemoveDirectoryW
CreateDirectoryW
WriteFile
DeleteFileW
CreateFileMappingW
CreateProcessW
SetEvent
GetModuleHandleW
GetModuleFileNameW
GetCurrentThreadId
DebugBreak
HeapAlloc
HeapFree
FormatMessageW
SetLastError
ReleaseSemaphore
WaitForSingleObjectEx
CreateActCtxW
ReleaseActCtx
GetProcessHeap
GetModuleHandleExW
GetModuleFileNameA
IsDebuggerPresent
OutputDebugStringW
OpenSemaphoreW
CreateEventW
QueueUserWorkItem
InitOnceBeginInitialize
InitOnceComplete
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount64
MultiByteToWideChar
RaiseException
LoadResource
SizeofResource
FindResourceExW
LoadLibraryExW
lstrcmpiW
TerminateJobObject
CreateWaitableTimerW
WaitForMultipleObjects
IsWow64Process
WideCharToMultiByte
GetSystemWindowsDirectoryW
SetWaitableTimer
LocalFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CopyFileW
CompareStringOrdinal
GlobalSize
GlobalLock
GlobalUnlock
OpenProcess
ResetEvent
LocalAlloc
GetProcessId
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
TerminateProcess
IsProcessInJob
CompareFileTime
CreateThread
GetComputerNameW
SystemTimeToTzSpecificLocalTime
OpenEventW
lstrcmpW
GetLocaleInfoW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
EnumUILanguagesW
GetThreadPreferredUILanguages
HeapSize
HeapReAlloc
HeapDestroy
GetStringTypeW
Sleep
EncodePointer
DecodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
GetFullPathNameW
VirtualFree
VirtualAlloc

oleaut32

VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocString
LoadRegTypeLi
VariantCopy
SystemTimeToVariantTime
VarBstrCat
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VariantChangeType
SysFreeString
SysAllocStringLen
SysStringLen

ole32

CoCreateFreeThreadedMarshaler
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
CoGetCallerTID
CoRevertToSelf
CoImpersonateClient
CoWaitForMultipleHandles
CoGetContextToken
GetHGlobalFromStream
CreateStreamOnHGlobal
CoSetProxyBlanket
CoGetClassObject
CoSuspendClassObjects
CoResumeClassObjects
CoCreateInstance

rpcrt4

UuidToStringW
RpcStringFreeW
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
RpcServerInqCallAttributesW
UuidFromStringW
UuidCreate
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy

winspool.drv

GetFormW
EnumFormsW
OpenPrinterW
ClosePrinter
GetPrinterDataExW
GetPrinterDataW
OpenPrinter2W
SetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterW
EnumPrinterDataExW
SetPrinterDataExW
DeletePrinterDataExW
DeletePrinterDataW
SetJobW
FindClosePrinterChangeNotification
FindFirstPrinterChangeNotification
EnumPrintersW
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
GetPrinterDriverW
EnumJobsW
DeleteFormW
AddFormW
SetPrinterW
DeviceCapabilitiesW

advapi32

ConvertSidToStringSidW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
CreateWellKnownSid
AddAccessAllowedAceEx
RegGetValueW
RegDeleteKeyW
SetThreadToken
EventUnregister
EventRegister
EventWriteTransfer
RegEnumKeyExW
RegQueryInfoKeyW
EventActivityIdControl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
SaferCloseLevel
SaferComputeTokenFromLevel
SaferCreateLevel
CreateProcessAsUserW
DuplicateTokenEx
CreateRestrictedToken
RegEnumValueW
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
DeleteService
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle

shlwapi

SHCreateStreamOnFileEx

prntvpt

ord1
ord3
ord6
ord9
ord8
ord10
ord7
ord4
ord2

user32

GetGUIThreadInfo
GetAppCompatFlags2
EndDialog
CheckRadioButton
MessageBoxW
MessageBeep
WinHelpW
SetDlgItemTextA
GetDlgItemTextW
SetCursor
LoadCursorW
InvalidateRect
CheckDlgButton
SetDlgItemTextW
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
SendDlgItemMessageW
DialogBoxParamW
UnregisterClassA
AllowSetForegroundWindow
GetWindowThreadProcessId
LoadStringW
CharNextW
GetDlgItem
PostMessageW
ShowWindow
SendMessageW
GetParent
GetWindowLongW
SetWindowLongW
GetAncestor
SetFocus
SetForegroundWindow
SetActiveWindow
EnableWindow
GetFocus
GetActiveWindow
IsGUIThread
TranslateMessage
LoadIconW

version

GetFileVersionInfoExW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeExW

gdi32

ExtEscape
CreateICW
EnumFontFamiliesW
SetGraphicsMode
CreateDCW
GetDeviceCaps
DeleteDC

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
GetStandardMessageForPrinterStatus
MxdcGetPDEVAdjustment
NotifyEntry
ServiceMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1021KB - Virtual size: 1024KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d3a1edf41ab8f39ec5dafc01102fe9c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

rpcrt4

winspool.drv

advapi32

shlwapi

prntvpt

user32

version

gdi32

userenv

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 57KB - Virtual size: 60KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 1021KB - Virtual size: 1024KB

.reloc Size: 103KB - Virtual size: 102KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 57KB - Virtual size: 60KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 1021KB - Virtual size: 1024KB

.reloc
Size: 103KB - Virtual size: 102KB