PrintWorkflowService[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

PrintWorkflowService.dll
Size

363KB
MD5

6113042535bb7cec5043712e073d81c0
SHA1

5b56392b11a064c684a220c998d3ae704784019f
SHA256

7bd42cc707522d79468d820371fdcba434e5527b1695c0a70b01eb5b2c9e4522
SHA512

5dc966d49f088fca00ff9ada51fc2ec151d93bbaaae9fbe94a07eb332563eded9df083b0000da088f111fafb1a6793b0aa7cf1faa09d11ed9dd07c7105fdfd02
SSDEEP

6144:2IP8oG7U/x6UQAxzC8DJFZ4+P9kkc6IMeKzHDxvroV3Lu:2IP5JXQAxzDJFZhD1IM5poLu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintWorkflowService.dll

Files

PrintWorkflowService.dll
.dll windows:10 windows x86 arch:x86

08ed2478b88e1bb23a00e96461c4fae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintWorkflowService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__crt_atexit
memmove
_o__wcsicmp
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_toupper
_except_handler4_common
_CxxThrowException
_o__configure_narrow_argv
_o__cexit
_o__execute_onexit_table
_o__callnewh
_o__errno
wcsrchr
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscspn
memset

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlFreeHeap
NtQueryInformationToken
RtlSubscribeWnfStateChangeNotification
RtlGetDeviceFamilyInfoEnum
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlInitUnicodeString

api-ms-win-core-com-l1-1-0

CoDisconnectContext
CoCreateInstance
CoResumeClassObjects
CreateStreamOnHGlobal
CoDecrementMTAUsage
CoRegisterClassObject
CoGetObjectContext
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoGetMalloc
CoUninitialize
CoTaskMemAlloc
CoReleaseServerProcess
CoRevokeClassObject
CoAddRefServerProcess
CoInitializeEx
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
CoGetStdMarshalEx
CoIncrementMTAUsage
CoCreateGuid
CoGetClassObject
StringFromGUID2

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleW
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
CreateEventW
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsCreateStringReference
WindowsPreallocateStringBuffer
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsPromoteStringBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsSubstringWithSpecifiedLength

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
EventProviderEnabled
EventActivityIdControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
SetThreadpoolTimer
CloseThreadpoolWait
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
CreateThread
GetCurrentThreadId
GetExitCodeThread
GetCurrentProcessId
TerminateProcess
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance
RoRevokeActivationFactories
RoInitialize
RoUninitialize
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoFailFastWithErrorContext
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetCurrentProcessorNumber

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead
InterlockedPushEntrySList

combase

ord67
ord66
ord68
ord69
ord140

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
_Xtime_get_ticks
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties
DevGetObjectProperties

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream
CreateRandomAccessStreamOverStream

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx
IStream_Write
SHCreateMemStream

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-path-l1-1-0

PathCchCombineEx

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-rtcore-ntuser-window-l1-1-0

DispatchMessageW
TranslateMessage
PeekMessageW
PostMessageW
RegisterClassExW

api-ms-win-core-biptcltapi-l1-1-7

BiPtQueryWorkItemStatusStateName
BiPtActivateInBackground

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ondemandbrokerclient

CreateOnDemandBrokerClient

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-appmodel-state-l1-2-0

CloseState
OpenStateExplicit
GetSystemAppDataKey

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-appmodel-unlock-l1-1-0

IsDeveloperModeEnabled

oleaut32

SysFreeString
SysStringLen

api-ms-win-core-com-l1-1-1

RoGetAgileReference

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08ed2478b88e1bb23a00e96461c4fae7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

combase

msvcp_win

api-ms-win-core-synch-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-devices-query-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-path-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-biptcltapi-l1-1-7

api-ms-win-core-shlwapi-legacy-l1-1-0

ondemandbrokerclient

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-shcore-comhelpers-l1-1-0

api-ms-win-appmodel-state-l1-2-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-appmodel-unlock-l1-1-0

oleaut32

api-ms-win-core-com-l1-1-1

Exports

Exports

Sections

.text Size: 329KB - Virtual size: 328KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 128B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 329KB - Virtual size: 328KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 128B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB