PrintConfig[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

PrintConfig.dll
Size

2.9MB
MD5

e36b31962a3c2f863218b4638bd28b35
SHA1

fd58a53a68493e2dfd0392ca7bf889feafe17d49
SHA256

c22c015d1e3dd874f4a317ef8903318d563d1b3a55803f66fe5e91effd9a67b8
SHA512

9af104ca39c0bce864d1e0dbe7ad77f452dcfc320a4573e23f33827b62f41bdef1e013747f0eaa707a47e116cf57bf93dfd5b9a3a71f4e540789a57d6c50342a
SSDEEP

49152:PxS0ryAr4/9jISj4vosCvsZkuGB4CZz3DXZNSmygK3Xxlx3rBxz+yvPEGsrcXc5s:iAr4/9jZjZ3YGBZN7ynxzHh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrintConfig.dll

Files

PrintConfig.dll
.dll regsvr32 windows:10 windows x86 arch:x86

4bb2134e88cdb7eaead9826df05441dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PrintConfig.pdb

Imports

msvcrt

??0exception@@QAE@ABQBDH@Z
_callnewh
fputc
wcstoul
realloc
strchr
fclose
fwrite
__mb_cur_max
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
wcschr
ungetwc
ungetc
fputwc
fgetwc
fgetc
strncmp
_wtoi
wcstol
_wtof
_time64
ldexp
_errno
_wtol
strcspn
localeconv
sprintf_s
memcpy
memmove
_wcsdup
__crtCompareStringW
calloc
wcscat_s
wcsncpy_s
_wcsnicmp
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
___lc_handle_func
__uncaught_exception
setlocale
_lock
_unlock
___mb_cur_max_func
___lc_codepage_func
_ismbblead
memset
islower
fprintf
_wsplitpath_s
_wmakepath_s
vfprintf
towupper
fseek
_wfsopen
___lc_collate_cp_func
memcmp
abort
isalnum
isdigit
_ftol2
floor
_ftol2_sse
_XcptFilter
_amsg_exit
_initterm
__dllonexit
_onexit
?terminate@@YAXXZ
__pctype_func
isupper
isspace
tolower
memchr
_CxxThrowException
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
wcscpy_s
_stricmp
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnprintf_s
_except_handler4_common
??1type_info@@UAE@XZ
??8type_info@@QBEHABV0@@Z
ceil
wcsncmp
swprintf_s
atoi
_itow
wcstok_s
_vsnprintf
qsort
wcstod
iswspace
_ultoa_s
strrchr
iswctype
_strnicmp
wcsnlen
_vsnwprintf
wcsrchr
wcsstr
memmove_s
memcpy_s
_resetstkoflw
free
malloc
_wcsicmp
??_V@YAXPAX@Z
_purecall
??3@YAXPAX@Z
__CxxFrameHandler3

kernel32

VirtualProtect
LoadLibraryExA
GetSystemInfo
VirtualQuery
OutputDebugStringA
GetFinalPathNameByHandleW
GetPrivateProfileStringW
GetSystemDirectoryW
SetThreadUILanguage
LocaleNameToLCID
SetThreadPreferredUILanguages
LoadLibraryW
MulDiv
GetTempFileNameW
HeapCreate
SetErrorMode
SetFilePointer
GetFileTime
GetPrivateProfileIntW
GetPrivateProfileSectionW
LockResource
FindResourceW
GetSystemDefaultLCID
GetACP
GetUserDefaultUILanguage
VirtualFree
GetCPInfo
VirtualAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
DecodePointer
EncodePointer
GetStringTypeW
GetLastError
DeleteCriticalSection
CloseHandle
FreeLibrary
GetProcAddress
CreateFileW
ReadFile
InitializeCriticalSectionEx
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetModuleHandleW
GetFullPathNameW
GetFileSize
GetCurrentThreadId
HeapAlloc
HeapFree
FormatMessageW
SetLastError
GetCurrentProcess
GetCurrentThread
GetProcessHeap
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
OutputDebugStringW
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
MapViewOfFile
UnmapViewOfFile
ReleaseSRWLockShared
ReleaseSRWLockExclusive
DeleteFileW
OpenSemaphoreW
CreateThreadpoolTimer
OpenMutexW
CreateMutexW
RemoveDirectoryW
CreateDirectoryW
WriteFile
GetTempPathW
SetFileInformationByHandle
CreateFileMappingW
CreateProcessW
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
SetEvent
GetModuleFileNameW
CreateEventW
CreateActCtxW
ReleaseActCtx
QueueUserWorkItem
InitOnceBeginInitialize
InitOnceComplete
LocalFree
InitializeCriticalSection
ResetEvent
CloseThreadpoolWait
Sleep
CreateEventExW
GetTickCount64
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
MultiByteToWideChar
RaiseException
LoadResource
SizeofResource
FindResourceExW
LoadLibraryExW
lstrcmpiW
TerminateJobObject
CreateWaitableTimerW
WaitForMultipleObjects
IsWow64Process
WideCharToMultiByte
GetSystemWindowsDirectoryW
SetWaitableTimer
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetTickCount
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CopyFileW
CompareStringOrdinal
GlobalLock
GlobalSize
GlobalUnlock
OpenProcess
LocalAlloc
GetProcessId
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
TerminateProcess
IsProcessInJob
CompareFileTime
CreateThread
GetComputerNameW
SystemTimeToTzSpecificLocalTime
OpenEventW
lstrcmpW
GetLocaleInfoW
EnumUILanguagesW
GetThreadPreferredUILanguages
HeapSize
HeapReAlloc
HeapDestroy

oleaut32

LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
LoadRegTypeLi
VariantCopy
SystemTimeToVariantTime
VarBstrCat
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
VariantChangeType
VarUI4FromStr
SysFreeString
SysStringLen
SysAllocString
VariantInit
VariantClear

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
CoGetCallerTID
CoRevertToSelf
CoImpersonateClient
GetHGlobalFromStream
StringFromGUID2
CoGetContextToken
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoGetClassObject
CoSuspendClassObjects
CoResumeClassObjects

rpcrt4

UuidFromStringW
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
RpcServerInqCallAttributesW
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
RpcStringFreeW
UuidToStringW
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
UuidCreate

winspool.drv

FreePrinterNotifyInfo
EnumPrintersW
FindFirstPrinterChangeNotification
FindClosePrinterChangeNotification
EnumJobsW
FindNextPrinterChangeNotification
SetJobW
EnumFormsW
GetFormW
SetPrinterW
OpenPrinterW
ClosePrinter
GetPrinterDataExW
GetPrinterDataW
OpenPrinter2W
SetPrinterDataW
GetPrinterDriverW
GetPrinterDriverDirectoryW
GetPrinterW
DeviceCapabilitiesW
DeleteFormW
AddFormW
DeletePrinterDataW
EnumPrinterDataExW
SetPrinterDataExW
DeletePrinterDataExW

advapi32

RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
TraceMessage
CreateWellKnownSid
AddAccessAllowedAceEx
RegGetValueW
RegDeleteKeyW
SetThreadToken
EventUnregister
EventRegister
EventWriteTransfer
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
SaferCloseLevel
SaferComputeTokenFromLevel
SaferCreateLevel
CreateProcessAsUserW
DuplicateTokenEx
CreateRestrictedToken
EventActivityIdControl
ConvertSidToStringSidW
IsWellKnownSid
RegOpenKeyW
RegCreateKeyW
DeleteService
OpenServiceW
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CloseServiceHandle
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW

shlwapi

ord12
SHCreateStreamOnFileEx

prntvpt

ord1
ord3
ord6
ord9
ord8
ord10
ord7
ord4
ord2

user32

PostMessageW
ShowWindow
CharNextW
GetParent
GetAppCompatFlags2
GetGUIThreadInfo
GetWindowLongW
SetWindowLongW
GetAncestor
SetFocus
SetForegroundWindow
LoadStringW
GetWindowThreadProcessId
AllowSetForegroundWindow
UnregisterClassA
DialogBoxParamW
LoadIconW
SetDlgItemTextA
SetDlgItemTextW
EndDialog
CheckRadioButton
MessageBoxW
MessageBeep
WinHelpW
SendDlgItemMessageW
GetDlgItemTextW
SetCursor
LoadCursorW
InvalidateRect
CheckDlgButton
DispatchMessageW
GetDlgItem
SendMessageW
SetActiveWindow
EnableWindow
GetFocus
GetActiveWindow
IsGUIThread
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

gdi32

ExtEscape
EnumFontFamiliesW
SetGraphicsMode
CreateDCW
CreateICW
GetDeviceCaps
DeleteDC

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnloadUserProfile

Exports

Exports

DevQueryPrintEx
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPopulateFilterServices
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvResetConfigCache
DrvSplDeviceCaps
DrvUpgradePrinter
GetStandardMessageForPrinterStatus
MxdcGetPDEVAdjustment
NotifyEntry
ServiceMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bb2134e88cdb7eaead9826df05441dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

oleaut32

ole32

rpcrt4

winspool.drv

advapi32

shlwapi

prntvpt

user32

version

gdi32

userenv

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 66KB - Virtual size: 70KB

.idata Size: 13KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 111KB - Virtual size: 110KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 66KB - Virtual size: 70KB

.idata
Size: 13KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 111KB - Virtual size: 110KB