UNIDRV.DLL

  • File Path: C:\Windows\system32\DriverStore\FileRepository\ntprint.inf_x86_311ad0065d69f772\I386\UNIDRV.DLL
  • Description: Unidrv Printer Driver

Hashes

Type Hash
MD5 4CE2FBF43D4C2FFBCCA3E58BC3FA2DE1
SHA1 DE81262CA644E13B8E7BC535BAEFB563E849CF8B
SHA256 B849052A126F9EA55D7F611F44D684E4D79780DDA77162AF79CE901D5396E49C
SHA384 E40711A92DBF06576193BD94EF596ED7ED30BD17D63586211DDC09DC36FB7A43A4905B3AE202D93E5BC46F455D721A82
SHA512 3EAE9E25EB98244B11115531299F6CA1C460ED0667C2D6D2C1A700EE7669EFFE09CB2A1753EF89B60EA8065801C5484C906E0CE9DE99DAE67481153F9E55C620
SSDEEP 6144:IiftAG8WLROEvSqK+TiCwFMktkcZfBzh2bEaWyhh6GFSOaxbsXX9hBnnq:Ij0qxAiCwFd1z0b6GFKxbuvBnq
IMP 0438E38DC932BB241E029269EB8F928B
PESHA1 69BFFBE0F8C7A07A4C847F36044E7836ECC3732F
PE256 64283F2655C6386333773B3298AB8BD924340539543F1889D76C296E6B3CD1FF

DLL Exports:

Function Name Ordinal Type
DrvEnableDriver 3 Exported Function
DrvQueryDriverInfo 4 Exported Function
DllMain 1 Exported Function
DrvDisableDriver 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: UNIDRV.DLL
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.264 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.264
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/b849052a126f9ea55d7f611f44d684e4d79780dda77162af79ce901d5396e49c/detection/

Possible Misuse

The following table contains possible examples of UNIDRV.DLL being misused. While UNIDRV.DLL is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_exploit_cve_2021_1675_printspooler_operational.yml - 'UNIDRV.DLL, kernelbase.dll, ' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.