UNIDRV.DLL

  • File Path: C:\Windows\system32\DriverStore\FileRepository\ntprint.inf_amd64_311ad0065d69f772\Amd64\UNIDRV.DLL
  • Description: Unidrv Printer Driver

Hashes

Type Hash
MD5 9D09459D13D8F4104FCA64547E383325
SHA1 F8D4C5C69B6568F2893DC899FF123C3DAD5638CF
SHA256 5AA358E5DF6B5DF2335888164C10D00F3E72F1E1717BFAFB52C941DA07D66A55
SHA384 68F79035B9DCEC56E8FBF7BDC90DEFD8AF25DB279246E05DE020AF172F8026035BE830EE1C3B4899C3A83A33B6AFB139
SHA512 4D97416651502C6227AF777C8624465FA135522BA46027730E90942C359FC1113593739C52828C1D11A2F81759A160F393F5909781F71BC81732B720BE498272
SSDEEP 6144:OtzLe/UoYZB3TCdPWqAwjv2DKsDhoLDyGUGzLx3ACFP7MoJ0qfncKUH:yznCWxwjv2DXa5z+Q7MUcK0
IMP 50BF4D6A59A3A5544D96CDB8C379D95F
PESHA1 8D06931BB12FB72C463207AAF8C42FAA6084CD84
PE256 B353956E81E82FD83C7B07038DA1778FADB32200DD40D6D035285BF6EA985484

DLL Exports:

Function Name Ordinal Type
DrvEnableDriver 3 Exported Function
DrvQueryDriverInfo 4 Exported Function
DllMain 1 Exported Function
DrvDisableDriver 2 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: UNIDRV.DLL
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.264 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.264
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/72
  • VirusTotal Link: https://www.virustotal.com/gui/file/5aa358e5df6b5df2335888164c10d00f3e72f1e1717bfafb52c941da07d66a55/detection/

Possible Misuse

The following table contains possible examples of UNIDRV.DLL being misused. While UNIDRV.DLL is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma win_exploit_cve_2021_1675_printspooler_operational.yml - 'UNIDRV.DLL, kernelbase.dll, ' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.