spoolsv.exe
Spooler SubSystem App by Microsoft
| Version: | 6.1.7600.16385 (win7_rtm.090713-1255) |
| MD5: | 9aea093b8f9c37cf45538382caba2475 |
| SHA1: | b881761b68dc691de7792e55701af964bb3df855 |
| SHA256: | cc63239c412067aa72318adb8bb80bcdf2ca60da05d814d32753c92508bc16a8 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Overview
spoolsv.exe runs as a service under the name Spouleur d'impression (Spooler) with extensive SYSTEM privileges (full administrator access). This version is designed to run on Windows 7 and is compiled as a 32 bit program.
Details
| File name: | spoolsv.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Spooler SubSystem App |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\spoolsv.exe |
| Original name: | spoolsv.exe.mui |
| File version: | 6.1.7600.16385 (win7_rtm.090713-1255) |
| Product version: | 6.1.7600.16385 |
| Size: | 310 KB (317,440 bytes) |
| Digital DNA |
| Entropy: | 6.401537 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Network connections
[TCP] 172.16.0.6:49158
[UDP] listens on port 52076
[UDP] listens on port 58207
[UDP] listens on port 49154
[UDP] listens on port 60914
[UDP] listens on port 49804
[UDP] listens on port 49280
[UDP] listens on port 61174
[UDP] listens on port 50654
[UDP] listens on port 65424
[UDP] listens on port 63454
[UDP] listens on port 49158
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00291361% | |
| Kernel CPU: | 0.00184005% | |
| User CPU: | 0.00107356% | |
| Kernel CPU time: | 4,408,985 ms/min | |
| CPU cycles: | 330,622/sec | |
| Context switches: | 12/sec | |
| Memory |
| Private memory: | 5.8 MB | |
| Private (maximum): | 9.51 MB | |
| Private (minimum): | 5.05 MB | |
| Non-paged memory: | 5.8 MB | |
| Virtual memory: | 69.92 MB | |
| Virtual memory (peak): | 74.03 MB | |
| Working set: | 6.09 MB | |
| Working set (peak): | 12.77 MB | |
| Page faults: | 35,947/min | |
| I/O |
| I/O read transfer: | 12.04 KB/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 7.83 KB/sec | |
| I/O write operations: | 2/sec | |
| I/O other transfer: | 3.57 KB/sec | |
| I/O other operations: | 147/sec | |
| Resource allocations |
| Threads: | 15 | |
| Handles: | 333 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command line: | C:\Windows\System32\spoolsv.exe |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | Spooler |
| Display name: | Spouleur d'impression |
| Description: | “Charge les fichiers en mémoire pour une impression ultérieure” |
| Type: | Win32OwnProcess, InteractiveProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| ntdll.dll |
| Total CPU: | 0.03069617% | |
| Kernel CPU: | 0.02304775% | |
| User CPU: | 0.00764842% | |
| CPU cycles: | 285,208/sec | |
| Context switches: | 1/sec | |
| Memory: | 1.23 MB | |
| npggNT.des |
| Total CPU: | 0.00654997% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.00654997% | |
| CPU cycles: | 102,565/sec | |
| Memory: | 256 KB | |
| localspl.dll |
| Total CPU: | 0.00206188% | |
| Kernel CPU: | 0.00112917% | |
| User CPU: | 0.00093271% | |
| CPU cycles: | 49,287/sec | |
| Memory: | 764 KB | |
| spoolsv.exe (main module) |
| Total CPU: | 0.00157623% | |
| Kernel CPU: | 0.00115708% | |
| User CPU: | 0.00041915% | |
| CPU cycles: | 31,314/sec | |
| Memory: | 320 KB | |
| fdPnp.dll |
| Total CPU: | 0.00079465% | |
| Kernel CPU: | 0.00039156% | |
| User CPU: | 0.00040309% | |
| CPU cycles: | 15,069/sec | |
| Memory: | 52 KB | |
| sechost.dll |
| Total CPU: | 0.00045407% | |
| Kernel CPU: | 0.00035716% | |
| User CPU: | 0.00009692% | |
| CPU cycles: | 5,837/sec | |
| Memory: | 100 KB | |
| usbmon.dll |
| Total CPU: | 0.00042952% | |
| Kernel CPU: | 0.00028355% | |
| User CPU: | 0.00014597% | |
| CPU cycles: | 1,293/sec | |
| Memory: | 44 KB | |
| WSDMon.dll |
| Total CPU: | 0.00014455% | |
| Kernel CPU: | 0.00011887% | |
| User CPU: | 0.00002568% | |
| CPU cycles: | 847/sec | |
| Memory: | 188 KB | |
| PrintIsolationProxy.dll |
| Total CPU: | 0.00012418% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.00012418% | |
| CPU cycles: | 41/sec | |
| Memory: | 48 KB | |
| msvcrt.dll (Windows NT CRT DLL by Microsoft) |
| Total CPU: | 0.00011718% | |
| Kernel CPU: | 0.00007418% | |
| User CPU: | 0.00004300% | |
| CPU cycles: | 15,130/sec | |
| Memory: | 688 KB | |
| FunDisc.dll |
| Total CPU: | 0.00007668% | |
| Kernel CPU: | 0.00003935% | |
| User CPU: | 0.00003733% | |
| CPU cycles: | 1,419/sec | |
| Memory: | 172 KB | |
| tcpmon.dll |
| Total CPU: | 0.00001901% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.00001901% | |
| CPU cycles: | 202/sec | |
| Memory: | 156 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
59.50% |
|
| Windows 7 Ultimate |
25.00% |
|
| Windows 7 Professional |
12.00% |
|
| Windows 7 Home Basic |
3.00% |
|
| Windows Vista Home Premium |
0.50% |
|
Distribution by country
United States installs about 50.51% of Spooler SubSystem App.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
24.59% |
|
| Hewlett-Packard |
21.31% |
|
| ASUS |
14.75% |
|
| Acer |
13.93% |
|
| Toshiba |
13.11% |
|
| Sony |
4.92% |
|
| GIGABYTE |
2.46% |
|
| Alienware |
1.64% |
|
| Samsung |
1.64% |
|
| Lenovo |
1.64% |
|
