PrintSpoofer obfuscation with Themida

2 min readSep 26, 2022


Today I will show how to obfuscation program with Themida.

In this case, I use PrintSpoofer.exe to obfuscation with Themida and in some way it’s might bypass anti virus in Windows Server.

PrintSpoofer exploit that can be used to escalate service user permissions on Windows Server 2016, Server 2019, and Windows 10.

PrintSpoofer Original Files with VirusTotal can be detect 53/70.


so I obfuscation PrintSpoofer using Themida.

Protection Options with Compress and Encrypt.

then we wait until it done.


Ultimately, we upload to VirusTotal once more, and it can detect 24/71. (53 to 24 not that bad)

As can be seen, Microsoft is able to recognize the original SpoofPrnt, however due to obfuscation, it is unable to identify PrintSpoofer but can recognize Sabsik.


First, we download and run the original PrintSpoofer, but Microsoft detects it and deletes. Next, we download and execute the PrintSpoofer obfuscation, which Microsoft cannot detect.

we test with Microsoft Windows Server 2022 Standard Evaluation [10.0.20348 N/A Build 20348]

Antimalware Client Version: 4.18.2207.7, Engine Version: 1.1.19600.3, Antivirus Version: 1.375.781.0, Antispyware Version: 1.375.781.0




You get the best out of others when you give the best of yourself