SndVol[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SndVol.exe
Size

165KB
MD5

ac7deff5f41cb4a0587847ab3cc847ea
SHA1

a840f7c2c410deb65680974a026459c7968a198d
SHA256

7d833fd36289d1404aac8ba5384bec4f26582214f1d0535eee5354acbbbed756
SHA512

425f31617b378e7a7fc63e6f6b6aa536f3ff6c49b84fb2428af7b7357ca1673aee8e30b752a094a2deecc3c1d42fc83dd38dc39f664f898e049683f4d95903e5
SSDEEP

3072:/wENEkfVkYc3jxL/+Skt1KTJ6XngKgKpRyvLF2jbEyB7HbI9VlE:/wqEkfVkYc3VD3kTtZyvLvy109VK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SndVol.exe

Files

SndVol.exe
.exe windows x86

58ec0adf398a2a0c963eef10a72f60bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectW
CreateFontIndirectW
GetDeviceCaps
Rectangle
CreateSolidBrush
DeleteDC
PathToRegion
EndPath
BitBlt
Polygon
GetStockObject
SetBkMode
CreatePen
BeginPath
SetBkColor
SetTextColor
SelectObject
CreateCompatibleDC
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree
DeleteObject

user32

PrivateExtractIconsW
ValidateRect
FrameRect
GetMonitorInfoW
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
SystemParametersInfoW
ClientToScreen
EqualRect
SetForegroundWindow
PostMessageW
BringWindowToTop
SetProcessDPIAware
SetProcessDefaultLayout
GetActiveWindow
DialogBoxParamW
RegisterClassExW
GetClassInfoExW
LoadCursorW
FindWindowW
DestroyWindow
CreateWindowExW
SendMessageW
GetSysColor
IsWindow
GetDlgItem
ShowWindow
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowRect
SetFocus
LoadStringW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowTextW
GetSysColorBrush
FillRect
SetDlgItemTextW
GetDC
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
LoadIconW
TrackPopupMenuEx
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
DrawTextW
ReleaseDC
InflateRect
SetWindowLongW
DestroyMenu
GetMenuItemInfoW
InvalidateRect
GetWindowTextW
GhostWindowFromHungWindow
UnregisterClassA
GetSystemMetrics
CreatePopupMenu
InsertMenuItemW
CheckMenuRadioItem
GetMenuItemCount
DrawEdge
SetClassLongW
GetWindowTextLengthW
GetClassLongW
EnumWindows
IsWindowVisible
GetWindow
InternalGetWindowText
GetIconInfoExW
SendDlgItemMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetScrollInfo
GetScrollPos
KillTimer
GetParent
CopyRect
CheckDlgButton
IsDlgButtonChecked
SetRect
EndDialog
EnableWindow
EnumChildWindows
DestroyIcon
CalculatePopupWindowPosition

msvcrt

_ftol2_sse
memset
_XcptFilter
__p__commode
_amsg_exit
_ftol2
__CxxFrameHandler3
??3@YAXPAX@Z
_CxxThrowException
_isnan
calloc
_controlfp
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
??_U@YAPAXI@Z
iswspace
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
_vsnwprintf
free
malloc
swprintf_s
??2@YAPAXI@Z
memcpy
wcstol
_wtoi
_wcsicmp
??_V@YAXPAX@Z
__wgetmainargs
_exit
exit
__set_app_type

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegGetValueW

comctl32

ord17
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
ord381
ImageList_Remove

ole32

CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree
PropVariantClear

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shell32

ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW
Shell_NotifyIconGetRect

gdiplus

GdipCreatePath
GdiplusShutdown
GdipDeletePath
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdiplusStartup
GdipFillRectangle

ntdll

EtwEventWrite
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwEventUnregister
EtwEventRegister
EtwGetTraceEnableLevel

uxtheme

BeginBufferedPaint
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
DrawThemeParentBackgroundEx
SetWindowTheme
IsThemeActive
CloseThemeData
DrawThemeText
DrawThemeBackground
OpenThemeData
BufferedPaintUnInit
BufferedPaintInit
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeTextEx
GetThemeColor
GetThemeTextExtent

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmUpdateThumbnailProperties
DwmQueryThumbnailSourceSize

shlwapi

PathFindFileNameW
ord348
PathParseIconLocationW
StrTrimW
PathFindExtensionW
ord487

imm32

ImmDisableIME

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPopEntrySList
VirtualFree
GetProcessHeap
HeapSize
GetUserPreferredUILanguages
HeapReAlloc
HeapAlloc
HeapDestroy
QueryFullProcessImageNameW
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringA
OpenProcess
QueueUserWorkItem
LocalFree
FormatMessageW
ResetEvent
WaitForSingleObject
SetEvent
SetThreadPriority
CreateThread
CreateEventW
GetCurrentProcessId
CreateProcessW
QueryPerformanceCounter
FindResourceExW
LoadResource
LockResource
SizeofResource
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
HeapSetInformation
GlobalFree
CloseHandle
GetLastError
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetExitCodeProcess
GetLocaleInfoEx
MulDiv
LoadLibraryExW
ExpandEnvironmentStringsW
FreeResource
FindResourceW
FreeLibrary
ResolveDelayLoadedAPI
DelayLoadFailureHook
HeapFree

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58ec0adf398a2a0c963eef10a72f60bf

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

api-ms-win-core-registry-l1-1-0

comctl32

ole32

oleaut32

shell32

gdiplus

ntdll

uxtheme

dwmapi

shlwapi

imm32

kernel32

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 1024B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 5KB - Virtual size: 5KB