SndVol[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SndVol.exe
Size

176KB
MD5

3463868e894de0d4bcd516eaa255dd3c
SHA1

458ad1ef8cac96edb80e2d4898ce0d159f6917ed
SHA256

d551eca7439dd02b13e9007a262a0e755eaa302ab21d881730a8c1f9c96726b0
SHA512

b268b88d30de03e8f70bc297e166a57d9f3df713aa6e767cfeda694dfbf9083220c8daee065c2ffbedfc16861b56e9d1dfeeb33ccb21e20a9ae2c28b7a3c5516
SSDEEP

3072:Ue3mJ/LK492eyj7YVFLbfEPg4CyXd4fCjbEyB7HbIo5CfqE/:p3s/LK492eyYQxd4py10oy/

Score

1^/10

Malware Config

Signatures

Files

SndVol.exe
.exe windows x86

de04aaa2a79b3296a8e715919f6fb711

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17/06/2013, 21:43

Not After

17/09/2014, 21:43

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:06:29:4f:ac:92:48:d3:37:2e:b7:4d:e4:ad:7b:5d:7a:b7:1d:05:81:cf:e0:15:f5:16:6c:66:45:3e:4e:d4
Signer

Actual PE Digest

f8:06:29:4f:ac:92:48:d3:37:2e:b7:4d:e4:ad:7b:5d:7a:b7:1d:05:81:cf:e0:15:f5:16:6c:66:45:3e:4e:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectW
CreateFontIndirectW
GetDeviceCaps
Rectangle
CreateSolidBrush
DeleteDC
PathToRegion
EndPath
BitBlt
Polygon
GetStockObject
SetBkMode
CreatePen
BeginPath
SetBkColor
SetTextColor
SelectObject
CreateCompatibleDC
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree
DeleteObject

user32

ValidateRect
FrameRect
GetMonitorInfoW
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
SystemParametersInfoW
ClientToScreen
EqualRect
SetForegroundWindow
PostMessageW
BringWindowToTop
SetProcessDPIAware
SetProcessDefaultLayout
GetActiveWindow
DialogBoxParamW
RegisterClassExW
GetClassInfoExW
LoadCursorW
DestroyWindow
CreateWindowExW
InvalidateRect
PrivateExtractIconsW
FindWindowW
SendMessageW
IsWindow
GetDlgItem
ShowWindow
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowRect
SetFocus
LoadStringW
SetWindowTextW
GetSysColorBrush
FillRect
CallWindowProcW
DefWindowProcW
SetDlgItemTextW
GetDC
DrawTextW
ReleaseDC
InflateRect
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
GetMenuItemInfoW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetSystemMetrics
CreatePopupMenu
InsertMenuItemW
GetWindowLongW
SetWindowLongW
DestroyMenu
GetSysColor
GetWindowTextW
GetWindowBand
GhostWindowFromHungWindow
UnregisterClassA
CheckMenuRadioItem
GetMenuItemCount
TrackPopupMenuEx
DrawEdge
SetClassLongW
GetWindowTextLengthW
GetClassLongW
EnumWindows
IsWindowVisible
GetWindow
InternalGetWindowText
GetIconInfoExW
SendDlgItemMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetScrollInfo
GetScrollPos
GetDoubleClickTime
GetParent
CopyRect
CheckDlgButton
IsDlgButtonChecked
SetRect
EndDialog
EnableWindow
EnumChildWindows
DestroyIcon
CalculatePopupWindowPosition
KillTimer

msvcrt

_isnan
memset
_XcptFilter
__p__commode
calloc
_ftol2_sse
_wcsicmp
??3@YAXPAX@Z
_ftol2
_controlfp
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_wcmdln
_initterm
??_U@YAPAXI@Z
iswspace
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__CxxFrameHandler3
_CxxThrowException
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
_vsnwprintf
free
malloc
swprintf_s
??2@YAPAXI@Z
wcstol
_wtoi
memcpy
??_V@YAXPAX@Z
__wgetmainargs
_amsg_exit

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegCreateKeyExW
RegSetValueExW

comctl32

ord17
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
ord381
ImageList_Remove

ole32

PropVariantClear
CoCreateGuid
CoAllowSetForegroundWindow
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shell32

ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW
Shell_NotifyIconGetRect

gdiplus

GdiplusShutdown
GdiplusStartup
GdipFillPath
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipFillRectangle
GdipCreateLineBrush

ntdll

EtwEventWrite
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwEventUnregister
EtwEventRegister
EtwGetTraceLoggerHandle

uxtheme

GetThemeColor
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
DrawThemeParentBackgroundEx
GetThemeTextExtent
IsThemeActive
CloseThemeData
DrawThemeText
DrawThemeBackground
OpenThemeData
BufferedPaintUnInit
BufferedPaintInit
BeginBufferedPaint
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeTextEx
SetWindowTheme

dwmapi

DwmIsCompositionEnabled
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmUpdateThumbnailProperties
DwmQueryThumbnailSourceSize
DwmSetWindowAttribute

shlwapi

PathFindFileNameW
ord348
PathParseIconLocationW
StrTrimW
PathFindExtensionW
ord487

imm32

ImmDisableIME

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPopEntrySList
VirtualFree
GetProcessHeap
HeapSize
GetUserPreferredUILanguages
HeapReAlloc
HeapAlloc
HeapDestroy
QueryFullProcessImageNameW
UnregisterWaitEx
RegisterWaitForSingleObject
OutputDebugStringA
OpenProcess
QueueUserWorkItem
LocalFree
FormatMessageW
ResetEvent
WaitForSingleObject
SetEvent
SetThreadPriority
CreateThread
CreateEventW
GetCurrentProcessId
CreateProcessW
QueryPerformanceCounter
FindResourceExW
LoadResource
LockResource
SizeofResource
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
HeapSetInformation
GlobalFree
CloseHandle
GetLastError
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetExitCodeProcess
GetLocaleInfoEx
MulDiv
LoadLibraryExW
ExpandEnvironmentStringsW
FreeResource
FindResourceW
FreeLibrary
ResolveDelayLoadedAPI
DelayLoadFailureHook
HeapFree

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de04aaa2a79b3296a8e715919f6fb711

Code Sign

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f8:06:29:4f:ac:92:48:d3:37:2e:b7:4d:e4:ad:7b:5d:7a:b7:1d:05:81:cf:e0:15:f5:16:6c:66:45:3e:4e:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

api-ms-win-core-registry-l1-1-0

comctl32

ole32

oleaut32

shell32

gdiplus

ntdll

uxtheme

dwmapi

shlwapi

imm32

kernel32

Sections

.text Size: 84KB - Virtual size: 83KB

.imrsiv Size: - Virtual size: 4B

.data Size: 1024B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 5KB - Virtual size: 5KB

33:00:00:00:24:18:fc:0b:68:9e:73:99:d0:00:00:00:00:00:24
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f8:06:29:4f:ac:92:48:d3:37:2e:b7:4d:e4:ad:7b:5d:7a:b7:1d:05:81:cf:e0:15:f5:16:6c:66:45:3e:4e:d4
Signer

.text
Size: 84KB - Virtual size: 83KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 5KB - Virtual size: 5KB