SndVol[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SndVol.exe
Size

185KB
MD5

8d40c30d3ba0030d55c1249c118d7f63
SHA1

632d51ff780f125352dfc98e2fcd836643063878
SHA256

496fa6bf30f3205fb2232a1706d6de91b3a5e27cd2c2cccb70b7a3a0e29c091b
SHA512

ee596396192e006a19bd869646cf7d7841fa2c75093236c893fb58e4d5922eca2243853982fba2d829dd32bccac951f05294bae81278fe4aaaa7ab1081ef87a4
SSDEEP

3072:0QBEKrV+tRVL7OcQiCPB/l42aSvkjbEyB7HbIVXM+O1c:0QCKr0tryBTw2aSby10ht

Score

1^/10

Malware Config

Signatures

Files

SndVol.exe
.exe windows x86

669920c64279561a955bf3773b99ccd5

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/07/2014, 20:32

Not After

01/10/2015, 20:32

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:5f:6b:4c:56:92:43:c4:b0:4f:65:84:04:42:74:cd:0b:24:ce:8a:63:c4:19:0d:49:89:32:15:7b:bd:af:38
Signer

Actual PE Digest

f9:5f:6b:4c:56:92:43:c4:b0:4f:65:84:04:42:74:cd:0b:24:ce:8a:63:c4:19:0d:49:89:32:15:7b:bd:af:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectW
CreateFontIndirectW
GetDeviceCaps
Rectangle
CreateSolidBrush
DeleteDC
PathToRegion
EndPath
BitBlt
Polygon
GetStockObject
SetBkMode
CreatePen
BeginPath
SetBkColor
SetTextColor
SelectObject
CreateCompatibleDC
ScriptStringAnalyse
ScriptString_pLogAttr
ScriptStringFree
DeleteObject

user32

ValidateRect
FrameRect
GetMonitorInfoW
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
SystemParametersInfoW
ClientToScreen
EqualRect
SetForegroundWindow
PostMessageW
BringWindowToTop
SetProcessDPIAware
SetProcessDefaultLayout
GetActiveWindow
DialogBoxParamW
RegisterClassExW
GetClassInfoExW
PrivateExtractIconsW
FindWindowW
LoadCursorW
DestroyWindow
SendMessageW
InvalidateRect
GetSysColor
IsWindow
GetDlgItem
ShowWindow
GetClientRect
MapWindowPoints
SetWindowPos
GetWindowRect
SetFocus
CallWindowProcW
DefWindowProcW
LoadStringW
SetWindowTextW
GetSysColorBrush
FillRect
SetDlgItemTextW
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetMenuItemInfoW
GetForegroundWindow
GetWindowThreadProcessId
GetDC
DrawTextW
ReleaseDC
GetWindowLongW
SetWindowLongW
DestroyMenu
CreateWindowExW
GetWindowTextW
GetWindowBand
GhostWindowFromHungWindow
UnregisterClassA
InflateRect
GetSystemMetrics
CreatePopupMenu
InsertMenuItemW
CheckMenuRadioItem
GetMenuItemCount
TrackPopupMenuEx
DrawEdge
SetClassLongW
GetWindowTextLengthW
GetClassLongW
EnumWindows
IsWindowVisible
GetWindow
InternalGetWindowText
GetIconInfoExW
SendDlgItemMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetScrollInfo
GetScrollPos
GetDoubleClickTime
GetParent
CopyRect
CheckDlgButton
IsDlgButtonChecked
SetRect
EndDialog
EnableWindow
EnumChildWindows
DestroyIcon
CalculatePopupWindowPosition
KillTimer

msvcrt

__CxxFrameHandler3
_ftol2
_ftol2_sse
_XcptFilter
__p__commode
_amsg_exit
_CxxThrowException
__set_app_type
exit
memset
_isnan
calloc
_purecall
_controlfp
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??_U@YAPAXI@Z
iswspace
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_resetstkoflw
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
_vsnwprintf
free
malloc
memcpy
swprintf_s
??2@YAPAXI@Z
wcstol
_wtoi
_wcsicmp
??_V@YAXPAX@Z
__wgetmainargs
??3@YAXPAX@Z
_cexit
_exit

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegGetValueW
RegSetValueExW

comctl32

ord17
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
ord381
ImageList_Remove

ole32

PropVariantClear
CoCreateGuid
CoAllowSetForegroundWindow
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shell32

ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW
Shell_NotifyIconGetRect

gdiplus

GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipFillRectangle
GdipCreateLineBrush

ntdll

EtwEventWrite
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventUnregister
EtwEventRegister
EtwGetTraceEnableFlags

uxtheme

GetThemeColor
DrawThemeParentBackground
GetThemeSysColor
DrawThemeParentBackgroundEx
GetThemeTextExtent
SetWindowTheme
IsThemeActive
CloseThemeData
DrawThemeText
DrawThemeBackground
OpenThemeData
BufferedPaintUnInit
BufferedPaintInit
BeginBufferedPaint
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeTextEx
IsThemeBackgroundPartiallyTransparent

dwmapi

DwmUnregisterThumbnail
DwmUpdateThumbnailProperties
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmQueryThumbnailSourceSize
DwmRegisterThumbnail

shlwapi

PathFindFileNameW
ord348
PathParseIconLocationW
StrTrimW
PathFindExtensionW
ord487

imm32

ImmDisableIME

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
LoadLibraryExA
DecodePointer
VirtualAlloc
GetProcAddress
FlushInstructionCache
IsProcessorFeaturePresent
InterlockedPopEntrySList
VirtualFree
GetCurrentProcess
EncodePointer
GetUserPreferredUILanguages
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
OutputDebugStringA
QueryFullProcessImageNameW
UnregisterWaitEx
RegisterWaitForSingleObject
GetExitCodeProcess
OpenProcess
QueueUserWorkItem
LocalFree
FormatMessageW
ResetEvent
WaitForSingleObject
SetEvent
SetThreadPriority
CreateThread
CreateEventW
GetCurrentProcessId
CreateProcessW
QueryPerformanceCounter
FindResourceExW
LoadResource
LockResource
SizeofResource
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
HeapSetInformation
GlobalFree
CloseHandle
GetLastError
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
HeapDestroy
GetLocaleInfoEx
MulDiv
LoadLibraryExW
ExpandEnvironmentStringsW
FreeResource
FindResourceW
FreeLibrary
ResolveDelayLoadedAPI
DelayLoadFailureHook

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

669920c64279561a955bf3773b99ccd5

Code Sign

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f9:5f:6b:4c:56:92:43:c4:b0:4f:65:84:04:42:74:cd:0b:24:ce:8a:63:c4:19:0d:49:89:32:15:7b:bd:af:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

api-ms-win-core-registry-l1-1-0

comctl32

ole32

oleaut32

shell32

gdiplus

ntdll

uxtheme

dwmapi

shlwapi

imm32

kernel32

Sections

.text Size: 91KB - Virtual size: 91KB

.imrsiv Size: - Virtual size: 4B

.data Size: 1024B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 7KB - Virtual size: 6KB

33:00:00:00:4e:a1:d8:07:70:a9:bb:e9:44:00:00:00:00:00:4e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f9:5f:6b:4c:56:92:43:c4:b0:4f:65:84:04:42:74:cd:0b:24:ce:8a:63:c4:19:0d:49:89:32:15:7b:bd:af:38
Signer

.text
Size: 91KB - Virtual size: 91KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 7KB - Virtual size: 6KB