SndVol[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SndVol.exe
Size

221KB
MD5

814c0208b55f7a4253a201139e62cea8
SHA1

a110d5f52dedf18311a744332edb2830c291410f
SHA256

71d7c194bfb480f5555c57d8d7da65e73619cf2ad10f66c4e0edb221306b964c
SHA512

41d1383738caa187b1b588528e18246f20c335f875fb866a981e7cbbbfc3e148fcc25741774b5c820c3d5036a6c96f54777a0806d13a5d87747d6b3d2b8457ed
SSDEEP

3072:kRkDApDba4ZyOS+rab0xnrMgYZjuLmsJIOO98Elp/jqsxBjbEyB7HbIkTpl:kfalzbyrPYZjuLW/GJy10S

Score

1^/10

Malware Config

Signatures

Files

SndVol.exe
.exe windows:10 windows x86

5f3f3778a963e0c44dcfb0f587f80b8a

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:8d:43:77:33:7a:d8:e5:3f:ba:75:ab:28:28:96:14:1d:ce:6e:8b:68:b9:c9:96:d7:eb:f9:a4:32:4b:54:b4
Signer

Actual PE Digest

7c:8d:43:77:33:7a:d8:e5:3f:ba:75:ab:28:28:96:14:1d:ce:6e:8b:68:b9:c9:96:d7:eb:f9:a4:32:4b:54:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateFontIndirectW
CreateDIBSection
ScriptStringFree
ScriptString_pLogAttr
ScriptStringAnalyse
CreateCompatibleDC
GetDeviceCaps
Rectangle
DeleteDC
PathToRegion
EndPath
SetBkMode
CreatePen
BeginPath
GetStockObject
Polygon
BitBlt
SetBkColor
SetTextColor
DeleteObject
SelectObject
CreateSolidBrush
GetObjectW

user32

DestroyMenu
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
KillTimer
CalculatePopupWindowPosition
DestroyIcon
EnumChildWindows
EnableWindow
EndDialog
SetRect
IsDlgButtonChecked
CheckDlgButton
CopyRect
GetParent
GetWindowTextW
GetScrollPos
SetScrollInfo
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsImmersiveProcess
GetIconInfoExW
SendDlgItemMessageW
InternalGetWindowText
GetWindow
IsWindowVisible
EnumWindows
GetClassLongW
TrackPopupMenuEx
SetClassLongW
DrawEdge
GetWindowRect
GetDC
MapWindowPoints
SetWindowLongW
GetWindowLongW
GetMenuItemCount
CheckMenuRadioItem
InsertMenuItemW
CreatePopupMenu
UnregisterClassA
GhostWindowFromHungWindow
GetSysColorBrush
FillRect
GetSysColor
InvalidateRect
CreateWindowExW
LoadCursorW
PrivateExtractIconsW
ValidateRect
FrameRect
MonitorFromRect
AdjustWindowRectEx
SetRectEmpty
SetCursor
ReleaseCapture
SetCapture
DrawFocusRect
GetFocus
OffsetRect
IsWindowEnabled
LoadImageW
ClientToScreen
EqualRect
GetClassInfoExW
RegisterClassExW
DestroyWindow
DialogBoxParamW
GetActiveWindow
GetWindowBand
ord2575
GetMenuItemInfoW
GetSystemMetrics
InflateRect
ReleaseDC
GetWindowTextLengthW
DrawTextW
SetDlgItemTextW
SetWindowTextW
SetProcessDefaultLayout
SetProcessDPIAware
BringWindowToTop
PostMessageW
SetForegroundWindow
FindWindowW
SendMessageW
CallWindowProcW
DefWindowProcW
LoadStringW
SetWindowPos
SetFocus
GetClientRect
ShowWindow
GetDlgItem
IsWindow

msvcrt

malloc
swprintf_s
wcstol
free
memmove_s
_wtoi
_controlfp
_except_handler4_common
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_wcsicmp
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
_isnan
iswspace
wcsstr
calloc
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
__CxxFrameHandler3
_ftol2
_ftol2_sse
memcpy
?terminate@@YAXXZ
memset

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

comctl32

ImageList_Remove
ord17
ord381
ImageList_Draw
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor
ImageList_CoCreateInstance

ole32

CoTaskMemFree
CoWaitForMultipleObjects
PropVariantClear
CoCreateGuid
CoAllowSetForegroundWindow
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

shell32

Shell_NotifyIconGetRect
ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW

gdiplus

GdipDeleteBrush
GdipCreateSolidFill
GdipDrawLine
GdipSetSmoothingMode
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreatePath
GdipDeletePath
GdiplusShutdown
GdiplusStartup
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipFillRectangle

ntdll

EtwGetTraceLoggerHandle
EtwEventActivityIdControl
EtwEventSetInformation
EtwEventWriteTransfer
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwEventRegister
EtwEventUnregister

uxtheme

DrawThemeParentBackgroundEx
BufferedPaintUnInit
BufferedPaintSetAlpha
OpenThemeData
DrawThemeBackground
DrawThemeText
CloseThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
BufferedPaintInit
GetThemeTextExtent
SetWindowTheme
IsThemeActive

dwmapi

DwmUpdateThumbnailProperties
DwmQueryThumbnailSourceSize
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmSetWindowAttribute
DwmIsCompositionEnabled

shlwapi

ord348
PathFindFileNameW
ord487
StrTrimW
PathFindExtensionW
PathParseIconLocationW

imm32

ImmDisableIME

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
SizeofResource
FreeResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleExW
FindResourceExW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventW
DeleteCriticalSection
SetEvent
CreateEventExW
InitializeCriticalSection
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
WaitForSingleObject
ReleaseMutex
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc
HeapSetInformation
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateThread
SetThreadPriority
TerminateProcess
GetCurrentProcessId
GetExitCodeProcess
GetCurrentThreadId
CreateProcessW
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserPreferredUILanguages
GetLocaleInfoEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
QueueUserWorkItem

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetMonitorInfoW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f3f3778a963e0c44dcfb0f587f80b8a

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

7c:8d:43:77:33:7a:d8:e5:3f:ba:75:ab:28:28:96:14:1d:ce:6e:8b:68:b9:c9:96:d7:eb:f9:a4:32:4b:54:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

api-ms-win-core-registry-l1-1-0

comctl32

ole32

oleaut32

shell32

gdiplus

ntdll

uxtheme

dwmapi

shlwapi

imm32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 121KB - Virtual size: 121KB

.imrsiv Size: - Virtual size: 4B

.data Size: 1KB - Virtual size: 4KB

.idata Size: 12KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 92B

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 8KB - Virtual size: 7KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7c:8d:43:77:33:7a:d8:e5:3f:ba:75:ab:28:28:96:14:1d:ce:6e:8b:68:b9:c9:96:d7:eb:f9:a4:32:4b:54:b4
Signer

.text
Size: 121KB - Virtual size: 121KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 1KB - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 92B

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 8KB - Virtual size: 7KB