SoundpadService[.]exe

Resubmissions

14/10/2023, 11:07

231014-m7zyesfb45 1

Sharing

Copy URL Twitter E-mail

General

Target

SoundpadService.exe
Size

307KB
MD5

57d234963fc02d8a574e42e79be8ff2a
SHA1

ded079b4ec9af3cada65132c3d21f15baf597b1e
SHA256

bccef3ec82ba62eb7b7d4083a58f08f5c923fc9984b455948a3681d1f4410464
SHA512

2992acf93096fabb1a861b317f4b938d2f79ef1bfca4de233005ef5ac2b6d0e69fbb66aba1073de5d0a26cbe12016eb36052f1b95c09c4cbcfb2cbf947ffedc2
SSDEEP

6144:mblShrS2t0MOvMOszO7ClCzHohsg7vMMyJg:SShuO0PsJkzHoWgdyW

Score

1^/10

Malware Config

Signatures

Files

SoundpadService.exe
.exe windows:6 windows x64

d505dbfbc0472f5e9db640a11a4c07eb

Code Sign

20:1b:a2:64:3f:56:60:f8:0d:99:9a:f9:81:90:cd:f1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/10/2019, 00:00

Not After

10/10/2022, 23:59

Subject

CN=Arthur Lepp,O=Arthur Lepp,POSTALCODE=50825,STREET=Iltisstr. 142,L=Köln,ST=NRW,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e5:a7:d0:b7:fe:29:a4:15:2f:88:3e:f8:4d:de:d0:1f:25:db:80:07
Signer

Actual PE Digest

e5:a7:d0:b7:fe:29:a4:15:2f:88:3e:f8:4d:de:d0:1f:25:db:80:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
CreateEventW
GetLastError
ResetEvent
WaitForSingleObject
WriteConsoleW
SetEvent
UnmapViewOfFile
CreateEventExW
FindNextFileW
GetCurrentProcess
CreateMutexW
FindClose
GetFileAttributesW
ReleaseMutex
OpenFileMappingW
OpenProcess
CreateToolhelp32Snapshot
FormatMessageW
GetFileAttributesExW
Process32NextW
Process32FirstW
CloseHandle
GetProcAddress
GetModuleHandleW
QueryFullProcessImageNameW
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
GetCurrentThreadId
GetLocalTime
MoveFileExW
GetCurrentProcessId
HeapAlloc
LocalFree
GetProcessHeap
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateThread
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
ReadFile
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileW
HeapSize
SetEndOfFile

user32

GetWindowRect
GetShellWindow
GetDesktopWindow
GetForegroundWindow
SendMessageW
MapVirtualKeyW
GetRawInputData
GetAsyncKeyState
RegisterRawInputDevices
UnhookWindowsHookEx
SetWindowsHookExW
PostMessageW
GetWindowThreadProcessId
SendInput
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DefWindowProcW
CallNextHookEx

gdi32

GetStockObject

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d505dbfbc0472f5e9db640a11a4c07eb

Code Sign

20:1b:a2:64:3f:56:60:f8:0d:99:9a:f9:81:90:cd:f1Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

e5:a7:d0:b7:fe:29:a4:15:2f:88:3e:f8:4d:de:d0:1f:25:db:80:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

20:1b:a2:64:3f:56:60:f8:0d:99:9a:f9:81:90:cd:f1
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

e5:a7:d0:b7:fe:29:a4:15:2f:88:3e:f8:4d:de:d0:1f:25:db:80:07
Signer

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB