SndVol[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

SndVol.exe
Size

210KB
MD5

fc0bffe396750bb00fafad0c62e7acda
SHA1

7b42015c44374c5ac44c82707e7d96dadeb73506
SHA256

aeb8f9088436f40063d13c600cfdccff67d2682ba973cbbe83e8b2b76bfa6121
SHA512

b4c85deaa340c0743ffb86fe14f86aa545e056c2b15a8ad3bd020a3667f8ddd9a9eac58988d5d2542733561851e7ed07a79b22a7b1f17d1fcec00cc96cd8e025
SSDEEP

3072:wKMTzCPpReR4y9RBzqOEyAInlNrw2tWtBJwHjbEyB7HbI8O/Yxyy+yWo:wAyzZqmQ/Jxy10pwwto

Score

1^/10

Malware Config

Signatures

Files

SndVol.exe
.exe windows:10 windows x86

c9ff0f21d764ea1c8be28168475a8365

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2015 17:15

Not After

18-11-2016 17:15

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:52:d0:00:19:9b:dd:bf:34:26:91:e8:03:71:6d:34:a8:1e:d4:78:a4:0c:ec:3d:52:19:d6:c4:f3:92:0c:92
Signer

Actual PE Digest

4c:52:d0:00:19:9b:dd:bf:34:26:91:e8:03:71:6d:34:a8:1e:d4:78:a4:0c:ec:3d:52:19:d6:c4:f3:92:0c:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectW
CreateFontIndirectW
ScriptStringFree
ScriptString_pLogAttr
CreateCompatibleDC
GetDeviceCaps
Rectangle
CreateSolidBrush
DeleteDC
PathToRegion
DeleteObject
EndPath
SetBkMode
GetStockObject
Polygon
BitBlt
CreatePen
BeginPath
SetBkColor
SetTextColor
SelectObject
ScriptStringAnalyse

user32

MapWindowPoints
SetWindowPos
GetWindowRect
SetFocus
SetProcessDefaultLayout
SetProcessDPIAware
BringWindowToTop
PostMessageW
SetForegroundWindow
FindWindowW
SendMessageW
CallWindowProcW
SystemParametersInfoW
LoadImageW
IsWindowEnabled
OffsetRect
GetFocus
DrawFocusRect
GetClientRect
ClientToScreen
SetCapture
ReleaseCapture
SetCursor
SetRectEmpty
AdjustWindowRectEx
MonitorFromRect
GetMonitorInfoW
FrameRect
GetActiveWindow
PrivateExtractIconsW
LoadStringW
SetWindowTextW
GetSysColorBrush
DialogBoxParamW
DestroyWindow
FillRect
SetDlgItemTextW
GetDC
DrawTextW
ReleaseDC
InflateRect
GetSystemMetrics
CreatePopupMenu
LoadCursorW
InsertMenuItemW
CheckMenuRadioItem
GetMenuItemCount
TrackPopupMenuEx
GetMenuItemInfoW
DestroyMenu
SetWindowRgn
BeginPaint
EndPaint
IntersectRect
CreateDialogParamW
PostQuitMessage
GetDlgCtrlID
SubtractRect
PtInRect
SendMessageTimeoutW
SendNotifyMessageW
LoadIconW
SetTimer
RegisterClassExW
GetClassInfoExW
EqualRect
ValidateRect
ord2575
GetWindowBand
GhostWindowFromHungWindow
UnregisterClassA
DefWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
InvalidateRect
GetSysColor
IsWindow
GetDlgItem
NotifyWinEvent
GetForegroundWindow
GetWindowThreadProcessId
GetDoubleClickTime
KillTimer
CalculatePopupWindowPosition
DestroyIcon
EnumChildWindows
EnableWindow
EndDialog
SetRect
IsDlgButtonChecked
CheckDlgButton
CopyRect
GetParent
DrawEdge
SetClassLongW
GetWindowTextLengthW
GetClassLongW
EnumWindows
IsWindowVisible
GetWindow
InternalGetWindowText
GetIconInfoExW
SendDlgItemMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetScrollInfo
GetScrollPos
GetWindowTextW
ShowWindow

msvcrt

_CxxThrowException
__CxxFrameHandler3
_ftol2
_ftol2_sse
_except_handler4_common
_controlfp
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
iswspace
memset
_callnewh
_isnan
calloc
_purecall
_resetstkoflw
vswprintf_s
_vscwprintf
memmove_s
swprintf_s
wcstol
_wtoi
_wcsicmp
malloc
free
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
memcpy

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegGetValueW

comctl32

ImageList_Draw
ImageList_Remove
ord17
ord381
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
ImageList_SetBkColor

ole32

PropVariantClear
CoCreateGuid
CoAllowSetForegroundWindow
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shell32

ShellExecuteExW
SHGetFileInfoW
CommandLineToArgvW
Shell_NotifyIconGetRect

gdiplus

GdipFillRectangle
GdipDeletePath
GdipAddPathLine
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawLine
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup
GdipDeletePen
GdipCreatePen1
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreatePath
GdipFillPath
GdipCreateLineBrush

ntdll

EtwEventActivityIdControl
EtwEventWriteTransfer
EtwEventWrite
EtwTraceMessage
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation

uxtheme

EndBufferedPaint
BufferedPaintSetAlpha
BeginBufferedPaint
GetThemeColor
DrawThemeTextEx
BufferedPaintInit
BufferedPaintUnInit
OpenThemeData
DrawThemeBackground
DrawThemeText
CloseThemeData
IsThemeActive
SetWindowTheme
GetThemeTextExtent
DrawThemeParentBackgroundEx
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground

dwmapi

DwmSetWindowAttribute
DwmQueryThumbnailSourceSize
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmUnregisterThumbnail
DwmIsCompositionEnabled

shlwapi

PathFindFileNameW
ord348
PathParseIconLocationW
StrTrimW
PathFindExtensionW
ord487

imm32

ImmDisableIME

kernel32

GetLocaleInfoEx
GetUserPreferredUILanguages
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
HeapDestroy
HeapReAlloc
HeapSize
QueryFullProcessImageNameW
UnregisterWaitEx
RegisterWaitForSingleObject
GetExitCodeProcess
OpenProcess
QueueUserWorkItem
LocalFree
MulDiv
CreateThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
CreateEventW
CreateProcessW
QueryPerformanceCounter
FindResourceExW
LoadResource
LockResource
SizeofResource
Sleep
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapSetInformation
GlobalFree
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
SetThreadPriority
FreeLibrary
FindResourceW
ExpandEnvironmentStringsW
FreeResource
DelayLoadFailureHook
ResolveDelayLoadedAPI

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9ff0f21d764ea1c8be28168475a8365

Code Sign

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bcCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4c:52:d0:00:19:9b:dd:bf:34:26:91:e8:03:71:6d:34:a8:1e:d4:78:a4:0c:ec:3d:52:19:d6:c4:f3:92:0c:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

msvcrt

api-ms-win-core-registry-l1-1-0

comctl32

ole32

oleaut32

shell32

gdiplus

ntdll

uxtheme

dwmapi

shlwapi

imm32

kernel32

Sections

.text Size: 115KB - Virtual size: 115KB

.imrsiv Size: - Virtual size: 4B

.data Size: 1024B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 65KB - Virtual size: 65KB

.reloc Size: 7KB - Virtual size: 7KB

33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4c:52:d0:00:19:9b:dd:bf:34:26:91:e8:03:71:6d:34:a8:1e:d4:78:a4:0c:ec:3d:52:19:d6:c4:f3:92:0c:92
Signer

.text
Size: 115KB - Virtual size: 115KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 65KB - Virtual size: 65KB

.reloc
Size: 7KB - Virtual size: 7KB