dsound[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dsound.dll
Size

443KB
MD5

0e85c11f8850d524b02181c6e02ba9ae
SHA1

d992c73fe5cef2ed894e8053a3e44860b7ce23bb
SHA256

8703566931067ccf949e9779e4d328dd21210329dd687459300c83ddd06390a8
SHA512

25c4137e872b9e72ef2c0cb778d8bd9dcb48cbec8446ec531e5c6a47a3e4a943d98e359875aac68d017dab2bf33bce501e9047f309cc72c4b45762db6fc3cc5a
SSDEEP

12288:8Rz/azNQO15sNsjlNBVF9uZj/5ANkSD5O:8Rz/2C6+B/5AC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dsound.dll

Files

dsound.dll
.dll windows:6 windows x86 arch:x86

4028328557669218c3e09adaca7c1802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsound.pdb

Imports

msvcrt

floor
_CIsin
free
malloc
_XcptFilter
_controlfp
ceil
_CIlog
_initterm
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_aligned_free
_aligned_malloc
memmove
_CIlog10
memcpy
_isnan
_CItan
_CIpow
_CIcos
_ftol2
__CxxFrameHandler3
memset
_ftol2_sse
_CIsqrt
_CIatan2
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_vsnwprintf

kernel32

GetTickCount
QueryPerformanceCounter
WaitForSingleObject
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
InterlockedCompareExchange64
OutputDebugStringA
GetThreadTimes
CloseHandle
GetFullPathNameW
GetModuleFileNameW
GetModuleHandleW
lstrcmpiW
GetFileSize
SetFilePointer
ReadFile
CreateFileW
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
DuplicateHandle
GetCurrentProcess
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
lstrlenW
lstrcmpW
LoadLibraryW
ReleaseMutex
QueryPerformanceFrequency
DisableThreadLibraryCalls
CreateMutexW
GetCurrentThreadId
GetCurrentProcessId
LocalFree
GetSystemPowerStatus
InitializeCriticalSection
LeaveCriticalSection
SetEvent
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InterlockedDecrement
SetThreadPriority
GetCurrentThread
CreateThread
CreateEventW
WaitForMultipleObjects
Sleep
ReleaseSemaphore
OpenProcess
GetExitCodeThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
MulDiv
InterlockedExchange
SwitchToThread
InterlockedCompareExchange
GetProcessHeap
GetSystemInfo
HeapSize
CreateSemaphoreW
GetProcessTimes

user32

GetParent
CharUpperW
GetWindowPlacement
IsWindow
GetWindowThreadProcessId
LoadStringW
GetForegroundWindow

advapi32

GetTraceEnableLevel
RegOpenKeyExA
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExA
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
RegCreateKeyA
GetTraceEnableFlags
RegCloseKey
RegSetValueExW
RegSetValueExA
RegQueryValueExW

ole32

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
PropVariantClear
CoTaskMemFree

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
waveOutGetDevCapsW
waveOutGetNumDevs
waveInGetNumDevs
waveInGetDevCapsW

powrprof

PowerReadACValue
PowerGetActiveScheme
CallNtPowerInformation
PowerReadDCValue

Exports

Exports

DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DllCanUnloadNow
DllGetClassObject
GetDeviceID

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4028328557669218c3e09adaca7c1802

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

winmm

powrprof

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 415KB

RT_CODE Size: 512B - Virtual size: 284B

.data Size: 13KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 415KB - Virtual size: 415KB

RT_CODE
Size: 512B - Virtual size: 284B

.data
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB