SndVolSSO[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SndVolSSO.dll
Size

756KB
MD5

18e096c7188cbcb4222b8f5877feb3e5
SHA1

c9368aa4c451458a6ecbda61fa2897f40cd7c630
SHA256

b6e93bf760d78e4a758e034d505d2edda008e49535dcc69c57f7539f08c33c6c
SHA512

3de77e8daa7b3e4ccf70270e880fa269bb73992af9c72501d803f23dbff6a5f8c661f6b5bf68b835ee51c90428b3bb5d8f9ae8ce9216c61245c142ec33bcba18
SSDEEP

6144:++Dn5PsuigxBMPOAV/KY+8Vs8TUfiECI3MSwopyXU:9nigr0FVJPVnTNWDh8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SndVolSSO.dll

Files

SndVolSSO.dll
.dll windows:10 windows x86 arch:x86

90b177a7410a49a09ee29327abb39219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SndVolSSO.pdb

Imports

msvcrt

_get_errno
_aligned_free
_CIsin
_CxxThrowException
_set_errno
floor
__CxxFrameHandler3
memcmp
memcpy
_ftol2_sse
_aligned_malloc
realloc
_errno
_except_handler4_common
_ftol2
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
swprintf_s
_scwprintf
memmove_s
_purecall
_wcsnicmp
_resetstkoflw
rand
srand
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
??1type_info@@UAE@XZ
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadResource
GetModuleHandleExW
GetModuleHandleW
SizeofResource
LockResource
LoadLibraryExW
GetProcAddress
LoadLibraryExA
FindResourceExW
LoadStringW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
CreateMutexW
ReleaseMutex
InitializeCriticalSectionEx
ReleaseSemaphore
OpenEventW
EnterCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
SetEvent
InitializeSRWLock
CreateSemaphoreExW
DeleteCriticalSection
CreateEventExW
InitializeCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapDestroy
HeapSize
HeapReAlloc
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
CreateProcessW
ProcessIdToSessionId
GetCurrentProcessId
OpenProcessToken
CreateThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetUserPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
RpcStringBindingComposeW

api-ms-win-core-com-l1-1-0

CoGetMalloc
StringFromCLSID
CoTaskMemRealloc
CoGetApartmentType
PropVariantClear
CoWaitForMultipleHandles
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetTickCount64

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringLen

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

ntdll

EtwEventWriteTransfer
NtQueryWnfStateData
RtlEqualWnfChangeStamps
RtlNtStatusToDosError
RtlQueryWnfStateData
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventSetInformation
EtwEventUnregister
EtwEventRegister

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackageOrigin

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

mmdevapi

ord28
ord29

ole32

CoAllowSetForegroundWindow

user32

GetMenuInfo
SetPropW
SetMenuInfo
RemovePropW
GetCurrentInputMessageSource
SystemParametersInfoW
GetParent
AreDpiAwarenessContextsEqual
DrawTextExW
GetWindowDpiAwarenessContext
GetPropW
SetMessageExtraInfo
GetDC
GetMessageExtraInfo
GetMenuItemInfoW
GetDpiForWindow
ReleaseDC
GetWindowBand
DrawIconEx
DrawTextW
GetSystemMetricsForDpi
PrivateExtractIconsW
LoadIconW
LoadImageW
GetClassNameW
GetDpiForSystem
WindowFromPoint
MonitorFromWindow
FindWindowW
UnregisterClassA
DispatchMessageW
TranslateMessage
GetMessageW
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputData
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyWindow
DestroyIcon
IsWindow
CallWindowProcW
SetWindowLongW
DefWindowProcW
KillTimer
SetForegroundWindow
PostMessageW
SetTimer
BringWindowToTop
SetMenuItemInfoW
AppendMenuW
TrackPopupMenuEx
DeleteMenu
EnableMenuItem
GetSubMenu
LoadMenuW
SendMessageW
GetMonitorInfoW
MonitorFromPoint
GetWindowLongW
RegisterWindowMessageW
SendNotifyMessageW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

shcore

SHTaskPoolQueueTask

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

gdi32

ExcludeClipRect
SetTextColor
DeleteDC
StretchBlt
GdiAlphaBlend
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetCurrentObject
CreateSolidBrush
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetStretchBltMode
GetObjectW
SetBkMode

uxtheme

OpenThemeData
DrawThemeTextEx
DrawThemeBackground
GetThemeFont
CloseThemeData
GetThemeColor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90b177a7410a49a09ee29327abb39219

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

ntdll

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-appmodel-runtime-l1-1-0

mmdevapi

ole32

user32

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l2-1-0

shcore

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

gdi32

uxtheme

Exports

Exports

Sections

.text Size: 239KB - Virtual size: 238KB

.data Size: 1KB - Virtual size: 5KB

.idata Size: 10KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 240B

.rsrc Size: 489KB - Virtual size: 488KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 239KB - Virtual size: 238KB

.data
Size: 1KB - Virtual size: 5KB

.idata
Size: 10KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 240B

.rsrc
Size: 489KB - Virtual size: 488KB

.reloc
Size: 15KB - Virtual size: 14KB