AudioSes[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AudioSes.dll
Size

1.2MB
MD5

8353344042a351b6dcdcde46ef6d94c2
SHA1

d023fdcbba059d8005c2335f678538d5ccdbe735
SHA256

6e09336b89a8e7ad687b2043941bd2c14dc9b7c66d9d13c76174b7e0debe54c1
SHA512

ab1e06f85ebd02d0c631530f4f04fb00f061e0ab62ed00ded1980181ecbb64211543dd825a1ae0e61fb138a2fa2f7dc4f30b976023f4b8b2257677af037f3d4a
SSDEEP

24576:OgHegbrDjgbqVBHwyd906ZWwRbmD/H/kmgiIBYGs5oZvk:Je2OH/kFiIBeo

Score

1^/10

Malware Config

Signatures

Files

AudioSes.dll
.dll regsvr32 windows:10 windows x86 arch:x86

50e5a78861027dc2e9497481ebd1472e

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:f8:cb:3d:68:21:9e:50:44:04:e5:9b:b6:52:b7:86:1e:11:89:62:a2:17:6e:ee:b1:31:78:15:da:10:c5:44
Signer

Actual PE Digest

cc:f8:cb:3d:68:21:9e:50:44:04:e5:9b:b6:52:b7:86:1e:11:89:62:a2:17:6e:ee:b1:31:78:15:da:10:c5:44

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_lock
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_unlock

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__std_type_info_compare
wcschr
_except_handler4_common
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

rpcrt4

CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
CStdStubBuffer_Disconnect
I_RpcExceptionFilter
CStdStubBuffer_DebugServerQueryInterface
NdrDllUnregisterProxy
RpcSmDestroyClientContext
NdrDllRegisterProxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
RpcBindingFree
RpcStringFreeW
NdrOleAllocate
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
NdrOleFree
RpcStringBindingComposeW
NdrDllCanUnloadNow
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
RpcBindingFromStringBindingW
NdrClientCall4
CStdStubBuffer_CountRefs

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient16
ObjectStublessClient10
ObjectStublessClient12
ObjectStublessClient21
ObjectStublessClient4
ObjectStublessClient17
ObjectStublessClient14
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient19
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7
ObjectStublessClient11
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient18
ObjectStublessClient15
ObjectStublessClient20

oleaut32

BSTR_UserFree
VariantTimeToSystemTime
SystemTimeToVariantTime
LPSAFEARRAY_UserMarshal
VarUI4FromStr
BSTR_UserUnmarshal
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize
LPSAFEARRAY_UserSize
BSTR_UserMarshal
LPSAFEARRAY_UserFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LockResource
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
DisableThreadLibraryCalls
SizeofResource
FindResourceExW
FreeLibraryAndExitThread
GetModuleFileNameA
FreeLibrary
LoadResource
LoadLibraryExW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
SetThreadLocale

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceExecuteOnce
InitOnceInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
WaitForMultipleObjectsEx
CreateMutexExW
ReleaseSemaphore
CreateEventW
EnterCriticalSection
WaitForSingleObject
CreateWaitableTimerExW
CreateSemaphoreExW
ResetEvent
OpenEventW
InitializeCriticalSectionEx
CreateEventExW
InitializeCriticalSectionAndSpinCount
SetEvent
DeleteCriticalSection
ReleaseSRWLockShared
LeaveCriticalSection
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
SetWaitableTimer
AcquireSRWLockExclusive
InitializeSRWLock
CancelWaitableTimer
TryEnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsCreateString
WindowsDuplicateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull

api-ms-win-core-com-l1-1-0

StringFromGUID2
PropVariantClear
StringFromCLSID
CLSIDFromString
CoTaskMemAlloc
CoInitializeEx
CoGetApartmentType
CoUninitialize
CoTaskMemRealloc
CoSetProxyBlanket
CoCreateInstance
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoCreateGuid
PropVariantCopy

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
TraceEvent
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-string-l2-1-0

IsCharAlphaW
CharNextW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
CreateThreadpool
CloseThreadpoolTimer
SetThreadpoolTimer
SetThreadpoolThreadMaximum
CloseThreadpool
SetThreadpoolThreadMinimum
CloseThreadpoolWork
CloseThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork
TrySubmitThreadpoolCallback
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

mmdevapi

ord10
ord5
ord30
ord4
ord11
ord29

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
VirtualUnlock
PrefetchVirtualMemory
GetProcessWorkingSetSizeEx
VirtualLock

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlEqualWnfChangeStamps
ShipAssert
RtlQueryPackageClaims
RtlCreateMemoryBlockLookaside
RtlDestroyMemoryZone
RtlAllocateMemoryBlockLookaside
RtlAllocateMemoryZone
RtlUnlockMemoryZone
NtQueryInformationThread
NtAlpcConnectPort
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
NtSetInformationThread
NtQueryInformationProcess
RtlNtStatusToDosError

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50e5a78861027dc2e9497481ebd1472e

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

cc:f8:cb:3d:68:21:9e:50:44:04:e5:9b:b6:52:b7:86:1e:11:89:62:a2:17:6e:ee:b1:31:78:15:da:10:c5:44Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

mmdevapi

api-ms-win-power-base-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-devices-config-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-mm-time-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-service-private-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

RT_CODE Size: 512B - Virtual size: 136B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

cc:f8:cb:3d:68:21:9e:50:44:04:e5:9b:b6:52:b7:86:1e:11:89:62:a2:17:6e:ee:b1:31:78:15:da:10:c5:44
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

RT_CODE
Size: 512B - Virtual size: 136B

RT_BSS
Size: - Virtual size: 40B

.data
Size: 4KB - Virtual size: 6KB

.idata
Size: 14KB - Virtual size: 13KB

.didat
Size: 512B - Virtual size: 108B

RT_CONST
Size: 1024B - Virtual size: 912B

RT_DATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 62KB - Virtual size: 61KB