dsound[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dsound.dll
Size

481KB
MD5

abd7791a43b6c56891bfc5d4ee0063d2
SHA1

2c085b1fa1a501c3483b88eaed6534c2f8bebe7e
SHA256

4487bff47300f4572ba108ec64b41ad4df14c30fb272bc2c04e1e2ee06ad8c13
SHA512

7f6d1c7df024be81bf4fcfaee10ddbaa34d7f0a827cf580b24389cbb6bbb57d6b00b17d0eb70f3833e573b152de719723e6303f05147733016c947f47446844d
SSDEEP

12288:d15s2/azNQ8zT9ERr3fMyjYTThZ4pQm9FzQVSL:n/2C8zpO37jYTThW60FuSL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dsound.dll

Files

dsound.dll
.dll windows:10 windows x86 arch:x86

8d8e67774dc2539a39b35bd70e899493

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsound.pdb

Imports

msvcrt

_vsnwprintf
_XcptFilter
malloc
free
_controlfp
_initterm
__CxxFrameHandler3
_vsnprintf
_lock
_unlock
_onexit
_except_handler4_common
memmove
_amsg_exit
_aligned_free
_aligned_malloc
_isnan
memcpy_s
__dllonexit
_CIatan2
_CIcos
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsqrt
_CItan
_ftol2
_ftol2_sse
ceil
floor
memcmp
memcpy
memset

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile
SetFilePointer
GetFullPathNameW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadStringW
GetModuleHandleW
LoadLibraryExA
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-string-l2-1-0

CharUpperW

api-ms-win-core-heap-l1-1-0

HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
HeapCreate

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetProcessTimes
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
SwitchToThread
CreateThread
SetThreadPriority
GetCurrentThread
TerminateProcess

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-registry-l2-1-0

RegCreateKeyA
RegCreateKeyW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateMutexW
ResetEvent
WaitForSingleObjectEx
WaitForSingleObject
EnterCriticalSection
OpenSemaphoreW
SetEvent
InitializeCriticalSection
CreateMutexExW
CreateEventW
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
LeaveCriticalSection

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-power-setting-l1-1-0

PowerReadACValue
PowerReadDCValue
PowerGetActiveScheme

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod
timeGetTime

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
PropVariantClear
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc

api-ms-win-core-processthreads-l1-1-1

GetThreadTimes
OpenProcess

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-mm-mme-l1-1-0

waveInGetDevCapsW
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DllCanUnloadNow
DllGetClassObject
GetDeviceID

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d8e67774dc2539a39b35bd70e899493

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-mm-time-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-mm-mme-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 453KB - Virtual size: 453KB

RT_CODE Size: 512B - Virtual size: 153B

.data Size: 512B - Virtual size: 6KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 24B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 453KB - Virtual size: 453KB

RT_CODE
Size: 512B - Virtual size: 153B

.data
Size: 512B - Virtual size: 6KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 17KB - Virtual size: 16KB