DTSAPO3Service[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DTSAPO3Service.exe
Size

218KB
MD5

6fda5b24b2516125d0ec422638462bbd
SHA1

504733bb7c0931e371921141c42b84022ec19b8e
SHA256

3fbf93e7959033e9adc76910e71fa7ccfb3c7f9fc6b669ac27ad78d24044c585
SHA512

74966244bd0d2b817b74770eb870657fd8d2ac6e5fcda85af9d2dcd90bcb3c2b0d498d1867ee27ca58477a57235a7be29a1e1f44848a3d6cf76dd9d608e8cb4a
SSDEEP

6144:WNkNcNEsutNY7SxCUGNoIXnMx15gDLQvyS:2kaNEsutNY7Sxj2XM3sHS

Score

1^/10

Malware Config

Signatures

Files

DTSAPO3Service.exe
.exe windows:6 windows x64 arch:x64

b01b0ccafc1baa4589d0c6e1b4c2e519

Code Sign

03:e0:c8:74:4c:f0:1a:0f:2c:a3:03:e2:94:17:67:1c
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/02/2018, 00:00

Not After

06/01/2021, 12:00

Subject

SERIALNUMBER=2803747,CN=DTS\, Inc.,O=DTS\, Inc.,L=Calabasas,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/06/2019, 18:06

Not After

03/06/2020, 18:06

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7e
Signer

Actual PE Digest

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7e

Digest Algorithm

sha256

PE Digest Matches

true

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7e
Signer

Actual PE Digest

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\XPERI_Git\apo_3x_service_uwp\x64\Release\DtsApo3Service.pdb

Imports

kernel32

CreateEventW
SetEvent
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
GetProcAddress
CreateDirectoryA
GetModuleHandleW
RtlCaptureContext
LocalFree
RtlLookupFunctionEntry
CloseHandle
GetModuleFileNameW
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CreatePipe
TerminateProcess
IsProcessorFeaturePresent
WaitForMultipleObjects
OutputDebugStringA
WaitForThreadpoolTimerCallbacks
IsDebuggerPresent
QueryPerformanceCounter
CreateThreadpoolWork
DeleteCriticalSection
GetCurrentProcessId
SubmitThreadpoolWork
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
Sleep
InitializeCriticalSectionEx
InitializeSListHead
WriteFile
ReadFile
WaitForSingleObject
OutputDebugStringW

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
SysFreeString

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
PropVariantClear
StringFromGUID2
CLSIDFromString

rpcrt4

RpcEpRegisterW
RpcServerInqBindings
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree
NdrServerCall2
NdrServerCallAll
NdrClientCall3
RpcServerUseProtseqEpW
RpcServerListen
RpcServerRegisterIf3

advapi32

EventWriteString
SetSecurityDescriptorDacl
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
RegQueryValueExW
EventUnregister
RegisterServiceCtrlHandlerW
SetServiceStatus
EventRegister
AllocateAndInitializeSid
SetEntriesInAclW
OpenServiceW
ControlService
DeleteService
ChangeServiceConfig2W
OpenSCManagerW
FreeSid
CloseServiceHandle
InitializeSecurityDescriptor
QueryServiceStatus
CreateServiceW

shell32

SHGetFolderPathA

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

dtsaporpcserverwrapper

?IsDisableExtSpkIcon@@YA_NXZ
?GetApoParam@@YAHH@Z
?DispatchSpeakerChangeFromHeadphoneSelectionPanel@@YAXXZ
?CallbackSetUI@@YAXPEAX@Z
?GetDeviceType@@YAHXZ
?ApoStartUp@@YAXXZ
?PowerOnDTS@@YAXXZ
?RestoreApo@@YAXXZ
?GetHeadphoneInfoFromApo@@YAXXZ
?IsApoCtrlValid@@YA_NXZ
?ApoCommand@@YA_NHH@Z
?GetEndPointDeviceState@@YAHXZ
?ExternalSpeaker@@YAXXZ
?InitApoCtrl@@YA_NH@Z
?GetEndPointFormFactor@@YAHXZ
?DispatchSpeakerChange@@YAXH@Z
?GetEndPointChannelConfiguration@@YAHXZ
?GetHeadphoneIdbyName@@YAHPEB_W@Z
?GetEffectSettingForApoEndPoint@@YAHH@Z
?AllowHeadPhoneSelection@@YAXXZ

msvcp140

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
_Mtx_init_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock

shlwapi

StrCmpW

vcruntime140

memset
_CxxThrowException
memmove
memcpy
memcmp
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
strchr
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__p__commode
fseek
fopen
ftell
__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vsprintf
_set_fmode
fopen_s
fclose
fread

api-ms-win-crt-runtime-l1-1-0

_exit
__p___argc
__p___wargv
_invalid_parameter_noinfo_noreturn
_wassert
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_initterm_e
_set_app_type
_seh_filter_exe
_cexit
exit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-string-l1-1-0

strncmp
isalnum
isalpha
_wcsicmp
wcscpy_s
towlower
isspace

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b01b0ccafc1baa4589d0c6e1b4c2e519

Code Sign

03:e0:c8:74:4c:f0:1a:0f:2c:a3:03:e2:94:17:67:1cCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7eSigner

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

ole32

rpcrt4

advapi32

shell32

api-ms-win-security-base-l1-2-2

dtsaporpcserverwrapper

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 15KB - Virtual size: 16KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

03:e0:c8:74:4c:f0:1a:0f:2c:a3:03:e2:94:17:67:1c
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:00:00:00:85:7f:83:dc:2a:6c:a9:79:b8:00:00:00:00:00:85
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7e
Signer

69:92:97:84:a9:f5:d5:db:3f:7e:d5:8e:05:6d:8f:4f:25:86:f6:48:69:bb:83:c2:d3:16:cb:86:c0:ea:d3:7e
Signer

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 15KB - Virtual size: 16KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB