AUDIOKSE[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

AUDIOKSE.dll
Size

376KB
MD5

a22096682d24604e1412888eea13d074
SHA1

77cffcd097a650c54a30c5c33b74c5122f5756b0
SHA256

7a5ad1184fa880297382e3330536acdc101328af258342607d6b67d9b39e9288
SHA512

75a06709bda0410c90865f462e90457528c2781cb14f45b0d329486fe9e6534c72d623edcd14732f09cfba4d1a5146013c40a294c4b1eae5b9c4f10258bbef84
SSDEEP

6144:+v8w9uL4yyilClh1n5KvW1JQpbeWLYVBpg76Ik1njSuTYw:w8w9Eyi0lTxjQpbeZpg776SgYw

Score

1^/10

Malware Config

Signatures

Files

AUDIOKSE.dll
.dll regsvr32 windows:10 windows x86 arch:x86

b3e365e7087885a567bb024e296f8b6a

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:07:f4:ef:49:e3:ec:fd:86:e2:27:e1:6c:62:48:93:c4:af:58:d8:fd:2e:91:af:6f:2f:87:2c:49:44:45:fd
Signer

Actual PE Digest

ae:07:f4:ef:49:e3:ec:fd:86:e2:27:e1:6c:62:48:93:c4:af:58:d8:fd:2e:91:af:6f:2f:87:2c:49:44:45:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AUDIOKSE.pdb

Imports

msvcrt

?terminate@@YAXXZ
_purecall
wcscat_s
malloc
wcsstr
wcscpy_s
_wcslwr
_initterm
_amsg_exit
_XcptFilter
_CIlog10
_CIpow
_CxxThrowException
__CxxFrameHandler3
_ftol2
_ftol2_sse
_resetstkoflw
memcmp
free
memcpy
realloc
_errno
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
wcsncpy_s
_vsnprintf_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy_s
_vsnwprintf
wcsnlen
strnlen
fclose
fseek
tolower
_strnicmp
strncmp
_wfopen
feof
fread
_wtol
wcsrchr
_lock
memset

ntdll

NtCreateFile
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside
RtlLockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
NtQueryInformationProcess
RtlAllocateMemoryBlockLookaside
ShipAssert
RtlGetPersistedStateLocation

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
FreeLibrary
LoadLibraryExW
SizeofResource
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
LoadResource
GetModuleFileNameW
FindResourceExW

api-ms-win-core-synch-l1-1-0

CancelWaitableTimer
LeaveCriticalSection
CreateEventA
WaitForMultipleObjectsEx
CreateEventW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateEventExW
CreateMutexExW
CreateWaitableTimerExW
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
SetEvent
SetWaitableTimer
CreateSemaphoreExW
ReleaseSemaphore
ResetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
SetThreadPriority
GetCurrentProcess
CreateThread
TerminateProcess

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
TraceEvent

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoGetMalloc
StringFromGUID2

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerBuffW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceInitialize

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetVersionExW
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-file-l1-1-0

CreateFileW
GetDiskFreeSpaceW
GetFileSize

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW

mmdevapi

ord5

avrt

AvQuerySystemResponsiveness
AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
AvRevertMmThreadCharacteristics

api-ms-win-core-psapi-l1-1-0

K32GetDeviceDriverFileNameW
K32GetDeviceDriverBaseNameW
K32EnumDeviceDrivers

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevCloseObjectQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 339B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3e365e7087885a567bb024e296f8b6a

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ae:07:f4:ef:49:e3:ec:fd:86:e2:27:e1:6c:62:48:93:c4:af:58:d8:fd:2e:91:af:6f:2f:87:2c:49:44:45:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-memory-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

mmdevapi

avrt

api-ms-win-core-psapi-l1-1-0

api-ms-win-devices-query-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 332KB

RT_CODE Size: 512B - Virtual size: 339B

RT_BSS Size: - Virtual size: 40B

.data Size: 4KB - Virtual size: 10KB

.idata Size: 8KB - Virtual size: 7KB

.didat Size: 512B - Virtual size: 88B

RT_CONST Size: 2KB - Virtual size: 2KB

RT_DATA Size: 512B - Virtual size: 80B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 13KB - Virtual size: 13KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ae:07:f4:ef:49:e3:ec:fd:86:e2:27:e1:6c:62:48:93:c4:af:58:d8:fd:2e:91:af:6f:2f:87:2c:49:44:45:fd
Signer

.text
Size: 332KB - Virtual size: 332KB

RT_CODE
Size: 512B - Virtual size: 339B

RT_BSS
Size: - Virtual size: 40B

.data
Size: 4KB - Virtual size: 10KB

.idata
Size: 8KB - Virtual size: 7KB

.didat
Size: 512B - Virtual size: 88B

RT_CONST
Size: 2KB - Virtual size: 2KB

RT_DATA
Size: 512B - Virtual size: 80B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 13KB - Virtual size: 13KB