AudioSes[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AudioSes.dll
Size

362KB
MD5

320585463807baeecec22e324794e070
SHA1

c1b683028cacc581fe6fc563bdbb9063b53de644
SHA256

78e95dbe2b61e962d74ce7395c0d30750d1f2d94d1da11d43fdd80ed684bfb33
SHA512

21e0e1c961c80393a10d2fd4cfe71cd59b3d3c4718aa54ed555b3a7054e5e267288da8465afcea50b763e51b914f877f08c96459bda376ee26b60e3bd89d5df6
SSDEEP

6144:6qfSM5Sfp9ZSrngvrzYXn+wgrvGjpCZTBSfC02pg+zWv13QLI0Uc:6qfSpxDZ4uwtCiF2pg+aCI03

Score

1^/10

Malware Config

Signatures

Files

AudioSes.dll
.dll regsvr32 windows:6 windows x86 arch:x86

c4e115098edba8dbd8599c50adfef62c

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:32:8c:4d:9e:90:b8:83:01:a4:7f:c4:48:2a:06:50:77:70:00:15:96:3c:5d:8a:da:37:a7:88:48:eb:d4:f3
Signer

Actual PE Digest

10:32:8c:4d:9e:90:b8:83:01:a4:7f:c4:48:2a:06:50:77:70:00:15:96:3c:5d:8a:da:37:a7:88:48:eb:d4:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AudioSes.pdb

Imports

msvcrt

memset
_wsplitpath_s
wcschr
_XcptFilter
_wcsnicmp
_vsnwprintf
_amsg_exit
_initterm
calloc
ceil
_localtime64_s
_time64
_wcsicmp
_resetstkoflw
_lock
_unlock
memmove_s
__dllonexit
_onexit
_errno
_purecall
realloc
wcscpy_s
??1type_info@@UAE@XZ
wcscat_s
__CxxFrameHandler3
_except_handler4_common
memcpy_s
malloc
free
memcmp
_ftol2
_CxxThrowException
_CIpow
wcsncpy_s
floor
memcpy

ntdll

AlpcInitializeMessageAttribute
RtlInitUnicodeStringEx
NtAlpcConnectPort
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
NtQueryInformationToken
RtlDestroyMemoryZone
RtlDestroyMemoryBlockLookaside
RtlUnlockMemoryZone
RtlAllocateMemoryBlockLookaside
RtlCreateMemoryZone
RtlAllocateMemoryZone
RtlLockMemoryZone
RtlCreateMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
ShipAssert
NtSetInformationThread
NtQueryInformationThread
NtQueryInformationProcess
RtlNtStatusToDosError

rpcrt4

RpcSmDestroyClientContext
RpcBindingFromStringBindingW
NdrClientCall2
CStdStubBuffer_Connect
RpcStringBindingComposeW
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy
NdrCStdStubBuffer_Release
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
RpcBindingFree
I_RpcExceptionFilter
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrOleFree
NdrDllRegisterProxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
NdrDllUnregisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcStringFreeW

oleaut32

VarUI4FromStr
BSTR_UserFree
BSTR_UserUnmarshal
LPSAFEARRAY_UserSize
BSTR_UserMarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserSize
VariantTimeToSystemTime
SystemTimeToVariantTime

api-ms-win-core-com-l1-1-1

CoUninitialize
CoTaskMemRealloc
StringFromGUID2
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoCreateInstance
PropVariantClear

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LockResource
SizeofResource
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
FindResourceExW
GetModuleHandleW
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSize
HeapDestroy
HeapReAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroup
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegGetValueW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

SetEvent
InitOnceBeginInitialize
Sleep
CreateEventExW
InitializeCriticalSection
DeleteCriticalSection
CreateWaitableTimerExW
LeaveCriticalSection
EnterCriticalSection
SetWaitableTimer
OpenEventW
InitOnceExecuteOnce
CreateEventW
WaitForSingleObject
ResetEvent
InitOnceInitialize

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-1

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-localization-l1-2-1

SetThreadLocale
GetThreadLocale

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-2

GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentThreadId

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-memory-l1-1-2

MapViewOfFileEx
PrefetchVirtualMemory
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
GetProcessWorkingSetSizeEx
VirtualUnlock
SetProcessWorkingSetSizeEx
VirtualLock
CreateFileMappingW

api-ms-win-core-file-l1-2-1

GetFileSize

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-kernel32-legacy-l1-1-1

WaitForMultipleObjects
FindResourceW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

mmdevapi

ord11
ord10

combase

ord17
ord8
ord4
ord2
ord9
ord5
ord16
ord13
ord6
ord12
ord11
ord10
ord3
ord23
ord7
ord14
ord20
ord21
ord19
ord18
ord22
ord15

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1024B - Virtual size: 971B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4e115098edba8dbd8599c50adfef62c

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

10:32:8c:4d:9e:90:b8:83:01:a4:7f:c4:48:2a:06:50:77:70:00:15:96:3c:5d:8a:da:37:a7:88:48:eb:d4:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

oleaut32

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-string-l2-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-power-base-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-file-l1-2-1

api-ms-win-core-realtime-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

mmdevapi

combase

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 280KB - Virtual size: 280KB

.orpc Size: 1KB - Virtual size: 1KB

RT_CODE Size: 1024B - Virtual size: 971B

RT_BSS Size: - Virtual size: 40B

.data Size: 2KB - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 12B

RT_CONST Size: 512B - Virtual size: 460B

RT_DATA Size: 512B - Virtual size: 160B

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 19KB - Virtual size: 19KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

10:32:8c:4d:9e:90:b8:83:01:a4:7f:c4:48:2a:06:50:77:70:00:15:96:3c:5d:8a:da:37:a7:88:48:eb:d4:f3
Signer

.text
Size: 280KB - Virtual size: 280KB

.orpc
Size: 1KB - Virtual size: 1KB

RT_CODE
Size: 1024B - Virtual size: 971B

RT_BSS
Size: - Virtual size: 40B

.data
Size: 2KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 12B

RT_CONST
Size: 512B - Virtual size: 460B

RT_DATA
Size: 512B - Virtual size: 160B

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 19KB - Virtual size: 19KB