AudioEng[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AudioEng.dll
Size

1.8MB
MD5

54323e067381ee85baf5670529f007e8
SHA1

f7284b3f83ff2020efa3fe376780e0d87b54283d
SHA256

72ba636b1b327ceb069a3905d7291f8f01fc7a516ed90095a7f7b99d62e43958
SHA512

8200258629199582b2b2876fdbc202c75da64aa97750029046d543680702feb25e86194344e24ac8bf6f2c36fb3d73986af2b3d097b580974df34a9619888af3
SSDEEP

49152:yhgo4s+C3WzRahh9hhDhMLhhQhhyeWBM2Z+8Txt/FZYA+iFnPKpLcgU3MIKus/JU:LsXPhh9hhDhMLhhQhht2DTxtFZYA+iF3

Score

1^/10

Malware Config

Signatures

Files

AudioEng.dll
.dll regsvr32 windows:10 windows x86 arch:x86

2beb1141d8d4fd3ff663de538335a124

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:85:b3:c9:74:48:d9:77:fa:48:49:42:7c:a8:7a:46:c2:60:79:6f:35:1f:e7:b9:bb:60:a6:f3:7f:29:06:00
Signer

Actual PE Digest

13:85:b3:c9:74:48:d9:77:fa:48:49:42:7c:a8:7a:46:c2:60:79:6f:35:1f:e7:b9:bb:60:a6:f3:7f:29:06:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoDisconnectObject
StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoCreateGuid
PropVariantClear
StringFromIID
IIDFromString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
SetWaitableTimer
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
ReleaseSRWLockExclusive
WaitForMultipleObjectsEx
CancelWaitableTimer
InitializeCriticalSectionEx
OpenSemaphoreW
AcquireSRWLockExclusive
CreateWaitableTimerExW
CreateEventExW
CreateMutexExW
ResetEvent
ReleaseMutex
SetEvent
CreateEventA
EnterCriticalSection
InitializeSRWLock
WaitForSingleObjectEx
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TlsGetValue
TlsSetValue
CreateThread
SetThreadPriority
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
GetModuleHandleExW
LockResource
SizeofResource
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegDeleteValueW
RegCreateKeyExA
RegQueryValueExA

ntdll

NtClose
RtlLockCurrentThread
RtlAllocateMemoryBlockLookaside
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlNtStatusToDosError
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlReportException
RtlLockModuleSection
RtlUnlockModuleSection
RtlLockMemoryBlockLookaside
NtSetTimerResolution
RtlUnlockCurrentThread
RtlFreeMemoryBlockLookaside
EtwLogTraceEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceEvent

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall4
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
WakeByAddressAll
InitOnceBeginInitialize
WaitOnAddress
InitOnceInitialize
InitOnceExecuteOnce

propsys

PropVariantToString
PropVariantGetElementCount
PropVariantToBuffer

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-crt-string-l1-1-0

memmove_s
strnlen
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__CItan
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_atoi
_o_calloc
_o_ceil
_o_fclose
_o_fgets
_o_floor
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
__current_exception
__current_exception_context
_except_handler4_common
_o__aligned_malloc
_o__aligned_free
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o___stdio_common_vswscanf
_o__CIlog
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__CIfmod
_o___stdio_common_vsscanf
_o__CIexp
_o__CIcos
_o___stdio_common_vsprintf_s
_o__configure_narrow_argv
_o__CIatan2
_o__CIasin
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__CIacos
_CxxThrowException
_o__cexit
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
_o__crt_atexit
memcpy
memcmp
memmove

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CloseThreadpoolWait
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
GetFileSize
CreateFileA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-com-l1-1-3

CoRegisterDeviceCatalog
CoRevokeDeviceCatalog

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvRevertMmThreadCharacteristics
AvTaskIndexYield
AvTaskIndexYieldCancel
AvThreadOpenTaskIndex
AvQuerySystemResponsiveness
AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
AvSetMultimediaMode

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2beb1141d8d4fd3ff663de538335a124

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

13:85:b3:c9:74:48:d9:77:fa:48:49:42:7c:a8:7a:46:c2:60:79:6f:35:1f:e7:b9:bb:60:a6:f3:7f:29:06:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

ntdll

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

propsys

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-1

api-ms-win-core-com-l1-1-3

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

avrt

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

RT_CODE Size: 14KB - Virtual size: 13KB

RT_BSS Size: - Virtual size: 40B

.data Size: 16KB - Virtual size: 40KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 144B

RT_CONST Size: 4KB - Virtual size: 4KB

RT_DATA Size: 8KB - Virtual size: 7KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 49KB - Virtual size: 48KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

13:85:b3:c9:74:48:d9:77:fa:48:49:42:7c:a8:7a:46:c2:60:79:6f:35:1f:e7:b9:bb:60:a6:f3:7f:29:06:00
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

RT_CODE
Size: 14KB - Virtual size: 13KB

RT_BSS
Size: - Virtual size: 40B

.data
Size: 16KB - Virtual size: 40KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 144B

RT_CONST
Size: 4KB - Virtual size: 4KB

RT_DATA
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 49KB - Virtual size: 48KB