AudioSes[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AudioSes.dll
Size

1.4MB
MD5

8f6aa3932e4d681fa2f59d5956a81818
SHA1

f57860fdf037e5ce92ade741decb99e9a17a3cd8
SHA256

97db1bd1c7682ea9a61e0f5240a6290083d64d2a07df0ca111c7f5e49d0edd27
SHA512

e6067bbeb2c412138c46ac76882bb64a841b6b0ed1adc1add2d5b1cd2c04ec651273cd0b43d7ca7c6344839938ca06f349aa9cbd136c4702f2834e5c57d13b7b
SSDEEP

24576:iSfA2Y7ABBp9igXgyahdSQvnE4ZW+yoVhA/GL2f9WMxD7z3DRQ0qImFmwmpm+mUB:i8EgXXaFM4k+yYL27z3DuImFmwmpm+mm

Score

1^/10

Malware Config

Signatures

Files

AudioSes.dll
.dll regsvr32 windows:10 windows x86 arch:x86

9ff6d7f1aa234b9d60ff79180855d8fb

Code Sign

33:00:00:02:ec:65:79:ad:1e:67:08:90:13:00:00:00:00:02:ec
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:c7:ac:1b:c2:47:b3:23:ee:2f:79:54:48:67:ad:b1:ef:7f:7d:0a:3a:94:09:f6:78:45:73:6b:30:bf:df:ee
Signer

Actual PE Digest

3d:c7:ac:1b:c2:47:b3:23:ee:2f:79:54:48:67:ad:b1:ef:7f:7d:0a:3a:94:09:f6:78:45:73:6b:30:bf:df:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__std_type_info_compare
wcschr
_except_handler4_common
__current_exception
__current_exception_context
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__execute_onexit_table
_o__errno
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__crt_atexit
__std_terminate
__CxxFrameHandler3
_o__configure_narrow_argv
memcmp
memcpy
_CxxThrowException

rpcrt4

NdrOleFree
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrDllRegisterProxy
CStdStubBuffer_IsIIDSupported
I_RpcExceptionFilter
RpcSmDestroyClientContext
NdrDllGetClassObject
CStdStubBuffer_Connect
NdrClientCall4
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
NdrOleAllocate
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
RpcBindingFree
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrDllCanUnloadNow
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFromStringBindingW
NdrCStdStubBuffer_Release

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadResource
FreeLibraryAndExitThread
GetModuleFileNameA
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
LockResource
SizeofResource
LoadLibraryExW
FindResourceExW

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
SetThreadLocale

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

OpenEventW
InitializeSRWLock
CancelWaitableTimer
TryEnterCriticalSection
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventExW
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
CreateEventW
InitializeCriticalSectionEx
SetWaitableTimer
CreateWaitableTimerExW
CreateSemaphoreExW
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
EnterCriticalSection
CreateMutexExW
AcquireSRWLockShared
ResetEvent
DeleteCriticalSection
SetEvent

api-ms-win-core-heap-l1-1-0

HeapSize
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenCurrentUser
RegQueryValueExW
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
CreateThread

api-ms-win-core-string-l2-1-0

CharNextW
IsCharAlphaW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolTimer
CloseThreadpool
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
WaitForThreadpoolWorkCallbacks
TrySubmitThreadpoolCallback
CloseThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MapViewOfFileEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx
PrefetchVirtualMemory
SetProcessWorkingSetSizeEx
VirtualLock
VirtualUnlock

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

ntdll

RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryZone
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryZone
RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlEqualWnfChangeStamps
RtlUnsubscribeWnfNotificationWaitForCompletion
ShipAssert
RtlAllocateMemoryZone
RtlConvertHostPerfCounterToPerfCounter
NtQueryInformationThread
NtSetInformationThread
NtQueryInformationProcess
RtlNtStatusToDosError
NtAlpcConnectPort
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
RtlQueryPackageClaims

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff6d7f1aa234b9d60ff79180855d8fb

Code Sign

33:00:00:02:ec:65:79:ad:1e:67:08:90:13:00:00:00:00:02:ecCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3d:c7:ac:1b:c2:47:b3:23:ee:2f:79:54:48:67:ad:b1:ef:7f:7d:0a:3a:94:09:f6:78:45:73:6b:30:bf:df:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

rpcrt4

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-mm-time-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

RT_CODE Size: 512B - Virtual size: 142B

RT_BSS Size: - Virtual size: 40B

.data Size: 5KB - Virtual size: 7KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 500B

RT_CONST Size: 1024B - Virtual size: 896B

RT_DATA Size: 512B - Virtual size: 32B

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 69KB - Virtual size: 68KB

33:00:00:02:ec:65:79:ad:1e:67:08:90:13:00:00:00:00:02:ec
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3d:c7:ac:1b:c2:47:b3:23:ee:2f:79:54:48:67:ad:b1:ef:7f:7d:0a:3a:94:09:f6:78:45:73:6b:30:bf:df:ee
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

RT_CODE
Size: 512B - Virtual size: 142B

RT_BSS
Size: - Virtual size: 40B

.data
Size: 5KB - Virtual size: 7KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 500B

RT_CONST
Size: 1024B - Virtual size: 896B

RT_DATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 69KB - Virtual size: 68KB