AudioSes[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AudioSes.dll
Size

190KB
MD5

21da17e695cbf9c9022ae357ded4ad0e
SHA1

6d92d1f9152ff0034893c3859187a7d3ffeb2533
SHA256

d72607dabce6a0c8e7f19013e572547a28f707b3697e9997cb9b7cd071d5c9fb
SHA512

f1c0f7b7b30313bf820fa6b853ad81b11d558de035194eba6efe2bc2e641ccdbb089b8dc3ef93fe413f17dd5bed9163fb7412b0a2e783129fc0c9171a5f76448
SSDEEP

3072:+aS1BxpMrEYhFoDCez1tgoL1FaduPO6elMtCC1cB:dOKf/ez1tNRFuuPBeOL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AudioSes.dll

Files

AudioSes.dll
.dll regsvr32 windows:6 windows x86 arch:x86

ce18c8582bcfe2f6007df7eea44ecfd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AudioSes.pdb

Imports

msvcrt

realloc
_except_handler4_common
??1type_info@@UAE@XZ
_amsg_exit
_initterm
_XcptFilter
_vsnwprintf
_time64
_errno
ceil
_localtime64_s
calloc
_ftol2
_resetstkoflw
_wcsicmp
malloc
memmove_s
memset
__CxxFrameHandler3
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
__dllonexit
_lock
_onexit
floor
_unlock
memcpy_s
free
memcpy

ntdll

RtlLockMemoryZone
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
NtQueryInformationProcess
ShipAssert
RtlNtStatusToDosError
RtlCreateMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlAllocateMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
RtlDestroyMemoryZone
RtlAllocateMemoryZone
RtlUnlockMemoryZone
NtAlpcConnectPort
RtlInitUnicodeStringEx
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
RtlSetLastWin32ErrorAndNtStatusFromNtStatus

kernel32

CloseHandle
InterlockedCompareExchange64
GetThreadLocale
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedCompareExchange
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
VirtualUnlock
VirtualLock
SetProcessWorkingSetSize
WerRegisterMemoryBlock
LocalFree
InterlockedExchange
SetThreadLocale
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
UnmapViewOfFile
GetCurrentProcess
OpenFileMappingW
OpenEventW
TrySubmitThreadpoolCallback
FindResourceExW
LockResource
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
QueryPerformanceFrequency
DisableThreadLibraryCalls
GetModuleFileNameW
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
InterlockedIncrement
InterlockedDecrement
CreateThreadpoolCleanupGroup
InitOnceExecuteOnce
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpW

advapi32

RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceEvent
EventWrite
RegGetValueW
RegDeleteValueW
EventUnregister
EventRegister
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemAlloc

oleaut32

LoadTypeLi
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysStringLen
SysFreeString
SysAllocString
LPSAFEARRAY_UserFree
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime

user32

CharNextW
UnregisterClassA

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
I_RpcExceptionFilter
RpcSmDestroyClientContext
NdrClientCall2
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate

mmdevapi

ord10
ord11

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce18c8582bcfe2f6007df7eea44ecfd7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

ole32

oleaut32

user32

rpcrt4

mmdevapi

Exports

Exports

Sections

.text Size: 153KB - Virtual size: 152KB

.orpc Size: 2KB - Virtual size: 1KB

RT_CODE Size: 11KB - Virtual size: 10KB

RT_BSS Size: - Virtual size: 40B

.data Size: 3KB - Virtual size: 2KB

RT_DATA Size: 512B - Virtual size: 188B

RT_CONST Size: 512B - Virtual size: 452B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 153KB - Virtual size: 152KB

.orpc
Size: 2KB - Virtual size: 1KB

RT_CODE
Size: 11KB - Virtual size: 10KB

RT_BSS
Size: - Virtual size: 40B

.data
Size: 3KB - Virtual size: 2KB

RT_DATA
Size: 512B - Virtual size: 188B

RT_CONST
Size: 512B - Virtual size: 452B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 10KB