AudioSes[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

AudioSes.dll
Size

1.0MB
MD5

1beb9415c297af1026389b22c906a41d
SHA1

e3bb92a30d24c17c68687d7c169f9d113acb722c
SHA256

e6d9e735abe1164245e7aec9d0819e7422eeafb4e6e783bee70c06291c190ec7
SHA512

f8ec18441a7a896cc43ab1c2141d7c6794c4b7dc654e17d3c8815202d70392abe43ec328786da811afa2e402cb5f3166fc70d9cb7e6d6eaa1de40c77bed8496a
SSDEEP

24576:FAdWAsiQiq+0G/uErP+BPhsp+39ZQfZnNl/KuV1axzCnfkTfa4Jy:udlsid0uuErPghD9ZQfZnNl/KuVeCnf9

Score

1^/10

Malware Config

Signatures

Files

AudioSes.dll
.dll regsvr32 windows:10 windows x86 arch:x86

2c06cccb64db8cef07d692d64e86df02

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-07-2018 20:45

Not After

26-07-2019 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:d4:b7:7d:13:35:54:db:65:6e:2e:5e:7a:8a:77:fa:85:64:d1:67:49:85:85:4a:c0:0a:51:1e:ba:6c:e5:aa
Signer

Actual PE Digest

53:d4:b7:7d:13:35:54:db:65:6e:2e:5e:7a:8a:77:fa:85:64:d1:67:49:85:85:4a:c0:0a:51:1e:ba:6c:e5:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

audioses.pdb

Imports

msvcp_win

_Mtx_unlock
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

memmove_s
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o__initialize_narrow_environment
_o_calloc
_o_ceil
_o_floor
_o_free
_o_log2
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
wcschr
_except_handler4_common
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__initialize_onexit_table
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

rpcrt4

CStdStubBuffer_Invoke
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
I_RpcExceptionFilter
RpcSmDestroyClientContext
I_RpcMapWin32Status
NdrDllUnregisterProxy
CStdStubBuffer_Connect
NdrOleFree
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllRegisterProxy
CStdStubBuffer_Disconnect
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
NdrClientCall4
CStdStubBuffer_CountRefs
NdrDllGetClassObject
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
NdrOleAllocate

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient14
ObjectStublessClient11
ObjectStublessClient4
ObjectStublessClient18
ObjectStublessClient3
ObjectStublessClient20
ObjectStublessClient16
ObjectStublessClient15
ObjectStublessClient10
ObjectStublessClient12
ObjectStublessClient17
ObjectStublessClient21
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
ObjectStublessClient5
ObjectStublessClient19
ObjectStublessClient22
ObjectStublessClient13

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUI4FromStr
LPSAFEARRAY_UserMarshal
BSTR_UserMarshal
BSTR_UserUnmarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserSize

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleW
FindResourceExW
LoadLibraryExW
LoadResource
GetProcAddress
GetModuleFileNameA
SizeofResource
GetModuleFileNameW
LockResource
GetModuleHandleExW

api-ms-win-core-localization-l1-2-0

SetThreadLocale
GetThreadLocale
FormatMessageW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateEventW
CancelWaitableTimer
ResetEvent
SetWaitableTimer
WaitForMultipleObjectsEx
InitializeSRWLock
InitializeCriticalSectionEx
TryEnterCriticalSection
SetEvent
CreateEventExW
OpenEventW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
CreateWaitableTimerExW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
HeapSize

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsGetStringLen

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemAlloc
PropVariantCopy
CoGetApartmentType
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
PropVariantClear
CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
SetThreadPriority
TerminateProcess

api-ms-win-core-string-l2-1-0

CharNextW
IsCharAlphaW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError
RoOriginateErrorW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
CreateThreadpool
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpool
SetThreadpoolTimer
CloseThreadpoolWork
TrySubmitThreadpoolCallback
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

ntdll

RtlNtStatusToDosError
RtlQueryPackageClaims
NtSetInformationThread
NtQueryInformationThread
RtlUnlockMemoryZone
RtlAllocateMemoryZone
RtlAllocateMemoryBlockLookaside
RtlEqualWnfChangeStamps
RtlDestroyMemoryZone
RtlCreateMemoryBlockLookaside
RtlLockMemoryZone
RtlFreeMemoryBlockLookaside
RtlCreateMemoryZone
NtAlpcConnectPort
RtlInitUnicodeStringEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcInitializeMessageAttribute
AlpcGetMessageAttribute
NtAlpcSendWaitReceivePort
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
NtQueryInformationProcess
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
ShipAssert

api-ms-win-power-base-l1-1-0

PowerRegisterSuspendResumeNotification
PowerUnregisterSuspendResumeNotification

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
MapViewOfFileEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

GetFileSize
CreateFileW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-memory-l1-1-1

VirtualUnlock
SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx
VirtualLock
PrefetchVirtualMemory

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-mm-time-l1-1-0

timeBeginPeriod

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-private-l1-1-4

ord2597

mmdevapi

ord5
ord29
ord30
ord11
ord10

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority
AvQuerySystemResponsiveness
AvSetMmThreadCharacteristicsA
AvRevertMmThreadCharacteristics

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 933KB - Virtual size: 932KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1024B - Virtual size: 923B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c06cccb64db8cef07d692d64e86df02

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

53:d4:b7:7d:13:35:54:db:65:6e:2e:5e:7a:8a:77:fa:85:64:d1:67:49:85:85:4a:c0:0a:51:1e:ba:6c:e5:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

ntdll

api-ms-win-power-base-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-devices-config-l1-1-1

api-ms-win-core-io-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-service-private-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-mm-time-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-rtcore-ntuser-private-l1-1-4

mmdevapi

avrt

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

53:d4:b7:7d:13:35:54:db:65:6e:2e:5e:7a:8a:77:fa:85:64:d1:67:49:85:85:4a:c0:0a:51:1e:ba:6c:e5:aa
Signer

.text
Size: 933KB - Virtual size: 932KB

RT_CODE
Size: 1024B - Virtual size: 923B

RT_BSS
Size: - Virtual size: 40B

.data
Size: 3KB - Virtual size: 5KB

.idata
Size: 14KB - Virtual size: 14KB

.didat
Size: 512B - Virtual size: 112B

RT_CONST
Size: 1024B - Virtual size: 944B

RT_DATA
Size: 512B - Virtual size: 160B

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 53KB - Virtual size: 52KB