AudioEng[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AudioEng.dll
Size

1.8MB
MD5

768fe8cd7c07c75b4b7a9b1531ae54c3
SHA1

13a6ad7a1b1439bccbebe9cd9f626d8f8bff1a0f
SHA256

2a2db98e4eaa17182b1a8adefc593cfe82203a6d8fa981ee828b94d3286c4b35
SHA512

bb40fa26da0a1d9d82b1f55510d04a3a2ca89d51324102631848afdb575921dcff4275ca9a8c77caa8a07dd53a043f75362e36ed3e3193822d0813771902f538
SSDEEP

49152:p6X+C0JJWAeRchh9hhDhMLhhBhhGBbep2Z+8TzhrD26njW0JOMNw46I7mB+:cXX6hh9hhDhMLhhBhhl2DTz1D26njW0r

Score

1^/10

Malware Config

Signatures

Files

AudioEng.dll
.dll regsvr32 windows:10 windows x86 arch:x86

ea7ca965c870ce254d8322810d86930c

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:91:43:e5:5a:4e:a2:d6:6a:3e:1d:9e:09:af:b2:d4:f0:ca:67:73:e1:0c:f9:d4:80:0a:3b:27:15:bf:d4:1d
Signer

Actual PE Digest

1d:91:43:e5:5a:4e:a2:d6:6a:3e:1d:9e:09:af:b2:d4:f0:ca:67:73:e1:0c:f9:d4:80:0a:3b:27:15:bf:d4:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl
EventSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
GetProcessHeap

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoCreateGuid
PropVariantClear
IIDFromString
StringFromIID

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetThreadLocale
FormatMessageW
SetThreadLocale

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

SetWaitableTimer
WaitForMultipleObjectsEx
DeleteCriticalSection
CreateWaitableTimerExW
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
AcquireSRWLockShared
ReleaseSemaphore
CreateEventW
ReleaseMutex
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
InitializeSRWLock
LeaveCriticalSection
ResetEvent
SetEvent
AcquireSRWLockExclusive
CreateEventA
CreateMutexExW
CreateSemaphoreExW
CancelWaitableTimer

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleFileNameA
LoadResource
LockResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TlsSetValue
SetThreadPriority
CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsGetValue
GetCurrentThreadId

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegCreateKeyExA
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExA
RegDeleteKeyExW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW

ntdll

NtClose
RtlLockCurrentThread
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
EtwLogTraceEvent
RtlAllocateMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlReportException
RtlLockModuleSection
RtlUnlockModuleSection
NtSetTimerResolution
RtlLockMemoryBlockLookaside
RtlUnlockCurrentThread
RtlNtStatusToDosError
RtlFreeMemoryBlockLookaside

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

rpcrt4

RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingFree
NdrClientCall4

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceInitialize
InitOnceBeginInitialize
InitOnceComplete

propsys

PropVariantToString
PropVariantToBuffer
PropVariantGetElementCount

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-crt-string-l1-1-0

memmove_s
strnlen
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__except1
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__aligned_malloc
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_atoi
_o_calloc
_o_ceil
_o_fclose
_o_fgets
_o_floor
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
_except_handler4_common
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o__CItan
_o__CIsqrt
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o__CIsin
_o__CIpow
_o__CIlog10
_o__CIlog
_o__CIfmod
_o__CIexp
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o__CIcos
_o__CIatan2
_o__CIasin
_o__CIacos
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf_s
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__configure_narrow_argv
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
memmove

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolWait
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference
WindowsDuplicateString
WindowsConcatString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueue
DeleteTimerQueueEx
CreateTimerQueueTimer

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
ReadFile
CreateFileA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvSetMmThreadPriority
AvTaskIndexYield
AvTaskIndexYieldCancel
AvThreadOpenTaskIndex
AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA
AvSetMultimediaMode
AvQuerySystemResponsiveness

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea7ca965c870ce254d8322810d86930c

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

1d:91:43:e5:5a:4e:a2:d6:6a:3e:1d:9e:09:af:b2:d4:f0:ca:67:73:e1:0c:f9:d4:80:0a:3b:27:15:bf:d4:1dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

ntdll

api-ms-win-core-profile-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

propsys

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-memory-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

avrt

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

RT_CODE Size: 16KB - Virtual size: 15KB

RT_BSS Size: - Virtual size: 40B

.data Size: 16KB - Virtual size: 40KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 128B

RT_DATA Size: 8KB - Virtual size: 7KB

RT_CONST Size: 5KB - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 51KB - Virtual size: 51KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1d:91:43:e5:5a:4e:a2:d6:6a:3e:1d:9e:09:af:b2:d4:f0:ca:67:73:e1:0c:f9:d4:80:0a:3b:27:15:bf:d4:1d
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

RT_CODE
Size: 16KB - Virtual size: 15KB

RT_BSS
Size: - Virtual size: 40B

.data
Size: 16KB - Virtual size: 40KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 128B

RT_DATA
Size: 8KB - Virtual size: 7KB

RT_CONST
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 51KB - Virtual size: 51KB