SndVolSSO[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

SndVolSSO.dll
Size

209KB
MD5

b4811c81a7b93442ecea31182309d6bc
SHA1

ae809026b87999af5f4d33f59c155fec81aa5f7d
SHA256

8c5c5430fb12f0eb98c2a9bce5c29f8daa451c182dbf367ff2e0617a54f5c7a7
SHA512

2270660b179d9c42674e0d4baa90c6417e16f3d0a9777011b8c04e801dbaea6147c5690e765c6c9874c1b1865efe5e975935dd75c98f86c49090fe67dfe1b697
SSDEEP

1536:0qHc6hvUaT4cIp0EpR0ru6vP++mkWuldU1BFmCg/yI32FicZOnqWFWqWeXo/V9M:0q8KycE0BvFmkWquJuyI3byOnqV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SndVolSSO.dll

Files

SndVolSSO.dll
.dll windows:6 windows x86 arch:x86

bad3a40618cf95d730863f8801c3f503

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SndVolSSO.pdb

Imports

msvcrt

_ftol2
_CxxThrowException
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
malloc
memset
free
_wcsicmp
memmove_s
swprintf_s
_resetstkoflw
_purecall
??2@YAPAXI@Z
rand
srand
_vsnwprintf
memcpy_s
vswprintf_s
_vscwprintf
__CxxFrameHandler3
memcmp

ntdll

EtwEventWrite
RtlEqualWnfChangeStamps
RtlSubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwEventUnregister
EtwEventRegister
EtwTraceMessage

rpcrt4

RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
RpcBindingFromStringBindingW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

CreateMutexW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-2-1

GetTickCount64
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
IsProcessorFeaturePresent
CreateProcessW
OpenProcessToken
TerminateProcess
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadStringW
FindResourceExW
LockResource
LoadResource

api-ms-win-core-com-l1-1-1

CoTaskMemFree
PropVariantClear
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapSize
HeapDestroy
GetProcessHeap
HeapReAlloc
HeapFree

api-ms-win-core-memory-l1-1-2

VirtualAlloc
VirtualFree

api-ms-win-core-interlocked-l1-2-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

user32

DispatchMessageW
UnregisterClassA
PrivateExtractIconsW
LoadIconW
LoadImageW
CreateWindowExW
DestroyWindow
LoadCursorW
GetClassInfoExW
RegisterClassExW
DestroyIcon
TranslateMessage
GetRawInputData
IsWindow
GetRawInputDeviceInfoW
CallWindowProcW
SetWindowLongW
DefWindowProcW
KillTimer
SetTimer
TrackPopupMenuEx
SetMenuItemInfoW
GetSubMenu
LoadMenuW
GetWindowLongW
RegisterRawInputDevices
SendMessageW
BringWindowToTop
PostMessageW
GetRawInputDeviceList
SetForegroundWindow
FindWindowW
GetMessageW

comctl32

ord380
ord381

ole32

CoInitialize

hid

HidP_GetUsages

dui70

?_ZeroRelease@Value@DirectUI@@AAEXXZ
?ContentAlignProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?CreateInt@Value@DirectUI@@SGPAV12@HW4DynamicScaleValue@@@Z
?CreateString@Value@DirectUI@@SGPAV12@PBGPAUHINSTANCE__@@@Z
?Create@RichText@DirectUI@@SGJPAVElement@2@PAKPAPAV32@@Z
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ

kernel32

LocalFree
GetUserPreferredUILanguages
GetLocaleInfoEx
LoadLibraryExW
FreeLibrary
ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-2-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bad3a40618cf95d730863f8801c3f503

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-2-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-debug-l1-1-1

user32

comctl32

ole32

hid

dui70

kernel32

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-2-0

api-ms-win-service-management-l2-1-0

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 49KB

.data Size: 3KB - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 49KB

.data
Size: 3KB - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 3KB - Virtual size: 3KB