soundux[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

soundux.exe
Size

9.8MB
MD5

cf7661f22a90def0deaa0150410620ca
SHA1

ade6c70f7dfdeb5b68ee61bf828d86534eae8ea6
SHA256

80e38c9e1d20a45e6cb96464e678a83c08e1468d9c2557862cf6a734e43e9d7a
SHA512

06cae0ad7d87bc993af333740a5198293b9bcb31e4f89a34143e5d27bd3292d2313f7ddb55ba573652163668bcba5d717dfbda46b61ec4f1a175787764c7cb9e
SSDEEP

98304:zy+tpjo5L8mnkOzGrxke6HRPbkb8Gkb8/33smoNxYc9m8CjlxKQHhS6cP:+KpM5LNnkOzGrxX6GmWnKNxY6yHM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
soundux.exe

Files

soundux.exe
.exe windows:6 windows x64 arch:x64

c70458acb9cdcff2a90e222127e98d59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

ord12
StrCpyW

kernel32

GetProcAddress
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
RtlCaptureContext
GetStdHandle
GetCommandLineW
IsDebuggerPresent
DebugBreak
OutputDebugStringW
DuplicateHandle
SetUnhandledExceptionFilter
SetLastError
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
FormatMessageA
FormatMessageW
AllocConsole
GetConsoleMode
SetConsoleMode
K32EnumProcessModules
K32GetModuleBaseNameA
K32GetModuleFileNameExA
K32GetModuleInformation
GetModuleFileNameW
SetHandleInformation
CreatePipe
TerminateProcess
GetExitCodeProcess
CreateProcessA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateMutexA
GetFileAttributesW
LoadLibraryW
GetEnvironmentVariableW
SetThreadPriority
CreateThread
WriteConsoleW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetStdHandle
GetFileSizeEx
GetConsoleCP
ResetEvent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
CreateSemaphoreW
Sleep
CreateEventW
CreateEventA
FreeLibrary
GetDateFormatW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
RtlLookupFunctionEntry
GetStringTypeW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
IsProcessorFeaturePresent
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
RaiseException
RtlPcToFileHeader
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetExitCodeThread
SetEvent
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
QueryPerformanceFrequency
RtlUnwind
QueryPerformanceCounter
GetLastError
CloseHandle
WriteFile
SetFilePointerEx
ReadFile
GetFileInformationByHandle
CreateFileW
GetModuleHandleA
GetThreadId
WaitForSingleObject
ReleaseSemaphore
FlushFileBuffers
GetFileInformationByHandleEx
MoveFileExW
DeviceIoControl
AreFileApisANSI
SetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesExW
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
RtlVirtualUnwind
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
ReadConsoleA
ReadConsoleW
LocalFree
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW

ws2_32

shutdown
WSAStartup
WSASetLastError
WSACleanup
__WSAFDIsSet
closesocket
connect
ioctlsocket
getpeername
getsockopt
ntohs
inet_pton
getnameinfo
freeaddrinfo
getaddrinfo
WSASocketW
recv
socket
WSAGetLastError
setsockopt
send
select

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore

user32

UnhookWindowsHookEx
CallNextHookEx
SendMessageA
MapVirtualKeyA
LoadIconA
PostMessageA
DefWindowProcA
RegisterClassExA
CreateWindowExA
DestroyWindow
ShowWindow
keybd_event
GetKeyNameTextA
PostThreadMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
GetActiveWindow
SetWindowPos
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
DestroyIcon
GetCursorPos
SetForegroundWindow
GetMenuItemInfoA
InsertMenuItemA
TrackPopupMenu
DestroyMenu
CreatePopupMenu
UnregisterClassA
SetProcessDpiAwarenessContext
LoadCursorA
SetWindowLongPtrA
GetWindowLongPtrA
GetWindowRect
GetClientRect
SetWindowTextA
UpdateWindow
GetSystemMetrics
SetFocus

shell32

CommandLineToArgvW
GetCurrentProcessExplicitAppUserModelID
SHFileOperationW
ShellExecuteA
ShellExecuteW
SHCreateItemFromParsingName
Shell_NotifyIconA

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeEx

advapi32

ReportEventW
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceW
DeregisterEventSource
RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

dbghelp

SymSetOptions
UnDecorateSymbolName
SymLoadModule64
SymFromAddr
SymInitialize
SymGetLineFromAddr64
SymGetModuleBase64
SymFunctionTableAccess64
SymGetOptions
StackWalk64
ImageNtHeader

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 803KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c70458acb9cdcff2a90e222127e98d59

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

ws2_32

crypt32

user32

shell32

ole32

advapi32

dbghelp

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 803KB - Virtual size: 802KB

.data Size: 6.1MB - Virtual size: 6.1MB

.pdata Size: 109KB - Virtual size: 108KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 115KB - Virtual size: 114KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 803KB - Virtual size: 802KB

.data
Size: 6.1MB - Virtual size: 6.1MB

.pdata
Size: 109KB - Virtual size: 108KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 115KB - Virtual size: 114KB

.reloc
Size: 30KB - Virtual size: 29KB