SndVol.exe
- File Path:
C:\WINDOWS\system32\SndVol.exe - Description: Volume Mixer
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 002786F419981EADC427F5C0132F896F |
| SHA1 | AB6A57FBF3BBDA6FB0CF8F44B3C28573FA11549D |
| SHA256 | E8DCA95F237C2E8D3159B1DCF18D89C23285360B3C8525DF4DF88DC90B157D96 |
| SHA384 | 2FA75E3684EF5AF90668BF37B2575CB56AB3AED8A2F9CC270176A442C263B6A0BF83AD72ED427E43B42D2F2EF5EA72AA |
| SHA512 | C25461FE38A3C200AEB22CD46CC9215FA274DD3C4DE5AA6B894D27F12D2A13950F4A5354390392671B56DCBED2B58321AE23F52470575D9E1CDA7950EF0EFF63 |
| SSDEEP | 6144:cd8V0OWKmKVa4MeBau0xJdTDNYpzuC7LIY0K9y10q:1V/WKjEveBauUJ0dxpyl |
| IMP | FA7AB6C21AFB08CB6C84D56033FE0F3A |
| PESHA1 | A9E52D396FB5530AB1A86DA5D2D2FAFC990C85A5 |
| PE256 | 5B8B3CAF135E88BB75BBAC9AFABD4C64A47F0B7BA5CEC770E0F867541F8E2E8F |
Runtime Data
Window Title:
Volume Mixer - Remote Audio
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\sndvol.exe.mui | File |
| (R-D) C:\Windows\System32\en-US\user32.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\wdmaud.drv.mui | File |
| (RW-) C:\Windows\System32 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.22000.282_none_ce81670012fd6ff0 | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\Windows\Theme1077709572 | Section |
| \Windows\Theme3461253685 | Section |
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\System32\GDI32.dll |
| C:\WINDOWS\System32\gdi32full.dll |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\system32\SndVol.exe |
| C:\WINDOWS\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: SndVol.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/74
- VirusTotal Link: https://www.virustotal.com/gui/file/e8dca95f237c2e8d3159b1dcf18d89c23285360b3c8525df4df88dc90b157d96/detection
Possible Misuse
The following table contains possible examples of SndVol.exe being misused. While SndVol.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| signature-base | thor_inverse_matches.yar | description = “Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file SndVol.exe” | CC BY-NC 4.0 |
| signature-base | thor_inverse_matches.yar | filename == “sndvol.exe” | CC BY-NC 4.0 |
MIT License. Copyright (c) 2020-2021 Strontic.