SndVol.exe

  • File Path: C:\Windows\SysWOW64\SndVol.exe
  • Description: Volume Mixer

Screenshot

SndVol.exe

Hashes

Type Hash
MD5 2A724F091A5C7329F41CE3B99D420EBD
SHA1 F6720B46EA78D70162EB983AE8EE5EFE4F5AA9FA
SHA256 439997E510099CCD0D086DC1A99DF6651CED076B34DF2029A6CBBDAD6204B469
SHA384 386BC8928A60BCDF3FD7307D7BA0E3DD6703722E75F1D6C363C21106D7FABAA0D49EC2EAAC21C390DCB329517D5ABF03
SHA512 840C1D6794FE7A4222F479A5470336C45D9454F18981CE082FCA6F7D81BF0B50A6B03113DE0D57743A1689327F10AF4A833BD485AAB15794011D4799BCCC2105
SSDEEP 3072:kXdA52RxekzTkA5SKocHeKrEZAtOw+w//SfIBjbEyB7HbIdUAOo:k+yxeFA5SKPHeiP///qzy10dn
IMP 5F3F3778A963E0C44DCFB0F587F80B8A
PESHA1 B09B93235E33B199FB95E839C567E03D89A6C906
PE256 CDB8BEA6F60AD50F0EA0B1AEA8DE074E6C8C08F480126F94F06A448DA4DCC290

Runtime Data

Window Title:

Volume Mixer

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SysWOW64\en-US\sndvol.exe.mui File
(R-D) C:\Windows\SysWOW64\en-US\user32.dll.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_261b62a767ca4e6d File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17763.1518_none_5706558cc25cc83b File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\SndVol.exe

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SndVol.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/439997e510099ccd0d086dc1a99df6651ced076b34df2029a6cbbdad6204b469/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SndVol.exe 35
C:\WINDOWS\system32\SndVol.exe 30
C:\windows\system32\SndVol.exe 32
C:\WINDOWS\SysWOW64\SndVol.exe 32
C:\Windows\SysWOW64\SndVol.exe 30
C:\WINDOWS\SysWOW64\SndVol.exe 29
C:\Windows\SysWOW64\SndVol.exe 30
C:\windows\SysWOW64\SndVol.exe 35
C:\Windows\SysWOW64\SndVol.exe 35

Possible Misuse

The following table contains possible examples of SndVol.exe being misused. While SndVol.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base thor_inverse_matches.yar description = “Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file SndVol.exe” CC BY-NC 4.0
signature-base thor_inverse_matches.yar filename == “sndvol.exe” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.