SndVol.exe

  • File Path: C:\windows\SysWOW64\SndVol.exe
  • Description: Volume Mixer

Screenshot

SndVol.exe

Hashes

Type Hash
MD5 8D40C30D3BA0030D55C1249C118D7F63
SHA1 632D51FF780F125352DFC98E2FCD836643063878
SHA256 496FA6BF30F3205FB2232A1706D6DE91B3A5E27CD2C2CCCB70B7A3A0E29C091B
SHA384 E0F9983C7027287610F0F981DE2B42D3C6297B24C7C020597C34B72B1BA4D551EE42A3724225AF9DF134816207CBC46A
SHA512 EE596396192E006A19BD869646CF7D7841FA2C75093236C893FB58E4D5922ECA2243853982FBA2D829DD32BCCAC951F05294BAE81278FE4AAAA7AB1081EF87A4
SSDEEP 3072:0QBEKrV+tRVL7OcQiCPB/l42aSvkjbEyB7HbIVXM+O1c:0QCKr0tryBTw2aSby10ht

Signature

  • Status: Signature verified.
  • Serial: 330000004EA1D80770A9BBE94400000000004E
  • Thumbprint: DF3B9B7E5AEA1AA0B82EA25F542A6A00963AB890
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SndVol.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\SndVol.exe 32
C:\WINDOWS\system32\SndVol.exe 32
C:\windows\system32\SndVol.exe 30
C:\WINDOWS\SysWOW64\SndVol.exe 35
C:\Windows\SysWOW64\SndVol.exe 35
C:\Windows\SysWOW64\SndVol.exe 30
C:\WINDOWS\SysWOW64\SndVol.exe 32
C:\Windows\SysWOW64\SndVol.exe 30
C:\Windows\SysWOW64\SndVol.exe 33

Possible Misuse

The following table contains possible examples of SndVol.exe being misused. While SndVol.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
signature-base thor_inverse_matches.yar description = “Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file SndVol.exe” CC BY-NC 4.0
signature-base thor_inverse_matches.yar filename == “sndvol.exe” CC BY-NC 4.0

MIT License. Copyright (c) 2020-2021 Strontic.