audiodg.exe

  • File Path: C:\Windows\system32\audiodg.exe
  • Description: Windows Audio Device Graph Isolation

Hashes

Type Hash
MD5 B234D0A8796076CCA38DEC2C0CABE380
SHA1 AE2481705ABC6C24368757506F3124C21DAD57F2
SHA256 616A67DDA10AA1F949A4B2FD4BFDC1AD251C839CA0A004EEBDEBE4A5D05398C8
SHA384 D76AC78E3810A3B765BD819855EDE632B2457D710D787042FB2E677932F02092F64E498D6CD1A472B89657BD3F19076F
SHA512 16323B85B680C202799A31406503F608D16940783370E29B5908471B0346630DC33F27D8507DA39CF41C073EB58A857975247CDB9E496680B694A5F89E35797C
SSDEEP 12288:CFDBfxLQX+qEjHzQgUcznUkbqE5LIVMvC+:YBmOqEjTQEzUkZEK1

Runtime Data

Loaded Modules:

Path
C:\Windows\system32\audiodg.exe
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\system32\DEVOBJ.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\system32\MMDevAPI.DLL
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\shcore.dll
C:\Windows\System32\ucrtbase.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: audioadg.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\audiodg.exe 58

Possible Misuse

The following table contains possible examples of audiodg.exe being misused. While audiodg.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma sysmon_creation_system_file.yml - '*\audiodg.exe' DRL 1.0
sigma win_system_exe_anomaly.yml - '*\audiodg.exe' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.