CloudNotifications[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CloudNotifications.exe
Size

63KB
MD5

c35655a83d14a8ae7355fa304b9c9175
SHA1

f2e4e2e014150a3f625777c53277da88bc71918a
SHA256

8fdee1f77151688286067e4c32e918fd3738e7b1114ab1b509ba884a33839d04
SHA512

a8b07c2f765b5173565756da19051d7599ead9eccfcaf69110957c11a5b4321876e931e5055337f633361af2b1118cb0359b67526a0d7d17786545135a0310f8
SSDEEP

1536:z+YpJ3JAYFQp0VEL+EHn8djDLzdSx/cJ6x0ZOOLAqXWpyH4jr3uKIPRgz9:z+85kp0EL+EH89Lz1WQHC3u9JgR

Score

1^/10

Malware Config

Signatures

Files

CloudNotifications.exe
.exe windows x86

0a11c3248ab0e486c66c26fa53d22928

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:f3:52:35:cb:b2:56:3c:eb:8d:b5:72:3b:35:97:7f:11:74:92:3d:be:91:9c:fb:86:19:63:02:f1:79:74:f2
Signer

Actual PE Digest

a1:f3:52:35:cb:b2:56:3c:eb:8d:b5:72:3b:35:97:7f:11:74:92:3d:be:91:9c:fb:86:19:63:02:f1:79:74:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateSemaphoreExW
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateMutexW
LockResource
LoadResource
FindResourceExW
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetModuleFileNameA
CloseHandle

user32

DispatchMessageW
GetMessageW
TranslateMessage

msvcrt

_onexit
__dllonexit
__setusermatherr
__CxxFrameHandler3
memset
_wcmdln
_exit
_cexit
__p__fmode
_lock
_unlock
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_initterm
memcmp
??1type_info@@UAE@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
??3@YAXPAX@Z
memcpy_s
_vsnwprintf
wcsstr
memmove_s
malloc
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memmove

shlwapi

PathRemoveFileSpecW
PathAppendW
SHGetThreadRef
ord487

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcess
TerminateProcess
TlsFree
GetStartupInfoW
TlsAlloc
TlsGetValue

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsReplaceString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

WinSqmAddToStream

uxtheme

GetCurrentThemeName

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a11c3248ab0e486c66c26fa53d22928

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a1:f3:52:35:cb:b2:56:3c:eb:8d:b5:72:3b:35:97:7f:11:74:92:3d:be:91:9c:fb:86:19:63:02:f1:79:74:f2Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

ntdll

uxtheme

Sections

.text Size: 40KB - Virtual size: 40KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 100B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a1:f3:52:35:cb:b2:56:3c:eb:8d:b5:72:3b:35:97:7f:11:74:92:3d:be:91:9c:fb:86:19:63:02:f1:79:74:f2
Signer

.text
Size: 40KB - Virtual size: 40KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 100B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB