CloudExperienceHostBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CloudExperienceHostBroker.exe
Size

65KB
MD5

f4ba7c73c6c24a56ea2dc475fdd59aa5
SHA1

31f68038678b3288d32ac3d81440669efd57a749
SHA256

7cfd1b655317f4c5b4ce7108316b5371d3a8ee222882780446af12c195fab17a
SHA512

408302fa45db7ae67666d92f06e39bcb3bbd67d8e16842dec72a8018a690c3869a4567891e44796dd09b6c1de18644a4d1349fc6921c404be7003c8be39cce2a
SSDEEP

1536:9wn5bRcEVTorTj769ok9qv+W3C/zEnqH2/IPr:9wzQTj29o3+WS/IqcIT

Score

1^/10

Malware Config

Signatures

Files

CloudExperienceHostBroker.exe
.exe windows x64

95bfaa5798555940e5eeca729ede93cd

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:77:89:f3:6d:37:22:e4:2f:14:50:8a:f4:d0:c9:01:0d:a7:a5:05:e4:85:4a:b6:9f:0f:05:6f:e2:a3:9d:28
Signer

Actual PE Digest

5c:77:89:f3:6d:37:22:e4:2f:14:50:8a:f4:d0:c9:01:0d:a7:a5:05:e4:85:4a:b6:9f:0f:05:6f:e2:a3:9d:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__dllonexit
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
_purecall
_onexit
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??1type_info@@UEAA@XZ
memmove
__set_app_type
__CxxFrameHandler3
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
OpenEventW
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
CreateMutexExW
CreateEventExW
SetEvent
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoRevokeClassObject
CoDisconnectObject
CoTaskMemFree
CoCreateInstance
StringFromCLSID

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
SleepConditionVariableSRW
InitOnceComplete
WakeAllConditionVariable
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

combase

ord69

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95bfaa5798555940e5eeca729ede93cd

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

5c:77:89:f3:6d:37:22:e4:2f:14:50:8a:f4:d0:c9:01:0d:a7:a5:05:e4:85:4a:b6:9f:0f:05:6f:e2:a3:9d:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

combase

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 724B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

5c:77:89:f3:6d:37:22:e4:2f:14:50:8a:f4:d0:c9:01:0d:a7:a5:05:e4:85:4a:b6:9f:0f:05:6f:e2:a3:9d:28
Signer

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 724B