DmNotificationBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DmNotificationBroker.exe
Size

27KB
MD5

232229587089a8f50d32867e33d4e277
SHA1

a60295450d4a8488be0b4d7bdff2fdc6ab7000d6
SHA256

479118971621c6d663aaf76c7c6a1ec432abf56fe98c03e53f5bb507740623da
SHA512

4c4c5442d27a9e54dcf8489d64a251a6749ebb9be1420774711061af689ce092a746e1c4afab4e3be39d4ee63ea7d22c9f1c9acffdf5c1d7fc056784b638595b
SSDEEP

768:LmylUcLf+XiQuFZr4ySSRZAgYTox5Ve9:LB+cLfwHu34ynZAgYTox5Ve

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DmNotificationBroker.exe

Files

DmNotificationBroker.exe
.exe windows:10 windows x86

c0edc4e24edcb52e733a43547fc6624e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
malloc
__CxxFrameHandler3
??3@YAXPAX@Z
free
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsicmp
_callnewh
memmove
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
??1type_info@@UAE@XZ
memset

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-1

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoGetMalloc
CoInitializeEx

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

WaitForSingleObject
Sleep

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

dmcmnutils

CopyString

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

NdrClientCall4
RpcBindingBind
I_RpcExceptionFilter
RpcBindingFree
RpcBindingCreateW

user32

TranslateMessage
DispatchMessageW
GetMessageW

dui70

?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJPBGPAUHINSTANCE__@@1@Z
?GetClassInfoPtr@RichText@DirectUI@@SGPAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchEdit2@DirectUI@@SGPAUIClassInfo@2@XZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?CreateBool@Value@DirectUI@@SGPAV12@_N@Z
?VisibleProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SGPAV12@PBGPAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QAEJP6GPBUPropertyInfo@2@XZHPAVValue@2@@Z
?ContentProp@Element@DirectUI@@SGPBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AAEXXZ
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?GetEncodedContentString@Element@DirectUI@@QAEJPAGI@Z
StrToID

windows.ui.immersive

ord101
ord100

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0edc4e24edcb52e733a43547fc6624e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-shcore-obsolete-l1-1-0

dmcmnutils

api-ms-win-core-handle-l1-1-0

rpcrt4

user32

dui70

windows.ui.immersive

Sections

.text Size: 17KB - Virtual size: 16KB

.imrsiv Size: - Virtual size: 4B

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.imrsiv
Size: - Virtual size: 4B

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB