DmNotificationBroker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DmNotificationBroker.exe
Size

52KB
MD5

e3902a3359ba87dd11911b7f4a153de1
SHA1

4b1b35c4a8c37d0ed1524645199aecdfa7c3c06e
SHA256

a656ad4672d73cc5f8af26a02d773c5f034c69603888841190c4c74075229e58
SHA512

872be1094d14d80d856a9b74c595c28181cc4feea8f87bab7fd4b0c2b060b005479a7166b93750ad1c073d9824d6e058f7c2223b4aba75c0cfa0c889af78bf34
SSDEEP

768:+lREf84WcyGvnKj56qI/JT4WgAJl0/Yw6VQitj/q+nMuf3DB:Zf84VyNj56qI/JT4WgAJ+/YwOtj/NB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DmNotificationBroker.exe

Files

DmNotificationBroker.exe
.exe windows:10 windows x64 arch:x64

d0eed94b0572995c402050a0f22efdd9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__CxxFrameHandler3
malloc
free
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitializeEx

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
CreateThread
GetCurrentProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

dmcmnutils

CopyString

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingBind
RpcBindingCreateW
I_RpcExceptionFilter
NdrClientCall3
RpcBindingFree

user32

TranslateMessage
GetMessageW
DispatchMessageW

dui70

?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
StrToID
?GetClassInfoPtr@RichText@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchEdit2@DirectUI@@SAPEAUIClassInfo@2@XZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?VisibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z

windows.ui.immersive

ord101
ord100

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0eed94b0572995c402050a0f22efdd9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

dmcmnutils

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

rpcrt4

user32

dui70

windows.ui.immersive

Sections

.text Size: 16KB - Virtual size: 12KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 936B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 544B

.text
Size: 16KB - Virtual size: 12KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 936B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 544B