CloudExperienceHostCommon[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CloudExperienceHostCommon.dll
Size

817KB
MD5

ce889ef63b195ee36467515ed7637f6e
SHA1

1ae2dbffd819fce12e8c090034fec86305096d11
SHA256

6f063fb2843cfa41b68c6dd820d9a8bd8293e0694213f5172fa2a26c670d4112
SHA512

7aba11036836552f3c006c7c5c573cac197c06b5e01169baeb6ec5af776a6a9e082fd85a766e7f6f5191affe9de1fa6accf9c3658439898cb265cb9479b3a982
SSDEEP

24576:uBtZSHdGJfZDJRUoT5CeavOtBkTKzDmX0xMljtfFfK6kPJLeq0cy:SZyGJfZDJCoRtakDmX0xMljtfFfK6Ii

Score

1^/10

Malware Config

Signatures

Files

CloudExperienceHostCommon.dll
.dll windows:10 windows x86 arch:x86

6d10bbbcb191858bf6e49496adc20218

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:d4:e9:50:f5:c2:cc:b1:7f:94:be:9c:74:0a:cd:31:13:e3:98:b5:70:86:05:62:69:8c:eb:4b:59:88:30:04
Signer

Actual PE Digest

e1:d4:e9:50:f5:c2:cc:b1:7f:94:be:9c:74:0a:cd:31:13:e3:98:b5:70:86:05:62:69:8c:eb:4b:59:88:30:04

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CloudExperienceHostCommon.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcscspn

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__callnewh
memmove
_o__execute_onexit_table
_o__wcsicmp
_o_free
_o_localeconv
_o_malloc
_o_realloc
_o_strtod
_o_strtoll
_o_strtoull
_o_terminate
_o_towlower
_o_wcsncpy_s
_o_wcstok
_o_wcstoul
_except_handler4_common
_CxxThrowException
_o__crt_atexit
_o__errno
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__dtest
_o__cexit
__std_terminate
__CxxFrameHandler3
memcmp
wcsrchr
memcpy

api-ms-win-core-libraryloader-l1-2-0

FreeResource
GetProcAddress
LockResource
LoadResource
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
FindResourceExW
GetModuleFileNameA
DisableThreadLibraryCalls
FindStringOrdinal
GetModuleHandleExW
LoadLibraryExA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjectsEx
ReleaseMutex
InitializeSRWLock
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateSemaphoreExW
CreateEventExW
OpenEventW
OpenSemaphoreW
ReleaseSRWLockShared
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDuplicateString

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetProcessId
GetCurrentProcessId
TerminateProcess
OpenThreadToken
GetCurrentThread
OpenProcessToken

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateErrorW
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
GetUserGeoID
GetGeoInfoW
GetUILanguageInfo
FormatMessageW
LocaleNameToLCID
GetFileMUIPath

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetTickCount64
GetVersionExW
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegGetValueW
RegEnumValueW

oleaut32

SysFreeString
SysAllocString

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
OOBEComplete
RegisterWaitUntilOOBECompleted

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchAppend
PathAllocCombine

api-ms-win-core-file-l1-1-0

DeleteFileW
FindNextFileW
FindFirstFileW
FindClose

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

sspicli

GetUserNameExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetTokenInformation
AdjustTokenPrivileges

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-localization-l1-2-3

GetGeoInfoEx
EnumSystemGeoNames

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

ntdll

RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlIsMultiSessionSku

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-mm-playsound-l1-1-0

sndPlaySoundW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

msvcp_win

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?_BADOFF@std@@3_JB
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpOpen
WinHttpConnect
WinHttpSendRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d10bbbcb191858bf6e49496adc20218

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e1:d4:e9:50:f5:c2:cc:b1:7f:94:be:9c:74:0a:cd:31:13:e3:98:b5:70:86:05:62:69:8c:eb:4b:59:88:30:04Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-oobe-notification-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

sspicli

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-localization-l1-2-3

api-ms-win-core-psapi-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-security-capability-l1-1-0

ntdll

api-ms-win-security-lsalookup-l1-1-2

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-mm-playsound-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

msvcp_win

winhttp

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 668KB - Virtual size: 667KB

.data Size: 6KB - Virtual size: 8KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 120B

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 39KB - Virtual size: 38KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e1:d4:e9:50:f5:c2:cc:b1:7f:94:be:9c:74:0a:cd:31:13:e3:98:b5:70:86:05:62:69:8c:eb:4b:59:88:30:04
Signer

.text
Size: 668KB - Virtual size: 667KB

.data
Size: 6KB - Virtual size: 8KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 120B

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 39KB - Virtual size: 38KB