CloudExperienceHostCommon[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

CloudExperienceHostCommon.dll
Size

776KB
MD5

2d6023e3b34b397067103e815ded46f9
SHA1

351690940a8eacc125b299ca3677276e13e81eb9
SHA256

c78e4495106cf73fb4f46d8ed3beb77df2398f2ff7b53467b139437407632fb8
SHA512

8e5cec0faf505e01b0fe8bb096d14e6e8bdcea1bc52bc2e49b20d9cc86bf2cc82551dfb8169956fec154619fac8e07db83a2aebfa0f94d799c6e2edf6f98d6a4
SSDEEP

24576:5/3KZKNR4Gk9wmLlmAU97HvM0HvsIKx8GOBfiBkKeIS9wCc3tD:5/uKNR4GaVLk7PTvsIKx8GOBfiBkKeIh

Score

1^/10

Malware Config

Signatures

Files

CloudExperienceHostCommon.dll
.dll windows:10 windows x86 arch:x86

1344eca8eb5aeac2967b871d406e32bf

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:12:6d:0f:c5:32:5d:ac:dc:10:91:87:18:fb:38:e8:96:62:20:f9:44:c1:ec:60:6f:ae:07:b5:29:9f:10:0c
Signer

Actual PE Digest

6f:12:6d:0f:c5:32:5d:ac:dc:10:91:87:18:fb:38:e8:96:62:20:f9:44:c1:ec:60:6f:ae:07:b5:29:9f:10:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

CloudExperienceHostCommon.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

wcscspn
memset

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_wcsncpy_s
_o_wcstok
_o_wcstoul
_except_handler4_common
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
wcsrchr
_o__callnewh
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
LoadLibraryExA
GetModuleHandleW
FindResourceExW
GetProcAddress
GetModuleFileNameA
FreeResource
LoadResource
FindStringOrdinal
LockResource

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitializeSRWLock
SetEvent
ResetEvent
CreateEventW
AcquireSRWLockShared
InitializeCriticalSectionEx
OpenEventW
CreateEventExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsDuplicateString

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
EventActivityIdControl

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
GetProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-l1-2-0

GetFileMUIPath
GetUserGeoID
GetUILanguageInfo
ResolveLocaleName
LocaleNameToLCID
GetGeoInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount64
GetVersionExW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegGetValueW
RegEnumValueW
RegOpenKeyExW
RegCloseKey

oleaut32

SysAllocString
SysFreeString

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
OOBEComplete

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchAppend
PathAllocCombine

api-ms-win-core-file-l1-1-0

DeleteFileW
FindFirstFileW
FindNextFileW
FindClose

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-eventing-controller-l1-1-0

ControlTraceW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

sspicli

GetUserNameExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-security-base-l1-1-0

GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-localization-l1-2-3

EnumSystemGeoNames
GetGeoInfoEx

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

ntdll

RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-appmodel-runtime-l1-1-1

ParseApplicationUserModelId

api-ms-win-mm-playsound-l1-1-0

sndPlaySoundW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 631KB - Virtual size: 630KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1344eca8eb5aeac2967b871d406e32bf

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

6f:12:6d:0f:c5:32:5d:ac:dc:10:91:87:18:fb:38:e8:96:62:20:f9:44:c1:ec:60:6f:ae:07:b5:29:9f:10:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-oobe-notification-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

sspicli

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-localization-l1-2-3

api-ms-win-core-psapi-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-security-capability-l1-1-0

ntdll

api-ms-win-security-lsalookup-l1-1-2

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-mm-playsound-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

msvcp_win

api-ms-win-core-memory-l1-1-0

Exports

Exports

Sections

.text Size: 631KB - Virtual size: 630KB

.data Size: 6KB - Virtual size: 7KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 104B

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 37KB - Virtual size: 37KB

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

6f:12:6d:0f:c5:32:5d:ac:dc:10:91:87:18:fb:38:e8:96:62:20:f9:44:c1:ec:60:6f:ae:07:b5:29:9f:10:0c
Signer

.text
Size: 631KB - Virtual size: 630KB

.data
Size: 6KB - Virtual size: 7KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 104B

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 37KB - Virtual size: 37KB