CloudNotification.exe

First submission 2022-07-31 03:43:04

File details

File type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
File type: 25608.0 KB (26222592 bytes)
Compile time: 2076-02-29 03:27:58
MD5: 70833259f8e68ba9a332383197100142
SHA1: 99881b7b13597e4da0976d0df3041a82c30a6eea
SHA256: f7f075306a39e7c366f5c44251cc03dcc33374c9e7802c9ca9eb486475c463b7
Sections 2 .text .rsrc
Directories 1 resource
Virus Total: 17/69 VT report date: 2022-07-31 01:05:11

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://rune-spectrals.com/file/CloudNotification.exe VirusTotal Report rune-spectrals.com VirusTotal Report 2022-07-31 03:43:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0x19012b8 26219520 01ac4c361142dddf865695e2e8b72dbaf80b6cd7 1eaaa871b56795c738996ee13be8c987
.rsrc 0x1904000 0x9fa 2560 445b1bf3c6363fadff0401802f3d7877d56a91f7 979214eb3492c1b70d45bf3b4c6d478a

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x1904130 744
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x1904418 20
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x190442c 996
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x1904810 490

Meta infos 12

OriginalFilename: ucsvc.exe
Assembly Version: 10.0.19041.1052
Translation: 0x0000 0x04b0
InternalName: ucsvc.exe
FileVersion: 10.0.19041.1052
LegalTrademarks:
ProductVersion: 10.0.19041.1052
FileDescription: Game Bar
LegalCopyright: \xa9 Microsoft Corporation. All rights reserved.
Comments: Game Bar
ProductName: Microsoft\xae Windows\xae Operating System
CompanyName: Microsoft Corporation

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0

Strings analysis - File found

Executable
\O.sO

Strings analysis - Possible URLs found 1

http://x.rune-spectrals.com/torrent/uploads/ucsvc_Bvvtligq.png