CloudNotification.exe

First submission 2022-07-31 03:43:04

File details

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
File type:	25608.0 KB (26222592 bytes)
Compile time:	2076-02-29 03:27:58
MD5:	70833259f8e68ba9a332383197100142
SHA1:	99881b7b13597e4da0976d0df3041a82c30a6eea
SHA256:	f7f075306a39e7c366f5c44251cc03dcc33374c9e7802c9ca9eb486475c463b7
Sections 2	.text .rsrc
Directories 1	resource
Virus Total:	17/69 VT report date: 2022-07-31 01:05:11

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://rune-spectrals.com/file/CloudNotification.exe	rune-spectrals.com	2022-07-31 03:43:04

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5	Suspicious
.text	0x2000	0x19012b8	26219520	01ac4c361142dddf865695e2e8b72dbaf80b6cd7	1eaaa871b56795c738996ee13be8c987
.rsrc	0x1904000	0x9fa	2560	445b1bf3c6363fadff0401802f3d7877d56a91f7	979214eb3492c1b70d45bf3b4c6d478a

PE Resources 4

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1904130	744	PE Resource: RT_ICON - Data ( @"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""7wr""""""""""""""""""""""""""""""(""""""""/"""""""'/'""""""x"(2""""""/"""""r/"?""""'#"""""("/2#""""("'"(""""(r"?2"""""'"'"""""""""""("""""r""""""""""""""""/"""""""""'""""("""""""r"""""""""""""""(2"""""""""""'"""""""""""xr"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1904418	20
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x190442c	996	PE Resource: RT_VERSION - Data 4VS_VERSION_INFO aJ aJ?DVarFileInfo$TranslationDStringFileInfo 000004b0* CommentsGame BarLCompanyNameMicrosoft Corporation: FileDescriptionGame Bar@FileVersion10.0.19041.10524 InternalNameucsvc.exe.LegalCopyright Microsoft Corporation. All rights reserved.*LegalTrademarks< OriginalFilenameucsvc.exej%ProductNameMicrosoft Windows Operating SystemDProductVersion10.0.19041.1052HAssembly Version10.0.19041.1052
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x1904810	490	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>

Meta infos 12

OriginalFilename:	ucsvc.exe
Assembly Version:	10.0.19041.1052
Translation:	0x0000 0x04b0
InternalName:	ucsvc.exe
FileVersion:	10.0.19041.1052
LegalTrademarks:
ProductVersion:	10.0.19041.1052
FileDescription:	Game Bar
LegalCopyright:	\xa9 Microsoft Corporation. All rights reserved.
Comments:	Game Bar
ProductName:	Microsoft\xae Windows\xae Operating System
CompanyName:	Microsoft Corporation

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0

Strings analysis - File found

Executable
\O.sO

Strings analysis - Possible URLs found 1

http://x.rune-spectrals.com/torrent/uploads/ucsvc_Bvvtligq.png