XInput SH3[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

XInput SH3.7z
Size

453KB
MD5

f9cd0defd0fdb17d46fbfb749a0d2af0
SHA1

b36f186a5d1fc3124d486ea60b6e7a5e3d479459
SHA256

bb311e630d636776ae9ad1f7ec8e86e3f61ce1652ce0f35ff43635b018325140
SHA512

687e62516b0d861648bdec9ae300016a59675477763bf0feb90873ec7c70c569f10af41e3eff4fcc6d72a6a9528bdd95aabc18f944bb4b7b121a00d9d1ebfe1f
SSDEEP

12288:0IBRSdNnZIpsQ0uyjZWGLqTnR0boSO0oxeLzl:/MNaUZWkYR0Bccp

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dinput.dll
unpack001/Dinput8.dll
unpack001/XInput1_3.dll

Files

XInput SH3.7z
.7z
Dinput.dll
.dll regsvr32 windows:5 windows x86

357d0f0e7d78555674f3f0eb5e004018

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeSetEvent
timeKillEvent

shlwapi

PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

kernel32

GetStartupInfoW
ReadFile
HeapSize
OutputDebugStringW
CreateFileW
WriteConsoleW
GetPrivateProfileStringW
GetModuleFileNameW
CompareStringW
GetCurrentDirectoryW
VirtualProtect
WideCharToMultiByte
GetProcAddress
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
HeapReAlloc
LoadLibraryExW
LCMapStringW
GetSystemTimeAsFileTime
GetLastError
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetLastError
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetStdHandle
GetFileType
DeleteCriticalSection
ReadConsoleW
CloseHandle
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
FlushFileBuffers

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
IIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DirectInputCreateA
DirectInputCreateEx
DirectInputCreateW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
XInputPlusUtil

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dinput8.dll
.dll regsvr32 windows:6 windows x86

52293f682d4daa0c59589dd624e34689

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeSetEvent
timeKillEvent

shlwapi

PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
IIDFromString
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

kernel32

CloseHandle
ReadConsoleW
ReadFile
HeapSize
OutputDebugStringW
CreateFileW
WriteConsoleW
HeapReAlloc
LoadLibraryExW
LCMapStringW
GetPrivateProfileStringW
GetModuleFileNameW
CompareStringW
GetCurrentDirectoryW
FreeLibrary
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls
VirtualProtect
WideCharToMultiByte
GetSystemTimeAsFileTime
GetLastError
EncodePointer
DecodePointer
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetLastError
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
HeapFree
HeapAlloc
RaiseException
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
FlushFileBuffers

Exports

Exports

DirectInput8Create
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
XInputPlusUtil

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XInput1_3.dll
.dll windows:5 windows x86

ff83811907a732beaaa6178d575bbd95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundW

kernel32

GetStdHandle
CreateFileW
GetPrivateProfileStringW
GetModuleFileNameW
CompareStringW
GetCurrentDirectoryW
FindResourceW
FreeLibrary
LoadResource
GetSystemDirectoryW
LoadLibraryW
Sleep
SizeofResource
GetProcAddress
LockResource
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
LCMapStringW
GetLastError
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
WideCharToMultiByte
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetLastError
GetProcessHeap
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
RaiseException
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileType
DeleteCriticalSection
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
OutputDebugStringW
RtlUnwind
HeapReAlloc

ole32

IIDFromString

user32

MessageBeep

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Exports

Exports

DllMain
XInputEnable
XInputGetBatteryInformation
XInputGetCapabilities
XInputGetDSoundAudioDeviceGuids
XInputGetKeystroke
XInputGetState
XInputPlusUtil
XInputSetState

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XInputPlus.ini

Sharing

General

Malware Config

Signatures

Files

357d0f0e7d78555674f3f0eb5e004018

Headers

DLL Characteristics

File Characteristics

Imports

winmm

shlwapi

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 35KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

52293f682d4daa0c59589dd624e34689

Headers

DLL Characteristics

File Characteristics

Imports

winmm

shlwapi

ole32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 43KB - Virtual size: 63KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

ff83811907a732beaaa6178d575bbd95

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

ole32

user32

shlwapi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 4KB - Virtual size: 538KB

.rsrc Size: 373KB - Virtual size: 373KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 35KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 43KB - Virtual size: 63KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 4KB - Virtual size: 538KB

.rsrc
Size: 373KB - Virtual size: 373KB

.reloc
Size: 6KB - Virtual size: 6KB