GameInputSvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

GameInputSvc.exe
Size

69KB
MD5

52f80b4f254d58a7dc2a1a479989d401
SHA1

a81845d3cef13b747ce94441218fea523cfd733f
SHA256

82b4bb2b25115b6f0cbf4b6ba85a0ab8df8b9717946a893179d7a59d989803bd
SHA512

b920a1c15d7d791c9e3680a1fcf80bb880fc3ba192abf99a5abb0b48d0f2ede99a05c3e379b07289600d9c85ba78ee564b33b2c9b75014423ad1680e594c0d15
SSDEEP

768:007ubB6VLXFvkTQNS67bbwX4LdVeBAghR4TwlE8feR3LMB9z0ng:IS94OB7HfTeBAghRqwxfehYzz0g

Score

1^/10

Malware Config

Signatures

Files

GameInputSvc.exe
.exe windows:10 windows x64 arch:x64

2a69d7432cce70de2672963579bd0d88

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:3e:8c:2c:40:4b:5e:0e:e2:6c:c7:7b:36:05:d8:3e:a3:c7:ec:46:ab:47:77:ea:54:55:f9:06:0b:ec:e2:dc
Signer

Actual PE Digest

33:3e:8c:2c:40:4b:5e:0e:e2:6c:c7:7b:36:05:d8:3e:a3:c7:ec:46:ab:47:77:ea:54:55:f9:06:0b:ec:e2:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnhandledExceptionFilter
RtlAllocateHeap
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString
EtwEventWriteTransfer
NtTerminateProcess
swprintf_s
RtlFreeHeap
NtQueryLicenseValue
EtwEventUnregister
_wcsicmp
RtlAdjustPrivilege
LdrResSearchResource
_wcsnicmp
EtwEventRegister
wcscpy_s
VerSetConditionMask
towlower
memset

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
OpenEventW
WaitForSingleObject
SetEvent

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-1-0

GetFullPathNameW
CreateFileW
GetTempFileNameW
GetFileAttributesW
GetVolumePathNameW
DeleteFileW
SetFileAttributesW

api-ms-win-core-file-l2-1-0

CopyFileExW
MoveFileExW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentProcess
CreateThread
GetExitCodeProcess
GetStartupInfoW
CreateProcessAsUserW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorOwner
DuplicateTokenEx
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetTokenInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
MoveFileW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

ext-ms-win-session-wtsapi32-l1-1-0

WTSEnumerateSessionsW
WTSFreeMemory

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sinit
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a69d7432cce70de2672963579bd0d88

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:3e:8c:2c:40:4b:5e:0e:e2:6c:c7:7b:36:05:d8:3e:a3:c7:ec:46:ab:47:77:ea:54:55:f9:06:0b:ec:e2:dcSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-security-provider-l1-1-0

ext-ms-win-session-wtsapi32-l1-1-0

crypt32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

wintrust

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 720B

.sinit Size: 4KB - Virtual size: 32B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 64B

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:3e:8c:2c:40:4b:5e:0e:e2:6c:c7:7b:36:05:d8:3e:a3:c7:ec:46:ab:47:77:ea:54:55:f9:06:0b:ec:e2:dc
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 720B

.sinit
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 64B