GInputSA[.]asi

Sharing

Copy URL Twitter E-mail

General

Target

GInputSA.asi
Size

236KB
MD5

d2d20ee0b4e998ce086ebafb743f2f98
SHA1

e7fcf2dffba9b43496f7d91b4bf7267f724a7276
SHA256

600c01290ac9c071f9042dea55566555298f1949e3741d565707152d6d24d751
SHA512

8a516f5b60c18aa4d68e14cdc9e6d7cd5447a502ab2238371d23cf2467cd793c3f4ccb6593fc6084d55a9504ea461c0bcda8d6948bf51e30c3d9e90683930155
SSDEEP

6144:ht+xp3Rlu4NR8kquU40XjQV5ENCx+5nLN:htIuaO40XjAI6+NLN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
GInputSA.asi

Files

GInputSA.asi
.dll windows:5 windows x86 arch:x86

43e2f6a8a27178a2054b8ff3092d6d1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xinput1_3

ord3
ord2

kernel32

GetEnvironmentVariableA
EnterCriticalSection
GetModuleHandleA
VirtualProtect
ExitProcess
FreeLibrary
QueryPerformanceCounter
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetDllDirectoryA
GetModuleFileNameW
GetPrivateProfileIntW
GetProcAddress
LoadLibraryA
QueryPerformanceFrequency
DeleteCriticalSection
SetLastError
CreateFileW
CloseHandle
GetFileAttributesA
Sleep
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
HeapFree
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetACP
IsValidCodePage
GetOEMCP
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43e2f6a8a27178a2054b8ff3092d6d1b

Headers

DLL Characteristics

File Characteristics

Imports

xinput1_3

kernel32

advapi32

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB