InputService[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

InputService.dll
Size

2.0MB
MD5

efa9e0d5554fce34267ad7a7c321e436
SHA1

90863dd85da47fee1d8572a58dd75c6ffb82cd5a
SHA256

bfb60a23bf674fd8514ccae5093c540dcb96a82f50c5db05cc57a941fdcfe68e
SHA512

936721556c515b9f9dd8794efaf7fbdc46938c64efbd9afb7353eca1f4dd50c9f35f462d6349aad2a838bff72d7b077da2ae037fc8b3ae0d7dd59df080e23358
SSDEEP

49152:aECRVQ18iBw8c82/Bm3gwIKFq9zCfLsd0CoQQ8d2BStMRyZHTQdSblkUlvIwkq+K:518p8c8gBm3gwIKFkzCzQBQY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
InputService.dll

Files

InputService.dll
.dll windows:10 windows x86 arch:x86

5924a3238c66bc9e61e81bfb412f771b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InputService.pdb

Imports

msvcrt

_Wcsftime
_Gettnames
_Strftime
isspace
memchr
___lc_collate_cp_func
memcmp
isalnum
isdigit
_CIsqrt
_W_Gettnames
_W_Getmonths
_W_Getdays
qsort_s
qsort
time
tolower
_ultow_s
iswgraph
calloc
memmove_s
iswprint
wcscat_s
swprintf_s
toupper
islower
wcsncpy_s
wcsnlen
iswascii
_Getmonths
_Getdays
abort
iswdigit
swscanf_s
wcsncmp
_fseeki64
fsetpos
_get_current_locale
iswpunct
ungetc
setvbuf
fgetpos
wcschr
fwrite
fgetwc
__mb_cur_max
fgetc
__crtLCMapStringA
__crtLCMapStringW
iswcntrl
fputwc
fclose
fflush
sprintf_s
_wcsnicmp
__crtCompareStringA
iswalpha
localeconv
strcspn
iswupper
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
wcstombs_s
wcstok_s
_except_handler4_common
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__crtCompareStringW
_initterm
_amsg_exit
wcscpy_s
_XcptFilter
memcpy
__CxxFrameHandler3
??8type_info@@QBEHABV0@@Z
_wcsdup
_wfsopen
_strlwr_s
fseek
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBDH@Z
ldexp
??0exception@@QAE@ABQBD@Z
_wcsicmp
towupper
_callnewh
malloc
memset
iswalnum
strrchr
wcsstr
_wsetlocale
free
_ismbblead
___mb_cur_max_func
___lc_codepage_func
_vsnprintf_s
___lc_handle_func
wcstoul
iswspace
towlower
strcpy_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
ldiv
_wcslwr_s
_beginthreadex
??1exception@@UAE@XZ
_CIatan
_purecall
_CIatan2
_CIlog
isupper
__pctype_func
__uncaught_exception
setlocale
_ftol2
??3@YAXPAX@Z
_errno
memcpy_s
_wtof_l
_ftol2_sse
_create_locale
ungetwc
memmove
_vsnwprintf
realloc
_free_locale
??_V@YAXPAX@Z
floor

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExW
GetProcAddress

api-ms-win-core-com-l1-1-1

CoTaskMemRealloc
IIDFromString
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoIncrementMTAUsage
CoGetMalloc
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoCreateGuid
CoDecrementMTAUsage

api-ms-win-core-synch-l1-2-0

CreateSemaphoreExW
InitializeSRWLock
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSection
OpenSemaphoreW
AcquireSRWLockShared
WaitForSingleObjectEx
DeleteCriticalSection
Sleep
WaitForSingleObject
CreateEventW
InitOnceComplete
ReleaseMutex
ReleaseSemaphore
OpenEventW
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection
InitOnceBeginInitialize
EnterCriticalSection

api-ms-win-core-heap-l1-2-0

HeapAlloc
HeapDestroy
GetProcessHeap
HeapReAlloc
HeapFree
HeapCreate

api-ms-win-core-errorhandling-l1-1-1

SetLastError
UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

CreateThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
SetThreadPriority

api-ms-win-core-localization-l1-2-1

LCMapStringW
GetLocaleInfoW
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-1

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventRegister
EventUnregister
EventWrite
EventWriteTransfer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetTickCount64
GetTickCount
GetSystemTime
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

editbuffertesthook

CreateEditBufferTestHook
GetTestHookEnabled

coreuicomponents

CoreUIClientCreate
CoreUIFactoryCreate
CoreUIServerCreate

coremessaging

MsgStringCreateShared
MsgBlobCreateShared
MsgRelease
MsgBufferShare
CoreUICreate

api-ms-win-core-normalization-l1-1-0

NormalizeString

textinputframework

TextInputServerCreate

ntdll

RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtQueryInformationProcess

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegOpenCurrentUser

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeExW

oleaut32

SysFreeString
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysStringByteLen
SysStringLen

api-ms-win-core-libraryloader-l1-2-2

LoadLibraryW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-memory-l1-1-2

MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-file-l1-2-1

CreateDirectoryW
GetFileAttributesW
GetFileSize
CreateFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoTransformError
RoOriginateError
RoReportFailedDelegate

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

Exports

Exports

InitializeService
ServiceMain
SvchostPushServiceGlobals
UninitializeService

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5924a3238c66bc9e61e81bfb412f771b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-threadpool-legacy-l1-1-0

editbuffertesthook

coreuicomponents

coremessaging

api-ms-win-core-normalization-l1-1-0

textinputframework

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

oleaut32

api-ms-win-core-libraryloader-l1-2-2

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-localization-l1-2-2

api-ms-win-core-file-l1-2-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 11KB - Virtual size: 82KB

.idata Size: 10KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 57KB - Virtual size: 57KB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 11KB - Virtual size: 82KB

.idata
Size: 10KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 57KB - Virtual size: 57KB

.reloc
Size: 107KB - Virtual size: 106KB