InputSwitch[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

InputSwitch.dll
Size

438KB
MD5

6134feb6ada3300b6af002e56c13773a
SHA1

629a4e3b6736fdaaee4821a9604804d331943110
SHA256

9bb816fc32bbf0648add9956e4abc72c3f455ef1c0d2d2ff3174ca9ece97f08e
SHA512

4f655937b5c43a8cf896f23e7fe30eff627dac76a68e9e5cc1e1e545e72155ea58669d2fedffec074251f4ab1f624c1577d32464c79268df987b7b5a2791667d
SSDEEP

6144:/QcySurC9vabK8dlPSwHuJx/eaniAanas+tPeSm1B29645wP6XFWoaOp6U+z:/Q3W8DOD/e6anaskZN6PAFX+z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
InputSwitch.dll

Files

InputSwitch.dll
.dll windows:10 windows x86 arch:x86

378163d6a62b058bed8f553d22bc2bd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InputSwitch.pdb

Imports

msvcrt

_get_errno
islower
__isascii
wcsncmp
_wtoi
_wcsicmp
wcschr
??1type_info@@UAE@XZ
wcstoul
_vsnwprintf
_CIpow
_CxxThrowException
_ftol2_sse
?terminate@@YAXXZ
_purecall
floor
memcpy
wcsstr
wcsrchr
_callnewh
_set_errno
__CxxFrameHandler3
memmove_s
toupper
memmove
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
_amsg_exit
_XcptFilter
free
memcpy_s
memcmp
_itow_s
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_vsnprintf_s
memset

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
LockResource
LoadResource
FindResourceExW
FreeLibrary
GetModuleHandleW
GetModuleFileNameA
LoadStringW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
SizeofResource

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
WaitForSingleObject
ReleaseMutex
CreateEventW
TryEnterCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
ReleaseSemaphore
CreateMutexExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsAlloc
GetCurrentProcessId
TlsGetValue
OpenThread
GetCurrentThreadId
TlsSetValue
TlsFree
TerminateProcess

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetUserDefaultLangID
GetThreadUILanguage
GetLocaleInfoW
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer
EventRegister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegGetValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
VerSetConditionMask

api-ms-win-security-base-l1-1-0

CheckTokenMembership
GetTokenInformation
CreateWellKnownSid

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchRemoveFileSpec

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathRemoveFileSpecW
PathIsRelativeW
PathFileExistsW
PathFindExtensionW
PathAppendW
PathIsFileSpecW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

ntdll

RtlGetDeviceFamilyInfoEnum
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
WinSqmAddToStream
RtlUnsubscribeWnfNotificationWaitForCompletion
WinSqmIncrementDWORD
RtlPublishWnfStateData

api-ms-win-core-url-l1-1-0

PathIsURLW
UrlUnescapeW
UrlCreateFromPathW

user32

GetSubMenu
LoadMenuW
CopyImage
DestroyIcon
SendInput
LoadCursorW
CheckMenuItem
GetMenuState
SetCursor
SetThreadDesktop
InjectKeyboardInput
SetWindowCompositionAttribute
GetSysColor
CalculatePopupWindowPosition
MonitorFromWindow
MonitorFromRect
GetKeyboardState
CreateIconIndirect
LoadImageW
CopyIcon
SetCapture
TrackMouseEvent
SetKeyboardState
AreDpiAwarenessContextsEqual
DrawTextExW
GetWindowDpiAwarenessContext
GetDpiForSystem
MonitorFromPoint
SetMenuInfo
GetMenuInfo
GetDC
DrawTextW
DrawIconEx
ReleaseDC
SetLayeredWindowAttributes
LoadIconW
EndPaint
BeginPaint
TrackPopupMenuEx
RemoveMenu
SetMenuItemInfoW
GetThreadDesktop
GetDpiForWindow
GetAsyncKeyState
UnhookWindowsHookEx
ReleaseCapture
SetWindowsHookExW
GetKeyState
CallNextHookEx
GetMenuItemInfoW
DestroyMenu

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

378163d6a62b058bed8f553d22bc2bd4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

ntdll

api-ms-win-core-url-l1-1-0

user32

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-stateseparation-helpers-l1-1-0

Exports

Exports

Sections

.text Size: 338KB - Virtual size: 338KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 2KB - Virtual size: 1KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 338KB - Virtual size: 338KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 19KB - Virtual size: 18KB