Windows[.]Devices[.]HumanInterfaceDevice[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

Windows.Devices.HumanInterfaceDevice.dll
Size

151KB
MD5

89b6b006a9ab4658b1530f5a7c85c645
SHA1

c619da27a298990ffac32b41887bb0525fbdc1ac
SHA256

59c8d913385a6029fa7c662d43584ed4b39d1c38d1f65cd688ee2ade796e2f1b
SHA512

7fd9417db6698354d1b7d3b6b0a75b390806949ef4d8762607b5c7cc67783016f3703776693d5094fdd6de5862569ce22fd36b673cab1c34f21ae825d3ca4ebd
SSDEEP

3072:eqpVWg37It6QGIAA4mW0ICmgkh62yumqMhh50mtACd:eqpVZM6uPDVG62yumqMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Windows.Devices.HumanInterfaceDevice.dll

Files

Windows.Devices.HumanInterfaceDevice.dll
.dll windows:6 windows x86 arch:x86

affbb1595f7d36820fdb68337b3d0cc0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.Devices.HumanInterfaceDevice.pdb

Imports

msvcrt

memcpy
memcmp
_initterm
malloc
free
_amsg_exit
_lock
_unlock
__dllonexit
_onexit
??_V@YAXPAX@Z
realloc
_XcptFilter
_purecall
??2@YAPAXI@Z
__CxxFrameHandler3
_except_handler4_common
??3@YAXPAX@Z
memset

combase

ord9
ord5
ord12
ord10
ord32
ord8
ord6
ord14
ord7
ord34
ord15
ord16
ord11
ord22
ord33
ord13
ord17
ord2
ord23
ord20
ord21
ord19
ord18

api-ms-win-core-synch-l1-2-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitOnceInitialize
ReleaseSemaphore
InitializeSRWLock
OpenSemaphoreW
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventExW
Sleep
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForSingleObject
InitOnceExecuteOnce

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary
FreeLibraryAndExitThread
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TlsFree
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
TlsSetValue
CreateThread
TlsAlloc
OpenProcessToken
TlsGetValue
OpenProcess

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_IsIIDSupported
NdrStubCall2
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolIo
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CallbackMayRunLong
CreateThreadpoolWork
CreateThreadpoolIo
TrySubmitThreadpoolCallback
CancelThreadpoolIo
StartThreadpoolIo
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-core-io-l1-1-1

CancelIoEx
DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-2-0

GetTokenInformation

api-ms-win-core-file-l1-2-1

WriteFile
ReadFile

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-kernel32-legacy-l1-1-1

CreateSemaphoreW

user32

MsgWaitForMultipleObjectsEx
PeekMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage

hid

HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_FlushQueue

ntdll

memmove_s
_wcsicmp
swscanf_s
wcsstr
_vsnwprintf
RtlNtStatusToDosError

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef
SHCreateThreadRef
SHGetThreadRef

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-devices-query-l1-1-1

DevFreeObjectProperties
DevGetObjectProperties

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

affbb1595f7d36820fdb68337b3d0cc0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

combase

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

rpcrt4

api-ms-win-core-registry-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

user32

hid

ntdll

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-winrt-robuffer-l1-1-0

api-ms-win-devices-query-l1-1-1

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.orpc Size: 1024B - Virtual size: 619B

.data Size: 2KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 5KB

minATL Size: 512B - Virtual size: 20B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 123KB - Virtual size: 122KB

.orpc
Size: 1024B - Virtual size: 619B

.data
Size: 2KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 5KB

minATL
Size: 512B - Virtual size: 20B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB