WindowsInternal[.]ComposableShell[.]Experiences[.]TextInput[.]LayoutData[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.dll
Size

1.9MB
MD5

788869569f82a0d5de07575b07ef5e74
SHA1

05fa25dcfcff8e1266919e9f72a32b8c6eae0967
SHA256

b799133c4952c6a3a11817b3a49a5dd0e5130650d95298183239d80e5196ac27
SHA512

b17cf5dc8b02b3670897703732eb875d0da829dbd018cc43ba74868cef78bc1241d937a5982d60670867f1f8402c1784a62fe766da0c1e97e05e3839de80e573
SSDEEP

12288:0siRK8Mw7AxJqusurCN8OXrRa7mNOb+INQe8YbxHtJN007cBL3mebtYymGd3GOLU:0smMwkEu2KGRSPmsqvcimLV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.dll

Files

WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.dll
.dll windows:10 windows x64 arch:x64

415942556c4175fd8ebee878d529de25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WindowsInternal.ComposableShell.Experiences.TextInput.LayoutData.pdb

Imports

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-winrt-string-l1-1-0

WindowsConcatString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-handle-l1-1-0

CloseHandle

wincorlib

?UninitializeData@Details@Platform@@YAXH@Z
?InitializeData@Details@Platform@@YAJH@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?Free@Heap@Details@Platform@@SAXPEAX@Z
??0Object@Platform@@QE$AAA@XZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?__abi_FailFast@@YAXXZ
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wtof
_o__wtoi
_o_ceilf
_o_free
_o_malloc
_o_wcstod
_o_wcstok_s
_o_wcstol
_o_wcstombs_s
__CxxFrameHandler4
__std_terminate
wcsstr
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcslen

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?toupper@?$ctype@_W@std@@QEBA_W_W@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xruntime_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ

bcp47langs

Bcp47FindClosestLanguage

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

415942556c4175fd8ebee878d529de25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-handle-l1-1-0

wincorlib

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

msvcp_win

bcp47langs

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 289KB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 41KB - Virtual size: 42KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 74KB - Virtual size: 73KB

.text
Size: 290KB - Virtual size: 289KB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 41KB - Virtual size: 42KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 74KB - Virtual size: 73KB