c1c9db606962a52b474cd8cae80c1bed987d049df0043264a470a2a1858356da

Sharing

Copy URL Twitter E-mail

General

Target

c1c9db606962a52b474cd8cae80c1bed987d049df0043264a470a2a1858356da
Size

1.4MB
MD5

8f234da646e69adbc10746c0a6ed282b
SHA1

43ff9810cf91fcf7d708f2f32b2c3c93d8d6b777
SHA256

c1c9db606962a52b474cd8cae80c1bed987d049df0043264a470a2a1858356da
SHA512

fdc81a1a9805e91b5ae6c4622489a6b7a6510ff8ace9d2716872574de205b536626ca8f4d6d3a337038880e2a0f4b1c0e1379192f2f92d70111f3478d0b97614
SSDEEP

24576:OAE8MPdr7yGtwl1PQjibeW5MRgdJXmK7ZETZFR9gmVJP25qROR3Z:dE8wdS2wD4OeRgdJXmBTRVJXRORJ

Score

1^/10

Malware Config

Signatures

Files

c1c9db606962a52b474cd8cae80c1bed987d049df0043264a470a2a1858356da
.dll windows:10 windows x64 arch:x64

e96c9442736ba7f5da8b8b83a6b34e77

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:ad:3c:d7:94:a5:71:62:8a:c5:f6:7b:9c:5e:54:b4:b4:0d:f6:d8:b3:33:17:51:37:4c:7f:ef:71:a3:c9:90
Signer

Actual PE Digest

51:ad:3c:d7:94:a5:71:62:8a:c5:f6:7b:9c:5e:54:b4:b4:0d:f6:d8:b3:33:17:51:37:4c:7f:ef:71:a3:c9:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.UI.Input.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
abort
_errno
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-string-l1-1-0

wcscmp
iswspace

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vswprintf

ntdll

_wcsicmp
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
RtlIsMultiSessionSku
strcpy_s
RtlGetDeviceFamilyInfoEnum

microsoft.internal.frameworkudk

DCompPrivates_OpenSharedResourceHandle
Windowing_GetMonitorFromDisplayId
DCompPrivates_CreateSharedVisual
Windowing_GetDisplayIdFromMonitor
DCompPrivates_OpenAndAttachSharedTarget
DCompPrivates_SetVisualRelativeSize
Windowing_GetWindowFromWindowId
DCompPrivates_OpenSharedDCompositionObject
DCompPrivates_CreateSharedVisualHandle
AutomationExtension_IsUiaEndpointsSupported
InputPrivates_IsShellManagedHwnd
Windowing_GetWindowIdFromWindow
Theming_TryEnableHostBackdropBrush

microsoft.ui.composition.ossupport

SubscribeFeatureStateChangeNotification
GetFeatureEnabledState
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification
TerminateProcessOnMemoryExhaustion

marshal

GetLastError
SetLastError
LegacyMarshalerCreateImplicitCompositionInputSink
LegacyMarshalerCreateCompositionInputSink
LegacyMarshalerQueryCompositionInputSinkLuid
LegacyMarshalerCloseCompositionInputSink
RaiseFailFastException
RaiseException
WideCharToMultiByte

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDuplicateString
WindowsDeleteString

coremessagingxp

CoreUICallSend
CoreMsgCreateSession
CoreUICallReceive
CoreUICallCreateConversationHost
CoreUICallCreateEndpointHost
WinUIGetDispatcherQueueForCurrentThread

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerTouchInfo
GetPointerInputTransform
GetPointerDeviceRects
GetPointerInfo

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadStringA
GetModuleFileNameA
LoadLibraryExA
LoadResource
LockResource
DisableThreadLibraryCalls
SizeofResource

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
WakeAllConditionVariable

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSection
CreateEventExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateProcessW
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsGetValue
FlsAlloc
FlsFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetProcessMitigationPolicy

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
SysFreeString
SafeArrayDestroy
VariantInit
SysStringLen
GetErrorInfo
SetErrorInfo

user32

WindowFromPoint
GetCursorPos
PostMessageW
SetWindowLongW
InvalidateRect
IsZoomed
GetDesktopWindow
EnableWindow
SetActiveWindow
ScreenToClient
PtInRect
IsWindowVisible
SetLayeredWindowAttributes
IsWindowEnabled
EnumDisplaySettingsW
GetWindowLongW
GetMessageExtraInfo
EnumChildWindows
DestroyCursor
LoadCursorW
MapWindowPoints
UnionRect
GetMonitorInfoW
GetWindowRect
GetWindowThreadProcessId
GetRawInputDeviceList
CreateWindowExW
DefWindowProcW
SetWindowLongPtrW
RegisterClassExW
EvaluateProximityToRect
RegisterWindowMessageW
PeekMessageW
GetMenu
SetFocus
GetWindowLongPtrW
SetParent
SendInput
AdjustWindowRectEx
RemovePropW
GetPropW
GetForegroundWindow
GetClientRect
IsIconic
GetAncestor
SendMessageW
GetFocus
SetPropW
EvaluateProximityToPolygon
GetClassNameW
DestroyWindow
ShowWindow
ShowCursor
SetTimer
GetSystemMetrics
GetWindowTextW
MonitorFromWindow
GetKeyState
GetKeyboardState
GetMessageTime
SetWindowPos
SetWindowRgn
IsWindow
SetCursor
SetCapture
KillTimer
ReleaseCapture
TrackMouseEvent
GetMessagePos
GetAsyncKeyState

kernel32

AppPolicyGetWindowingModel
MulDiv

gdi32

CombineRgn
SetRectRgn
CreateRectRgn
DeleteObject

microsoft.inputstatemanager

InjectLiftedPointerWheelInput
InjectLiftedMouseWheelInput
LiftedDragStartAsync
EnableInputForWindowWithInProcInputHost
UnregisterWindowWithInProcInputHost
RegisterWindowWithInProcInputHost

dcomp

ord1038
DCompositionCreateDevice3

microsoft.ui.windowing.core

AttachWindowFeature
DetachWindowFeature
UnregisterWindowFeature
SetFeatureInstanceData
ContentNodeManagerCreate
GetWindowFeature
GetFeatureInstanceData
CreateMessageFilter
AddMessageRangeToFilter
DestroyMessageFilter
RegisterWindowFeature
ContentPreTranslateMessage
DefFeatureProc

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
_free_base
_calloc_base
malloc

api-ms-win-crt-math-l1-1-0

sin
sqrt
sqrtf
_finite
_fdclass
atan2
ceilf
cos
floorf
roundf
_isnan

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
InitializeDirectManipulationHookInProc
LiftedInputCapturePointerIdForDragAndDrop

Sections

.text
Size: 836KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e96c9442736ba7f5da8b8b83a6b34e77

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:afCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

51:ad:3c:d7:94:a5:71:62:8a:c5:f6:7b:9c:5e:54:b4:b4:0d:f6:d8:b3:33:17:51:37:4c:7f:ef:71:a3:c9:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

ntdll

microsoft.internal.frameworkudk

microsoft.ui.composition.ossupport

marshal

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

coremessagingxp

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

oleaut32

user32

kernel32

gdi32

microsoft.inputstatemanager

dcomp

microsoft.ui.windowing.core

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-string-l1-1-0

Exports

Exports

Sections

.text Size: 836KB - Virtual size: 833KB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 372KB - Virtual size: 370KB

.data Size: 12KB - Virtual size: 13KB

.pdata Size: 64KB - Virtual size: 61KB

.didat Size: 4KB - Virtual size: 328B

.rsrc Size: 124KB - Virtual size: 121KB

.reloc Size: 16KB - Virtual size: 15KB

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

51:ad:3c:d7:94:a5:71:62:8a:c5:f6:7b:9c:5e:54:b4:b4:0d:f6:d8:b3:33:17:51:37:4c:7f:ef:71:a3:c9:90
Signer

.text
Size: 836KB - Virtual size: 833KB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 372KB - Virtual size: 370KB

.data
Size: 12KB - Virtual size: 13KB

.pdata
Size: 64KB - Virtual size: 61KB

.didat
Size: 4KB - Virtual size: 328B

.rsrc
Size: 124KB - Virtual size: 121KB

.reloc
Size: 16KB - Virtual size: 15KB