rxgamepadremapping[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

rxgamepadremapping.dll
Size

1.4MB
MD5

56abe58e12de144476751b3540c3837f
SHA1

00f30bfbaa8637ba6e3b7a928b0ba5e86cd48056
SHA256

19b96b42b2c27e4d4868b6afc44c6fe87573b857b4829bede999c5513eec61d0
SHA512

07f292ee074dfb2d40038f68bfc8ef4c0d28fac51036a1ed85ebbc01f84d24d4aa0a2f91cbae468aa8228e9a1a85bc8b016ab4602624abbe66a10ca6369aab70
SSDEEP

24576:xFiPrytmi9f0gg530mhOg+9cIkS47trsp0b+:xFYyH98g6kmhOf9cIkSyuyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rxgamepadremapping.dll

Files

rxgamepadremapping.dll
.dll windows:6 windows x64 arch:x64

b12e441d638ca06c2244039231a36206

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\gcomp\rel\gs_04_50\src\Mjolnir\RemoteInput\rxinput\gamepadremapping\_out\win7_amd64_release\rxgamepadremapping.pdb

Imports

kernel32

GetFullPathNameW
GetModuleFileNameW
LocalAlloc
CreateFileW
GetFileAttributesW
lstrcmpA
GetSystemDirectoryW
OutputDebugStringW
FileTimeToSystemTime
LocalFree
CreateProcessW
GetModuleHandleW
FreeLibrary
SetLastError
CreateProcessA
LoadLibraryExW
CreateEventA
GetModuleHandleA
WaitForSingleObject
Sleep
SetEvent
ResetEvent
RtlCaptureStackBackTrace
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
GetModuleFileNameA
UnmapViewOfFile
VerSetConditionMask
GetProcAddress
VerifyVersionInfoA
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
DeleteCriticalSection
CreateFileMappingA
CloseHandle
GetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
VerifyVersionInfoW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
FormatMessageW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapFree
HeapAlloc
GetCurrentThread
GetStdHandle
GetFileType
GetTimeZoneInformation
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
HeapReAlloc
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
SetProcessAffinityMask
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
RtlUnwind

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

advapi32

SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueA
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegCloseKey
RegGetValueA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken

Exports

Exports

RxDetourRxInput
RxDetourRxInput2
RxDetourRxInput3
RxInitGamepadRemappingDllResources
RxInstallGamepadRemappingBridge
RxReleaseGamepadRemappingDllResources

Sections

.text
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b12e441d638ca06c2244039231a36206

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

shell32

advapi32

Exports

Exports

Sections

.text Size: 993KB - Virtual size: 993KB

.rdata Size: 294KB - Virtual size: 293KB

.data Size: 16KB - Virtual size: 29KB

.pdata Size: 61KB - Virtual size: 60KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 993KB - Virtual size: 993KB

.rdata
Size: 294KB - Virtual size: 293KB

.data
Size: 16KB - Virtual size: 29KB

.pdata
Size: 61KB - Virtual size: 60KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 7KB - Virtual size: 6KB