input.dll

  • File Path: C:\Windows\SysWOW64\input.dll
  • Description: InputSetting DLL

Hashes

Type Hash
MD5 3B825E65B5F2BEE3BE709DB16E250026
SHA1 8D6A585E226A78CE420F62E8A11A7A6DA5AC00C7
SHA256 E8854A34100DC21735B729379295EE99A34B941C2BB787502828C05F383FB385
SHA384 562EA683E7D5BEDF7148735787F0A32AA9771D978FE69B54EBFEDE8BA3157629B4AB0B4263C25EF29A758130E694B5C1
SHA512 3C3EAC41C7B69406E2FD31D4F2E702318C95BD94F7E0F8BC5F3E95F24FEC25856D1EF9BD75F925C68F74BA79E1D96485D80F527D030A80AD3E8F44B4AFCC0B98
SSDEEP 3072:hBktdxuhMBmfQgn0W+T0uESZ0+W4kRwxSHRv6cyqWp8vv+YAcreVgrAYARdWGkDT:hyt6dlvuEVNl6cyqlv+YAFSTaO2VVfE
IMP 385E89A57B719E4C6CF9A253895389F2
PESHA1 C243011DA6808EDD1A253EA4B3BEFD8046C68BCF
PE256 7326BF041ECAD2807BE70C7B229F74610C2A6950B205751CA224B128DC57956A

DLL Exports:

Function Name Ordinal Type
InstallLayoutOrTipPrivate 117 Exported Function
InstallLayoutOrTipUserReg 109 Exported Function
InstallLayoutOrTipOffline 120 Exported Function
InputDll_DownlevelUninitialize 202 Exported Function
InstallLayoutOrTip 104 Exported Function
SaveSystemAcctInputSettings 106 Exported Function
SetDefaultLayoutOrTip 107 Exported Function
SaveDefaultUserInputSettings 105 Exported Function
QueryLayoutOrTipString 111 Exported Function
QueryLayoutOrTipStringUserReg 112 Exported Function
EnumEnabledLayoutOrTipPrivate 118 Exported Function
EnumLayoutOrTipForSetup 108 Exported Function
EnumEnabledLayoutOrTip 110 Exported Function
ActivateInputProfile 119 Exported Function
CPlApplet 100 Exported Function
InputDll_DownlevelInitialize 200 Exported Function
InputDll_DownlevelSetUILanguage 201 Exported Function
InputDll_DownlevelEnumLayoutOrTipForSetup 203 Exported Function
GetDefaultLayout 113 Exported Function
GetLayoutDescription 114 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Input.DLL
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/e8854a34100dc21735b729379295ee99a34b941c2bb787502828c05f383fb385/detection/

Possible Misuse

The following table contains possible examples of input.dll being misused. While input.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_control_cve_2021_40444.yml - '\control.exe input.dll' DRL 1.0
sigma proc_creation_win_susp_control_cve_2021_40444.yml - '\control.exe" input.dll' DRL 1.0
atomic-red-team T1556.002.md | input_dll | Path to DLL to be installed and registered | Path | PathToAtomicsFolder\T1556.002\src\AtomicPasswordFilter.dll| MIT License. © 2018 Red Canary
atomic-red-team T1556.002.md $passwordFilterName = (Copy-Item “#{input_dll}” -Destination “C:\Windows\System32” -PassThru).basename MIT License. © 2018 Red Canary
atomic-red-team T1556.002.md ##### Description: AtomicPasswordFilter.dll must exist on disk at specified location (#{input_dll}) MIT License. © 2018 Red Canary
atomic-red-team T1556.002.md if (Test-Path #{input_dll}) {exit 0} else {exit 1} MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.