input.dll

  • File Path: C:\Windows\system32\input.dll
  • Description: InputSetting DLL

Hashes

Type Hash
MD5 CD719CB65135CE693C0487CD20B03FAD
SHA1 BCBD25FEC036AD47DE96569E653BCC6CBD8B1D8C
SHA256 6DB84D4B620CF72D7F8EA0C016E21404C53802377B724C1B747B33E282DE12D3
SHA384 0381644562A762B434EC6F721991CD6B9B847EF40ECC0AB85B92BBA3FBFF06F22E3CF84AB2FB41075804062A5044A095
SHA512 928412D0141C7F6C39BCE4DE5829242B9174402B1FF08C7FE6C5C7D32E6146A36EC2118D2C979BC3FD205770F6762D8C2404627014798EAF9E43740ECB0D327D
SSDEEP 6144:HX3rNqBTOWcAI1R/LtZ8ChNaJSMV/4e2VW:HXbNqBTOWcAuRzt1NA/FIW
IMP 8CD4EDD26DAF69EB6F98C19337862BC0
PESHA1 FB873D4BF2B8598CAB423666AA6FCA894D34DF92
PE256 87AB8E79F818FEC0F591CA06FEB164FCE72C1826AFF0607C5296145BE7C58EF8

DLL Exports:

Function Name Ordinal Type
InstallLayoutOrTipPrivate 117 Exported Function
InstallLayoutOrTipUserReg 109 Exported Function
InstallLayoutOrTipOffline 120 Exported Function
InputDll_DownlevelUninitialize 202 Exported Function
InstallLayoutOrTip 104 Exported Function
SaveSystemAcctInputSettings 106 Exported Function
SetDefaultLayoutOrTip 107 Exported Function
SaveDefaultUserInputSettings 105 Exported Function
QueryLayoutOrTipString 111 Exported Function
QueryLayoutOrTipStringUserReg 112 Exported Function
EnumEnabledLayoutOrTipPrivate 118 Exported Function
EnumLayoutOrTipForSetup 108 Exported Function
EnumEnabledLayoutOrTip 110 Exported Function
ActivateInputProfile 119 Exported Function
CPlApplet 100 Exported Function
InputDll_DownlevelInitialize 200 Exported Function
InputDll_DownlevelSetUILanguage 201 Exported Function
InputDll_DownlevelEnumLayoutOrTipForSetup 203 Exported Function
GetDefaultLayout 113 Exported Function
GetLayoutDescription 114 Exported Function

Signature

  • Status: Signature verified.
  • Serial: 330000026551AE1BBD005CBFBD000000000265
  • Thumbprint: E168609353F30FF2373157B4EB8CD519D07A2BFF
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Input.DLL.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/71
  • VirusTotal Link: https://www.virustotal.com/gui/file/6db84d4b620cf72d7f8ea0c016e21404c53802377b724c1b747b33e282de12d3/detection/

Possible Misuse

The following table contains possible examples of input.dll being misused. While input.dll is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_control_cve_2021_40444.yml - '\control.exe input.dll' DRL 1.0
sigma proc_creation_win_susp_control_cve_2021_40444.yml - '\control.exe" input.dll' DRL 1.0
atomic-red-team T1556.002.md | input_dll | Path to DLL to be installed and registered | Path | PathToAtomicsFolder\T1556.002\src\AtomicPasswordFilter.dll| MIT License. © 2018 Red Canary
atomic-red-team T1556.002.md $passwordFilterName = (Copy-Item “#{input_dll}” -Destination “C:\Windows\System32” -PassThru).basename MIT License. © 2018 Red Canary
atomic-red-team T1556.002.md ##### Description: AtomicPasswordFilter.dll must exist on disk at specified location (#{input_dll}) MIT License. © 2018 Red Canary
atomic-red-team T1556.002.md if (Test-Path #{input_dll}) {exit 0} else {exit 1} MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.