× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
File name: xinput1_3.dll
Detection ratio: 0 / 65
Analysis date: 2018-09-11 07:31:12 UTC ( 1 week ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20180911
AVG 20180911
AVware 20180911
Ad-Aware 20180911
AegisLab 20180911
AhnLab-V3 20180910
Antiy-AVL 20180911
Arcabit 20180911
Avast 20180911
Avast-Mobile 20180911
Avira (no cloud) 20180911
Babable 20180907
Baidu 20180910
BitDefender 20180911
Bkav 20180906
CAT-QuickHeal 20180909
CMC 20180911
ClamAV 20180911
Comodo 20180911
CrowdStrike Falcon (ML) 20180723
Cylance 20180911
Cyren 20180911
DrWeb 20180911
ESET-NOD32 20180911
Endgame 20180730
F-Prot 20180911
F-Secure 20180911
Fortinet 20180911
GData 20180911
Ikarus 20180910
Sophos ML 20180717
Jiangmin 20180911
K7AntiVirus 20180911
K7GW 20180911
Kaspersky 20180911
Kingsoft 20180911
MAX 20180911
Malwarebytes 20180911
McAfee 20180911
McAfee-GW-Edition 20180910
eScan 20180911
Microsoft 20180911
NANO-Antivirus 20180911
Palo Alto Networks (Known Signatures) 20180911
Panda 20180910
Qihoo-360 20180911
Rising 20180911
SUPERAntiSpyware 20180907
SentinelOne (Static ML) 20180830
Sophos AV 20180911
Symantec 20180911
TACHYON 20180911
Tencent 20180911
TheHacker 20180907
TrendMicro 20180911
TrendMicro-HouseCall 20180911
VBA32 20180910
VIPRE 20180911
ViRobot 20180911
Webroot 20180911
Yandex 20180910
Zillya 20180910
ZoneAlarm by Check Point 20180911
Zoner 20180910
eGambit 20180911
Cybereason 20180225
Symantec Mobile Insight 20180905
Trustlook 20180911
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® DirectX for Windows®
Original name XInput1_3.dll
Internal name XInput
File version 9.18.944.0000
Description Microsoft Common Controller API
Signature verification Signed file, verified signature
Signing date 2:53 AM 4/5/2007
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Code Signing PCA
Valid from 8:43 PM 4/4/2006
Valid to 8:53 PM 10/4/2007
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 564E01066387F26C912010D06BD78D3CF1E845AB
Serial number 61 46 9E CB 00 04 00 00 00 65
[+] Microsoft Code Signing PCA
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 6:44 PM 4/4/2006
Valid to 8:00 AM 4/26/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D07EA64088A80085F01BD40AA4EAD82F470482A6
Serial number 6A 0B 99 4F C0 00 1D AB 11 DA C4 02 A1 66 27 BA
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbprint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
Counter signers
[+] Microsoft Timestamping Service
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Timestamping PCA
Valid from 2:55 AM 9/16/2006
Valid to 3:05 AM 9/16/2011
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint A2D57D63CF331B177BE147088FEABEC7388BE01D
Serial number 61 49 7C ED 00 00 00 00 00 05
[+] Microsoft Timestamping PCA
Status The revocation status of the certificate or one of the certificates in the certificate chain is unknown.
Issuer Microsoft Root Authority
Valid from 2:04 AM 9/16/2006
Valid to 8:00 AM 9/15/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 3EA99A60058275E0ED83B892A909449F8C33B245
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
[+] Microsoft Root Authority
Status Valid
Issuer Microsoft Root Authority
Valid from 8:00 AM 1/10/1997
Valid to 8:00 AM 12/31/2020
Valid usage All
Algorithm md5RSA
Thumbrint A43489159A520F0D93D032CCAF37E7FE20A8B419
Serial number 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-04-05 01:39:01
Entry Point 0x0000801F
Number of sections 4
PE sections
Overlays
MD5 fdb99b58b481104be10c975fe7a28297
File type data
Offset 72192
Size 9576
Entropy 7.38
PE imports
TraceMessage
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryA
GetOverlappedResult
DeviceIoControl
VirtualProtect
FreeLibrary
QueryPerformanceCounter
HeapDestroy
GetTickCount
IsBadWritePtr
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
LocalAlloc
LCMapStringA
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
ExitProcess
SetFilePointer
RaiseException
CreateThread
LoadLibraryW
TlsFree
GetModuleHandleA
FlushFileBuffers
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetSystemInfo
DuplicateHandle
HeapReAlloc
GetStringTypeW
SetEvent
LocalFree
TerminateProcess
CreateEventW
InitializeCriticalSection
HeapCreate
CreateFileW
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
IsBadCodePtr
HeapAlloc
GetCurrentThreadId
IsBadReadPtr
VirtualAlloc
GetCurrentProcessId
SetLastError
LeaveCriticalSection
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
RtlUnwind
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
7.1

ImageVersion
5.2

FileSubtype
0

FileVersionNumber
9.18.944.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft Common Controller API

ImageFileCharacteristics
Executable, No line numbers, No symbols, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0x801f

OriginalFileName
XInput1_3.dll

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
9.18.944.0000

TimeStamp
2007:04:05 02:39:01+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
XInput

ProductVersion
9.18.944.0000

SubsystemVersion
4.0

OSVersion
5.2

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
61440

ProductName
Microsoft DirectX for Windows

ProductVersionNumber
9.18.944.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
ssdeep
1536:TVeqvNS6T6jxeEsU6b0xZtDDVb9X8u9JA7zitdrz/R8cy/FaeBD:TVeqvNOeFgxZ9DVVtRBy/EeD

authentihash 827ae49322964cf19374086ab3cdda92cf9413c0b02968f3eabaf2ad3dc5fd99
imphash 50f64a1d9783342119da2ac75a894235
File size 79.9 KB ( 81768 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsrl overlay signed trusted via-tor pedll

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with xinput1_3.dll as its name.
VirusTotal metadata
First submission 2009-04-04 19:20:52 UTC ( 9 years, 5 months ago )
Last submission 2018-09-04 15:25:18 UTC ( 2 weeks ago )
File names xinput1_3.dll
XInput
olddf0e.tmp
xinp1_3.dll
oldeae4.tmp
BIN_DIR_xinput1_3_dll
fil674CDA27EF1CA7F0AF65AA6DE0F1770A
seteae8.tmp
setd79.tmp
Xinput1_3_32_Dll
oldd243.tmp
Nexus.dll
fil6B2176C234D27BAFFD413B05E30108F3
XInput_dist.dll
oldbafd.tmp
setdec8.tmp
old4731.tmp
old25c9.tmp
77f595dee5ffacea72b135b1fce1312e___xinput1_3.dll
olde18.tmp
Xinput1_3.dll
old9e41.tmp
xinput13.dll
filCF86E0449FA278E557EB3FBA10F37625
fil4F8FADE7284E11B6E76FAF34324E4200
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Dirt (Codemasters)
Sid Meiers Civilization IV Gold Edition (Firaxis Games)
Lost Planet Extreme Condition (Capcom)
Bioshock (2K)
Sid Meiers Civilization IV Beyond the Sword (Firaxis Games)
Rataouille (THQ)
Two Worlds (SouthPeak Games)
World in Conflict Collectors Edition (Sierra Inc.)
Undercover Operation Wintersun (Lighthouse Interactive)
Enemy Territory Quake Wars (Id Software Inc.)
Race 07 Official WTCC Game (Simbin Studios)
Crysis (Electronic Arts Inc.)
Painkiller Overdose (DreamCatcher Interactive Inc.)
Spider-man Friend or Foe (Activision Inc.)
Petz Dogz2 (Ubisoft)
Petz Catz2 (Ubisoft)
Assault Heroes (Sierra Entertainment, Inc.)
SimCity Societies (Electronic Arts Inc.)
The Witcher (Atari)
The Golden Compass (Sega)
File names xinput1_3.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!