twain_64[.]dll[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

twain_64.dll.exe
Size

398KB
MD5

aac4141dba6328f3529b38a28f8dbb92
SHA1

e5bde7ae2fde36edcab5885cb5fbc52a905e06ea
SHA256

1e278cfe8098f3badedd5e497f36753d46d96d81edd1c5bee4fc7bc6380c26b3
SHA512

e1ffee9ac88742b764f9a7521ba7d98861e7929fc9c29a6ff772ef9da8fb9a8f3aa8f3727485891e5ca504a5de4936f76a77e017eae2b335daa400a1635bf4fc
SSDEEP

6144:ux9dr+RP7zg6kUNSfYLTSdX7JooKoRcJiE3TFdBp3Sn9sSSKr9:vRYUQfYLTUoxMRr9

Score

1^/10

Malware Config

Signatures

Files

twain_64.dll.exe
.dll windows:5 windows x64 arch:x64

0050e2be629782ee695e498cc353d014

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/01/2020, 07:05

Not After

02/01/2021, 03:42

Subject

CN=上海笑聘网络科技有限公司,O=上海笑聘网络科技有限公司,L=上海市,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0a
Signer

Actual PE Digest

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\完成\CallDll\x64\Release\twain_64.pdb

Imports

kernel32

lstrcatA
lstrcmpiA
Process32Next
CreateToolhelp32Snapshot
lstrcpyA
GetVersionExA
GetProcAddress
LoadLibraryA
GetSystemInfo
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
WaitForSingleObject
SetEvent
CreateEventA
GetWindowsDirectoryA
GetModuleFileNameA
GetCurrentProcess
GetStartupInfoA
SystemTimeToTzSpecificLocalTime
GetPrivateProfileIntA
OpenProcess
TerminateProcess
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
GetPrivateProfileStringA
GetVersion
LocalFree
FreeLibraryAndExitThread
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentDirectoryW
SetCurrentDirectoryA
Process32First
QueryDosDeviceA
lstrlenA
GetLogicalDriveStringsA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
CopyFileA
FindFirstFileA
CreateThread
CreatePipe
GetSystemDirectoryA
ReadFile
CreateProcessA
Sleep
WriteFile
PeekNamedPipe
WritePrivateProfileStringA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
GetLastError
FileTimeToSystemTime
SetFileTime
SystemTimeToFileTime
CreateFileA
FindResourceExW
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceW
GetFileAttributesA
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeW
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
CreateFileW
GetExitCodeProcess
SetStdHandle
WriteConsoleW
GetStringTypeW
GetCurrentProcessId
HeapCreate
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
LoadLibraryW
GetTimeZoneInformation
SetFilePointer
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
MoveFileA
FindFirstFileExA
GetModuleHandleW
ExitProcess
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc

user32

GetSystemMetrics

advapi32

SetNamedSecurityInfoA
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
RegCloseKey
RegEnumValueA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
CreateProcessAsUserA
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
ControlService
OpenSCManagerA
QueryServiceStatus
StartServiceA
EnumServicesStatusExA
CloseServiceHandle
OpenServiceA
LookupAccountSidA

wtsapi32

WTSEnumerateProcessesA
WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

psapi

GetProcessImageFileNameA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

gethostname
inet_ntoa
WSAStartup
gethostbyname
recv
send
accept
htons
setsockopt
sendto
socket
closesocket
listen
WSAGetLastError
bind
connect
ioctlsocket
htonl
recvfrom
ntohl
inet_addr

netapi32

NetUserEnum
NetApiBufferFree

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0050e2be629782ee695e498cc353d014

Code Sign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3cCertificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wtsapi32

psapi

userenv

ws2_32

netapi32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 2KB - Virtual size: 1KB

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

0f:05:d4:3d:46:9e:f7:4a:80:3e:0b:3c
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

69:f5:04:ea:8c:6d:2e:53:1d:47:6b:4c:95:65:97:0b:00:a4:51:0a
Signer

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 2KB - Virtual size: 1KB