twist[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

twist.dll
Size

1.9MB
MD5

33fe5e2d127a35797c7086a0d1ff1102
SHA1

b6c6a5396a23b1aee2e5bac94eff70822f59b125
SHA256

714944899f2b0fe6496ac15359ba90fb9d9891a84111fc7dc3cd5b1093b17347
SHA512

7882fbb011fe4c0ca12491d2cde92090a512944d6eebbeedc10e05bde07bdd87359b1c28941b50b6bebc5416215931e67e178fe2ee7e6013d9d58a5fae459930
SSDEEP

24576:2g7GfSjvBt2ptVDe6jKBNu9+oyOjTCXM79Keh6ykUEPP3:2g7OSNkw7CEoyuuXmUehjkUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
twist.dll

Files

twist.dll
.dll windows:6 windows x64 arch:x64

b0df4c59b8afecb01da38a983b93910d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_28\shadowplay2\mux\remux\win7_amd64_release\NvRemux64.pdb

Imports

shell32

SHGetKnownFolderPath
SHGetPropertyStoreFromParsingName
SHGetFolderPathW

ole32

PropVariantClear
CoTaskMemFree
CoUninitialize
CoInitializeEx

oleaut32

VariantChangeType
SysFreeString
SetErrorInfo
CreateErrorInfo
VariantClear
GetErrorInfo
VariantInit
SysAllocString

advapi32

SetThreadToken
SetEntriesInAclW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameW
GetUserNameA
SetSecurityDescriptorDacl
RevertToSelf
InitializeSecurityDescriptor
ImpersonateSelf
GetSecurityDescriptorDacl
FreeSid
CreateWellKnownSid
CreateRestrictedToken
AllocateAndInitializeSid
OpenThreadToken

user32

UnregisterClassW
PostThreadMessageW
wsprintfW

kernel32

FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapReAlloc
GetTimeZoneInformation
HeapSize
SetStdHandle
SetEndOfFile
CreateEventW
FindClose
ReadConsoleW
SetFilePointerEx
GetConsoleMode
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
CloseHandle
GetLastError
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
VerifyVersionInfoW
GetVolumeInformationA
OutputDebugStringW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
Sleep
DeleteFileW
GetFileSizeEx
GetFinalPathNameByHandleW
WriteFile
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLocalTime
CopyFileW
MoveFileExW
WideCharToMultiByte
GetSystemTime
SetEvent
ResetEvent
WaitForSingleObject
RtlUnwind
CreateThread
GetThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetTickCount
WaitForMultipleObjects
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
HeapAlloc
SetConsoleCtrlHandler

Exports

Exports

CreateInstance

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 437B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0df4c59b8afecb01da38a983b93910d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

ole32

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 393KB - Virtual size: 392KB

.data Size: 13KB - Virtual size: 38KB

.pdata Size: 52KB - Virtual size: 51KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

_RDATA Size: 512B - Virtual size: 437B

.rsrc Size: 246KB - Virtual size: 245KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 393KB - Virtual size: 392KB

.data
Size: 13KB - Virtual size: 38KB

.pdata
Size: 52KB - Virtual size: 51KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

_RDATA
Size: 512B - Virtual size: 437B

.rsrc
Size: 246KB - Virtual size: 245KB

.reloc
Size: 10KB - Virtual size: 9KB