ScreenShot
| Created | 2021.11.11 20:23 | Machine | s1_win7_x6401 |
| Filename | twain_32.dll | ||
| Type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | afe119dd4e17891b227684f38aa25d4d | ||
| sha256 | eec41d62ab5d2e1d880b338c47a2156a5ee7e58f3448f58cc8120392ddc8c730 | ||
| ssdeep | 768:uPC0xySqWNPwcKnReqpxORBoWNOMFN5cYsFx1gAmOURksWrk/VwLtkKavNi3IJzU:uPC0xyowcklqHw9xGkLrNLtBiNR | ||
| imphash | 316cd668ed705c998eae8d3bd7bd168f | ||
| impfuzzy | 48:aOpAx9/W7+fqPQTL5ta89C5JXPwW0l5Xv+oX4sbE+MgRkj/m2TGrAmgSv6U0vpN/:bD+fqPQTL5tVI5JXPwfmlD1n | ||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| info | Checks amount of memory in system |
| info | One or more processes crashed |
| info | The file contains an unknown PE resource name possibly indicative of a packer |
| info | This executable has a PDB path |
Rules (5cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Library_Zero | Malicious_Library | binaries (upload) |
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | IsDLL | (no description) | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
msvcrt.dll
0x6621018c _chdir
0x66210190 strcpy_s
0x66210194 _getcwd
0x66210198 _errno
0x6621019c _strcmpi
0x662101a0 _chdrive
0x662101a4 strcat_s
0x662101a8 sprintf_s
0x662101ac strncpy_s
0x662101b0 _snprintf_s
0x662101b4 _purecall
0x662101b8 _ltoa
0x662101bc atol
0x662101c0 free
0x662101c4 _strnicmp
0x662101c8 _vsnwprintf
0x662101cc memcpy_s
0x662101d0 remove
0x662101d4 _read
0x662101d8 _close
0x662101dc _write
0x662101e0 _lseek
0x662101e4 _sopen
0x662101e8 _locking
0x662101ec _vsnprintf
0x662101f0 strncmp
0x662101f4 _XcptFilter
0x662101f8 _amsg_exit
0x662101fc _initterm
0x66210200 _lock
0x66210204 malloc
0x66210208 _getdrive
0x6621020c _unlock
0x66210210 __dllonexit
0x66210214 _onexit
0x66210218 _except_handler4_common
0x6621021c memcpy
0x66210220 memset
KERNEL32.dll
0x66210000 SetLastError
0x66210004 GetTickCount
0x66210008 GetSystemTimeAsFileTime
0x6621000c QueryPerformanceCounter
0x66210010 TerminateProcess
0x66210014 SetUnhandledExceptionFilter
0x66210018 UnhandledExceptionFilter
0x6621001c Sleep
0x66210020 GetTempPathA
0x66210024 IsDebuggerPresent
0x66210028 DebugBreak
0x6621002c GetModuleHandleW
0x66210030 GetProcessHeap
0x66210034 GetCurrentProcessId
0x66210038 CreateMutexExW
0x6621003c HeapAlloc
0x66210040 PowerClearRequest
0x66210044 OpenSemaphoreW
0x66210048 WaitForSingleObjectEx
0x6621004c InitOnceComplete
0x66210050 OutputDebugStringW
0x66210054 FormatMessageW
0x66210058 ReleaseMutex
0x6621005c GetCurrentThreadId
0x66210060 WaitForSingleObject
0x66210064 GetModuleHandleExW
0x66210068 ReleaseSemaphore
0x6621006c HeapFree
0x66210070 CreateSemaphoreExW
0x66210074 InitOnceBeginInitialize
0x66210078 PowerSetRequest
0x6621007c GetModuleFileNameA
0x66210080 WriteProfileStringA
0x66210084 GetCurrentProcess
0x66210088 lstrcmpiA
0x6621008c MultiByteToWideChar
0x66210090 lstrlenA
0x66210094 GlobalSize
0x66210098 GetVersion
0x6621009c GetLastError
0x662100a0 GlobalFlags
0x662100a4 GlobalAlloc
0x662100a8 GlobalFree
0x662100ac GlobalLock
0x662100b0 GlobalUnlock
0x662100b4 PowerCreateRequest
0x662100b8 CloseHandle
0x662100bc FindFirstFileA
0x662100c0 FindNextFileA
0x662100c4 FindClose
0x662100c8 GetFileAttributesA
0x662100cc GetSystemDirectoryA
0x662100d0 LoadLibraryA
0x662100d4 GetWindowsDirectoryA
0x662100d8 GetProcAddress
0x662100dc FreeLibrary
0x662100e0 GetProfileStringA
0x662100e4 GlobalHandle
0x662100e8 OpenFile
USER32.dll
0x662100f0 RegisterWindowMessageA
0x662100f4 LoadStringA
0x662100f8 SendMessageA
0x662100fc FindWindowA
0x66210100 PeekMessageA
0x66210104 DdeCmpStringHandles
0x66210108 DdeConnect
0x6621010c DdeQueryConvInfo
0x66210110 DdeClientTransaction
0x66210114 DdeDisconnect
0x66210118 DdeGetData
0x6621011c DdeGetLastError
0x66210120 DdeCreateStringHandleA
0x66210124 DdeCreateDataHandle
0x66210128 DdeUninitialize
0x6621012c DdeInitializeA
0x66210130 DdeFreeStringHandle
0x66210134 DispatchMessageA
0x66210138 TranslateMessage
0x6621013c UnhookWindowsHook
0x66210140 CallNextHookEx
0x66210144 EndDialog
0x66210148 DialogBoxParamA
0x6621014c SetFocus
0x66210150 SendDlgItemMessageA
0x66210154 SetWindowsHookA
0x66210158 GetDlgItem
0x6621015c EnableWindow
0x66210160 PostMessageA
0x66210164 IsWindow
0x66210168 CharUpperA
apphelp.dll
0x66210184 ApphelpCheckExe
api-ms-win-eventing-provider-l1-1-0.dll
0x66210170 EventRegister
0x66210174 EventWriteTransfer
0x66210178 EventSetInformation
0x6621017c EventUnregister
EAT(Export Address Table) Library
0x66209840 AboutDlgProc
0x66209360 ChooseDlgProc
0x6620b0f0 DSM_Entry
0x662099a0 InfoHook
0x66209960 WGDlgProc
msvcrt.dll
0x6621018c _chdir
0x66210190 strcpy_s
0x66210194 _getcwd
0x66210198 _errno
0x6621019c _strcmpi
0x662101a0 _chdrive
0x662101a4 strcat_s
0x662101a8 sprintf_s
0x662101ac strncpy_s
0x662101b0 _snprintf_s
0x662101b4 _purecall
0x662101b8 _ltoa
0x662101bc atol
0x662101c0 free
0x662101c4 _strnicmp
0x662101c8 _vsnwprintf
0x662101cc memcpy_s
0x662101d0 remove
0x662101d4 _read
0x662101d8 _close
0x662101dc _write
0x662101e0 _lseek
0x662101e4 _sopen
0x662101e8 _locking
0x662101ec _vsnprintf
0x662101f0 strncmp
0x662101f4 _XcptFilter
0x662101f8 _amsg_exit
0x662101fc _initterm
0x66210200 _lock
0x66210204 malloc
0x66210208 _getdrive
0x6621020c _unlock
0x66210210 __dllonexit
0x66210214 _onexit
0x66210218 _except_handler4_common
0x6621021c memcpy
0x66210220 memset
KERNEL32.dll
0x66210000 SetLastError
0x66210004 GetTickCount
0x66210008 GetSystemTimeAsFileTime
0x6621000c QueryPerformanceCounter
0x66210010 TerminateProcess
0x66210014 SetUnhandledExceptionFilter
0x66210018 UnhandledExceptionFilter
0x6621001c Sleep
0x66210020 GetTempPathA
0x66210024 IsDebuggerPresent
0x66210028 DebugBreak
0x6621002c GetModuleHandleW
0x66210030 GetProcessHeap
0x66210034 GetCurrentProcessId
0x66210038 CreateMutexExW
0x6621003c HeapAlloc
0x66210040 PowerClearRequest
0x66210044 OpenSemaphoreW
0x66210048 WaitForSingleObjectEx
0x6621004c InitOnceComplete
0x66210050 OutputDebugStringW
0x66210054 FormatMessageW
0x66210058 ReleaseMutex
0x6621005c GetCurrentThreadId
0x66210060 WaitForSingleObject
0x66210064 GetModuleHandleExW
0x66210068 ReleaseSemaphore
0x6621006c HeapFree
0x66210070 CreateSemaphoreExW
0x66210074 InitOnceBeginInitialize
0x66210078 PowerSetRequest
0x6621007c GetModuleFileNameA
0x66210080 WriteProfileStringA
0x66210084 GetCurrentProcess
0x66210088 lstrcmpiA
0x6621008c MultiByteToWideChar
0x66210090 lstrlenA
0x66210094 GlobalSize
0x66210098 GetVersion
0x6621009c GetLastError
0x662100a0 GlobalFlags
0x662100a4 GlobalAlloc
0x662100a8 GlobalFree
0x662100ac GlobalLock
0x662100b0 GlobalUnlock
0x662100b4 PowerCreateRequest
0x662100b8 CloseHandle
0x662100bc FindFirstFileA
0x662100c0 FindNextFileA
0x662100c4 FindClose
0x662100c8 GetFileAttributesA
0x662100cc GetSystemDirectoryA
0x662100d0 LoadLibraryA
0x662100d4 GetWindowsDirectoryA
0x662100d8 GetProcAddress
0x662100dc FreeLibrary
0x662100e0 GetProfileStringA
0x662100e4 GlobalHandle
0x662100e8 OpenFile
USER32.dll
0x662100f0 RegisterWindowMessageA
0x662100f4 LoadStringA
0x662100f8 SendMessageA
0x662100fc FindWindowA
0x66210100 PeekMessageA
0x66210104 DdeCmpStringHandles
0x66210108 DdeConnect
0x6621010c DdeQueryConvInfo
0x66210110 DdeClientTransaction
0x66210114 DdeDisconnect
0x66210118 DdeGetData
0x6621011c DdeGetLastError
0x66210120 DdeCreateStringHandleA
0x66210124 DdeCreateDataHandle
0x66210128 DdeUninitialize
0x6621012c DdeInitializeA
0x66210130 DdeFreeStringHandle
0x66210134 DispatchMessageA
0x66210138 TranslateMessage
0x6621013c UnhookWindowsHook
0x66210140 CallNextHookEx
0x66210144 EndDialog
0x66210148 DialogBoxParamA
0x6621014c SetFocus
0x66210150 SendDlgItemMessageA
0x66210154 SetWindowsHookA
0x66210158 GetDlgItem
0x6621015c EnableWindow
0x66210160 PostMessageA
0x66210164 IsWindow
0x66210168 CharUpperA
apphelp.dll
0x66210184 ApphelpCheckExe
api-ms-win-eventing-provider-l1-1-0.dll
0x66210170 EventRegister
0x66210174 EventWriteTransfer
0x66210178 EventSetInformation
0x6621017c EventUnregister
EAT(Export Address Table) Library
0x66209840 AboutDlgProc
0x66209360 ChooseDlgProc
0x6620b0f0 DSM_Entry
0x662099a0 InfoHook
0x66209960 WGDlgProc