Manalyze report for 0bd6e68f3ea0dd62cd86283d86895381

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Jul-14 00:14:40
Detected languages	English - United States
Debug artifacts	twunk_32.pdb
CompanyName	Twain Working Group
FileDescription	Twain.dll Client's 32-Bit Thunking Server
FileVersion	`1,7,1,0`
InternalName	Twunk_32
OriginalFilename	Twunk_32.exe
ProductName	Twain Thunker
ProductVersion	`1,7,1,0`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Safe	VirusTotal score: 0/68 (Scanned on 2021-05-19 18:41:20)	`All the AVs think this file is safe.`

Hashes

MD5	`0bd6e68f3ea0dd62cd86283d86895381`
SHA1	`e207de5c580279ad40c89bf6f2c2d47c77efd626`
SHA256	`a18b0a31c87475be5d4dc8ab693224e24ae79f2845d788a657555cb30c59078b`
SHA3	`0a5b8294dc1bf91a325e1792310e1ebdf98aa53f2593e64fa69b0a7f72f8765a`
SSDeep	`384:0H5ihb++0q7ynxJWxseqypbjNUdZSrel3flYQ4S9uNCR0IVH7AuTFoWRSQD8RVw:0OpC0Jjq7Sreldh1uNjzyGvw6n`
Imports Hash	`b32e53d1c4f5af540b47f92e08de1e3a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2009-Jul-14 00:14:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.1`
SizeOfCode	`0x6200`
SizeOfInitializedData	`0x1600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000063E5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x1000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`6.1`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x400`
Checksum	`0x8398`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6d095974fe089d3b5f4e27854853d446`
SHA1	`d9d42eb87a794b5e0f0684750b826674a3d292a1`
SHA256	`0617cbf31f895156f8dcfd333be11966e8e0a9605fdc5943733486cb1bdfdd1d`
SHA3	`888f28883da63b107fb8e2d8bc5498180f29f7334ad6a0b38c23df21ad6839a7`
VirtualSize	`0x608e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41018`

.data

MD5	`26d2af9b5ae35538e55951b8e598e42b`
SHA1	`bccca88fcbb68c2188bffc8cdfbc86624db91ca7`
SHA256	`456853596bab8b7589e64cabac51017a7a1926314e91446f60585ee990fbf90a`
SHA3	`aa44ffc679887b60b5676f9c241de6f19dc61192fa0b08d0792993447533e49f`
VirtualSize	`0x3d0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.299051`

.rsrc

MD5	`2874701cab92e3832c610bf51147dddd`
SHA1	`0911f9459e1a2da1f8195d0ff99b6d620b566edd`
SHA256	`0e4e00dc54164e1a2eccd699c85a9e0d69c704096a29c96dd51b7825c0dda58f`
SHA3	`259f41694b12ab4bcb34b4671ee14c68efcf51b249a9053bacfea38c9141c994`
VirtualSize	`0x9d8`
VirtualAddress	`0x9000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.30797`

.reloc

MD5	`b403fce1d8f993be1a2f46bcc558e167`
SHA1	`c9964d552676585f4ea47583618b65c3f74adf18`
SHA256	`5b2e72980faf2b37cecfea3a381954d27d93c69f43df80f5f3833c78b9a00140`
SHA3	`9a682560dae3f6247a1b4f52ca6adea4d36ce3cb7632f1ad6756ad6bd6262823`
VirtualSize	`0x698`
VirtualAddress	`0xa000`
SizeOfRawData	`0x800`
PointerToRawData	`0x7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.90298`

Imports

KERNEL32.dll	`GlobalAlloc` `GlobalFree` `GlobalFlags` `GlobalLock` `GetLastError` `GlobalUnlock` `GetVersion` `lstrcmpA` `GetProcAddress` `FreeLibrary` `LoadLibraryA` `GetProfileIntA` `HeapSetInformation` `GetTempPathA` `GlobalSize` `GetCurrentProcess` `TerminateProcess` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `GetModuleHandleA` `SetUnhandledExceptionFilter` `GetStartupInfoA` `InterlockedCompareExchange` `Sleep` `InterlockedExchange` `UnhandledExceptionFilter`
GDI32.dll	`GetStockObject`
USER32.dll	`ShowWindow` `GetMessageA` `DispatchMessageA` `TranslateMessage` `PostMessageA` `RegisterWindowMessageA` `DdeCreateDataHandle` `DdeCreateStringHandleA` `DdeFreeStringHandle` `DdeGetLastError` `DdeInitializeA` `DdeUninitialize` `DdePostAdvise` `LoadIconA` `DdeCmpStringHandles` `DdeGetData` `DdeNameService` `DdeDisconnect` `PostQuitMessage` `DefWindowProcA` `ChangeMenuA` `GetSystemMenu` `CreateWindowExA` `RegisterClassA` `LoadCursorA` `PeekMessageA`
msvcrt.dll	`__getmainargs` `sprintf_s` `_exit` `_XcptFilter` `_ismbblead` `exit` `_acmdln` `_initterm` `_amsg_exit` `__setusermatherr` `__p__commode` `__p__fmode` `__set_app_type` `?terminate@@YAXXZ` `_except_handler4_common` `_controlfp` `strcpy_s` `??2@YAPAXI@Z` `remove` `_close` `strcat_s` `_write` `_locking` `_lseek` `_read` `_sopen` `_errno` `??3@YAXPAX@Z` `_cexit` `memcpy`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88398`
MD5	`8927ffdb96e062a96c39f49d126ae8ca`
SHA1	`e11a1bb1953395b1f99bf1719b22a6880ae11cb7`
SHA256	`7725307b5d207b14a0e7ed6ffd938091224ef1ba7108a23c34e78e43ff6afb4c`
SHA3	`ad1cd727426c2e550c7e39426012d33b08d4a0c636f0871ab266e4ded2b8984a`

TWUNK_ICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43155`
MD5	`9c5c85a2088f0afbd5441039b3adcb4d`
SHA1	`62de67e56540b33069860a706e9f0ba4730dc629`
SHA256	`4e72e00d32f53b887067ef24d8743023bc87cf8cbe1d22cda0a445de7edf12a5`
SHA3	`6bfcc1bb6aa71cda34b07ff578abac0d8bcfb56ca0d6756ee1a80f8f27386fc2`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2cd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.98399`
MD5	`6e5f23317fae4669baa21bb2c7827741`
SHA1	`121644703d1d7aeb037d6e56f21959bc89624427`
SHA256	`988215f764cdcae34ee1011c3785f8807d9bea29901c85240fdc4d2b2b7a3d4e`
SHA3	`11eb468fe18b37eb1f9df184ea263e708bdfa960d07e35a2c5fcc9eda4ee9f02`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.7.1.0
ProductVersion	1.7.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS` `VOS_DOS_WINDOWS16` `VOS_DOS_WINDOWS32` `VOS_OS232` `VOS_OS232_PM32` `VOS_WINCE` `VOS__PM32` `VOS__WINDOWS16`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Twain Working Group
FileDescription	Twain.dll Client's 32-Bit Thunking Server
FileVersion (#2)	1,7,1,0
InternalName	Twunk_32
OriginalFilename	Twunk_32.exe
ProductName	Twain Thunker
ProductVersion (#2)	1,7,1,0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2009-Jul-14 00:14:40
Version	`0.0`
SizeofData	`37`
AddressOfRawData	`0x3368`
PointerToRawData	`0x2768`
Referenced File	twunk_32.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1008000`
SEHandlerTable	`0x1003390`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x96bee277`
Unmarked objects	`0`
ASM objects (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`19`
Imports (VS2008 SP1 build 30729)	`9`
Total imports	`95`
C++ objects (VS2008 SP1 build 30729)	`11`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

0bd6e68f3ea0dd62cd86283d86895381

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

.reloc

Imports

Delayed Imports

1

TWUNK_ICON

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors