tinyturlang | 1[.]rsp[.]dat

Sharing

Copy URL Twitter E-mail

General

Target

1.rsp.dat
Size

285KB
MD5

0f2e9f501ca9780eff309b7022c9b01a
SHA1

e7fc80825c5b1f5d29836dde45e9314357d102a0
SHA256

d6ac21a409f35a80ba9ccfe58ae1ae32883e44ecc724e4ae8289e7465ab2cf40
SHA512

a508f303565f3cbe196c415b5b855594bd0ca0a4a0f3957952b012cde2176328063ee658bfeaa6df8163830fda565660dec3aeacfcce54d62ee0b764bea575d0
SSDEEP

3072:oMAWtPNzl5A2H0x4gVpHoam0P1RIm+qdWpwuZ/Q/loWA6cy0wUYHobphfoY46pKn:oMAz2UxPoaTRzRdWpwuZ/Q/90boh/p/

Score

10^/10

tinyturlang

Malware Config

Extracted

Family

tinyturlang

https://jeepcarlease.com/wp-includes/blocks/rss.old.php

https://caduff-sa.ch/wordpress/wp-includes/rss.old.php

Signatures

Tinyturlang family
tinyturlang

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.rsp.dat

Files

1.rsp.dat
.dll windows:6 windows x64 arch:x64

2240ae6f0dcbc0537836dfd9205a1f2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
SetEvent
WaitForSingleObject
CreateEventW
Sleep
TerminateProcess
CreateProcessA
PeekNamedPipe
GetVersionExW
GetLastError
HeapReAlloc
CreateFileMappingA
OpenFileMappingA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetShortPathNameA
WriteConsoleW
CreatePipe
CloseHandle
WriteFile
ReadFile
GetFileSize
GetTickCount
CreateFileA
CreateFileW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW

advapi32

RegisterServiceCtrlHandlerW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
SetServiceStatus

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpWriteData

Exports

Exports

ServiceMain

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2240ae6f0dcbc0537836dfd9205a1f2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

winhttp

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB