ServiceMain
General
-
Target
267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b.exe
-
Size
285KB
-
MD5
e4c356cf822cda0ca8e8161cb5bf6c39
-
SHA1
ee350f5295fc127285791b76f2a2be98d7681a91
-
SHA256
267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b
-
SHA512
65056659dd5e2cde4294632266e5ea416c26e8cab8f4b1c7139435b52a35d59affca8694bc84153b8debb42246d7e46bc49c448940ff3b9eb258049db4642b06
-
SSDEEP
3072:Dwqo0Fa1b98zqFPh04uSox5W9jhJllihoNwXzM0/FIxqqfPt4/ONRdkxR6foY46x:DlofFZ01x5IhzkhoNwXY0/qtD1oh/
Score
10/10
Malware Config
Extracted
Family
tinyturlang
C2
https://thefinetreats.com/wp-content/themes/twentyseventeen/rss-old.php
https://hanagram.jp/wp/wp-content/themes/hanagram/rss-old.php
Signatures
-
Tinyturlang family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b.exe
Files
-
267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b.exe.dll windows:6 windows x64 arch:x64
2240ae6f0dcbc0537836dfd9205a1f2b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
WaitForSingleObject
CreateEventW
Sleep
TerminateProcess
CreateProcessA
PeekNamedPipe
GetVersionExW
GetLastError
HeapReAlloc
CreateFileMappingA
OpenFileMappingA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetShortPathNameA
WriteConsoleW
CreatePipe
CloseHandle
WriteFile
ReadFile
GetFileSize
GetTickCount
CreateFileA
CreateFileW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
advapi32
RegisterServiceCtrlHandlerW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
SetServiceStatus
winhttp
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpWriteData
Exports
Exports
Sections
.text Size: 185KB - Virtual size: 184KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 244B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ