tinyturlang | a1501e6b14e5864bbdb4befbca52c4d588bba497f7afa45c474f24950d5a4c7d

Sharing

Copy URL Twitter E-mail

General

Target

a1501e6b14e5864bbdb4befbca52c4d588bba497f7afa45c474f24950d5a4c7d
Size

285KB
MD5

a5a5b2adbc334ae89f36ae44fc8dceca
SHA1

532e808e425e1dea719da735290a2df61c3841d3
SHA256

a1501e6b14e5864bbdb4befbca52c4d588bba497f7afa45c474f24950d5a4c7d
SHA512

1b5a5149179ce67951a1c6d10714c6032bc6a8e648d397f0d04b0812aac832999ea55a0caa35540c0d0bbd6acf4b6de5cef9b5cd5162a4e447d5909f98a7f5ca
SSDEEP

3072:Dwqo0Fa1b98zqFPh04uSox5W9jhJllihoNwXzM0/FIxqqfPt4/ONRdkxR6foY46x:DlofFZ01x5IhzkhoNwXY0/qtD1oh/

Score

10^/10

tinyturlang

Malware Config

Extracted

Family

tinyturlang

https://thefinetreats.com/wp-content/themes/twentyseventeen/rss-old.php

https://hanagram.jp/wp/wp-content/themes/hanagram/rss-old.php

Signatures

Tinyturlang family
tinyturlang

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1501e6b14e5864bbdb4befbca52c4d588bba497f7afa45c474f24950d5a4c7d

Files

a1501e6b14e5864bbdb4befbca52c4d588bba497f7afa45c474f24950d5a4c7d
.dll windows:6 windows x64 arch:x64

2240ae6f0dcbc0537836dfd9205a1f2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
SetEvent
WaitForSingleObject
CreateEventW
Sleep
TerminateProcess
CreateProcessA
PeekNamedPipe
GetVersionExW
GetLastError
HeapReAlloc
CreateFileMappingA
OpenFileMappingA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetShortPathNameA
WriteConsoleW
CreatePipe
CloseHandle
WriteFile
ReadFile
GetFileSize
GetTickCount
CreateFileA
CreateFileW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW

advapi32

RegisterServiceCtrlHandlerW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
SetServiceStatus

winhttp

WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpWriteData

Exports

Exports

ServiceMain

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

2240ae6f0dcbc0537836dfd9205a1f2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

winhttp

Exports

Exports

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 11KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 11KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB