1b1f62d28606fb3a97a9e70efd9769dcc334bedd3536a5fde91c58399a4cd79e

Sharing

Copy URL Twitter E-mail

General

Target

1b1f62d28606fb3a97a9e70efd9769dcc334bedd3536a5fde91c58399a4cd79e
Size

576KB
MD5

09501eeb964439458061537b796cb410
SHA1

21502c6b7f7d91a2b7b064bffccd27aa32c25a54
SHA256

1b1f62d28606fb3a97a9e70efd9769dcc334bedd3536a5fde91c58399a4cd79e
SHA512

10a3a410e65b24695c7eec254cb4c8e3d5c8f95dbb27f532e5165862a914375fa1a7fd548e4f1d2235e7288e887aeb94e43bfd94004fbb917155726f4012a9ac
SSDEEP

12288:rqjabOdbGxvm5LbzJavxEir+y65uiIZt+rvsPkiI5Oj6FZC9Z5ft30C5aiuh1l5r:yErLiyIgtV5aNlblkQDQDoliTiWkgtJW

Score

N/A

Malware Config

Signatures

Files

1b1f62d28606fb3a97a9e70efd9769dcc334bedd3536a5fde91c58399a4cd79e
.exe windows x86

ebeb5266f68114cf2e10b6b6a25d7ca6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oraons

ons_one_time_publish
ons_notification_create
ons_publisher_close
ons_publisher_create
ons_init
ons_publisher_publish

orahasgen11

scls_pid_get_parent
scls_iddb_compare_user_id
clsz_getnodenm
clscanswer
clscgetaddr
clse_set_oracle_home
cls_thrIMxunlock
cls_thrIMxlock
clscselect
clsutcpbase
scls_idq_get_user_id
clsp_readStdin
clsslsunlock
cls_thrInitctx
clshinit
clscterm
clsgGet
clscinit
clsdterm
cls_thrCvtbroadcast
scls_process_get_output
scls_process_spawn
crs_qstat
crs_qstat_init
crs_qstat_qsize
clscrs_init_api
clscrs_ctxsize
scls_pid_to_string
scls_pid_get_self
crs_qstat_term
scls_meta_ctx_init
scls_meta_ctx_destroy
clscrs_term
scls_idq_get_user_name
clssnshostbynodename
scls_meta_query_size
scls_meta_init
clsslsmutexlock
clscrs_reslist_destroy
clscrs_reslist_next
clscrs_res_get_op_status
clscrs_res_get_name
clscrs_reslist_first
clscrs_register_resource
clscrs_res_set_attr
clscrs_reslist_append
clscrs_res_create
clscrs_reslist_create
scls_clua_leave
scls_clua_join
scls_clua_delete
scls_clua_create
scls_clua_support
scls_filelist_close
scls_filelist_getentry
scls_filelist_open
clsugetconf
clssgsgrpstat
clssgsregnodegrp
clssnsqanum
scls_process_close_output
clssnshostbynodenum
clssnsqname
clsssinit
clsssterm
clscconnect
clscdisc
clsclisten
clscugblmterm
clscugblmini
clscserverthrds
clsp_readText
clsuhost
clsp_writeText
clscreceive
cls_thrCvtwait
clscsend
cls_thrMxd
cls_thrCvtdestroy
cls_thrMxunlock
cls_thrCvtsignal
cls_thrMxlock
cls_thrMxinit
cls_thrCvtinit
clssgsdereg
clssgsreg
clssnsqlnum
clssgspubdata
clssgsqgrp
clsssattrib
clsdset_trcperm
clsdset_logperm
clsdcompreg
clsdinit
crswconfig
clscrs_stop_resource
cls_thrSpawn
cls_thrDestroyid
cls_thrFormatId
cls_thrGetid
cls_thrInitid
clsdprintft
clsdgetcompid
clsp_getFile
clsp_addToPath
clse_close
clse_get_crs_home
clse_get_oracle_home
clse_init
clscrs_env_delete
clscrs_start_resource
clscrs_env_set
clscrs_env_create
scls_process_join

oraocr11

procr_open_key
procr_terminate
procr_init_ext
procr_close_key
procr_get_value

oraclient11

OCITransCommit
OCIAQDeqArray
OCIAttrSet
OCIDescriptorAlloc
OCIDescriptorFree
OCIErrorGet
OCIBreak
OCIHandleFree
OCIHandleAlloc

orageneric11

OCIStringSize
OCITypeByName
skgpinit
skgpreset
skgmsmr_op
skgpalive
skgpmaterialize
skgpdematerialize
OCIStringPtr

oranls11

lxinitc
lxhLangEnv
lxlterm
lmsaicmt
lxlinit
lmsacin
lmsacbn
lmsagbcmt
lxldfcb
lxldini
lxdobl
lxzinit
lmsatrm

oracore11

lempbas
lemptfr
lempbar
lemptfs
lemfri
lbivand
lbivnot
lbivxor
lbivffs
lemdec
lemged
lempfrec
lemfaf
lemfaa
lembem
lemces
slemdsp
slosDep2String
ss_mem_cal
ss_mem_ral
lempftec
lstlo
LhtStrEndIter
LhtStrYield
LhtStrBeginIter
LhtStrRemove
LhtStrInsert
LhtStrDestroy
LhtStrCreate
sltstiddestroy
sltstidinit
sltsttr
sltspcwait
sltspcbroadcast
slzexit
sltspcsignal
sltspin
sltspsdestroy
sltspcdestroy
sltspcinit
sltspsinit
sltspspost
sltspswait
sltspctimewait
lsfp
sltrgatime64
slzprintf
ss_mem_alc
lpmprinit
lmmtophp
lmmhpsz
lmmmalloc
lmmhpinit
sltsini
sltsmxi
sltsthndinit
lpmloadpkg
lsfini
sltsmxd
sltster
lmmfree
lmmhpfree
lpmprterm
lsfcln
sltsthnddestroy
ss_mem_fre
sltsmna
sltsmnr
slzsetevar
slcgems
sltrusleep
lstprintf
lstclo
slzgetevar
ldxbegin
sldxgd
ldxsto
ldxdts
lfimkpth
lfipthad
lfimknam
lfigfn
lfifex
lfifno
lfifpo
lfiopn
lficls
lfifini
lfird
lfiwr
sltstjn
sltstcl
sltstspawn
slosDep2Mesg

oradbcfg11

prsr_get_srv_instances
prsr_free_domain
prsr_get_domain
prsr_get_node_instance_name
prsr_get_service_taf_policy
prsr_get_asm_enabled
prsr_get_service_enabled
prsr_get_service_instance_enabled
prsr_get_instance_enabled
prsr_get_db_enabled
prsr_release_asm_config
prsr_fetch_asm_config
prsr_init_ext
prsr_terminate
prsr_release_nodeapps_config
prsr_release_db_list
prsr_release_db_config
prsr_fetch_db_config
prsr_list_db
prsr_fetch_nodeapps_config
prsr_release_srv_instances

orauts

LoadLibraryA
Sleep
GetCurrentThreadId

kernel32

GetSystemTimeAsFileTime
GetTickCount
FormatMessageA
GetThreadLocale
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter

msvcr80

_strdup
_lseek
_close
_unlink
_fdopen
_putenv
_localtime64
_time64
exit
strftime
printf
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
fflush
vsprintf
_open
_read
_setmode
_write
fopen
fgets
fclose
perror
fgetc
isalnum
isprint
isspace
strtoul
_setjmp3
sprintf
memmove
memcmp
_wassert
_mktime64
_gmtime64
_difftime64
__iob_func
fprintf
toupper
sscanf
_vsnprintf
strstr
strrchr
strncpy
isdigit
strtok
strncmp
strchr
atoi
strcmp
strcat
strcpy
getenv
malloc
memcpy
memset
strlen
_stat64i32
_mkdir
_errno
strerror

ws2_32

gethostbyaddr
gethostbyname
inet_addr
htons
ntohl
htonl

orasql11

SQLSvcCtxGet
sqlglmt
sqlcxt
SQLEnvGet

oran11

nlstdgo
nlstdstp
nlstdgg

Sections

.text
Size: 404KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebeb5266f68114cf2e10b6b6a25d7ca6

Headers

File Characteristics

Imports

oraons

orahasgen11

oraocr11

oraclient11

orageneric11

oranls11

oracore11

oradbcfg11

orauts

kernel32

msvcr80

ws2_32

orasql11

oran11

Sections

.text Size: 404KB - Virtual size: 402KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 404KB - Virtual size: 402KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 80KB - Virtual size: 80KB