sqlplus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sqlplus.exe
Size

1014KB
MD5

0bcb7010ec27533dddf2b9a885966f1b
SHA1

a87d295d4ae77e60d0d7141fbc6c61f4eb917815
SHA256

89415dd9ec8bbf29da59f91078d70af418344736fe5a90d9f88bf7fe9d05d380
SHA512

00a4126b4538e389368891d3964de11ea6a546893e97177ee04e8a54c0afac864e6f8d0a5f183ca5fb78fb89e1345efcc6bc638446c46ac4eb09b57dfe046d28
SSDEEP

12288:5HhGP/4MTWhsr+sTtU60OJoGnatHYJVSat9aKb9a3nJ8:5B4/4MTosr+otbnoogHY7tEo9a3

Score

1^/10

Malware Config

Signatures

Files

sqlplus.exe
.exe windows x64

2f742c68e0a23d3c687aa8469824dd58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oci

slfpdeq
slfpfeq
lxmcpen
lxoCpDisp
lnxmin
lnxnucg
lnxnfng
slfpfmul
slfpfdiv
slfpfsub
slfpf2fs
slfpf2s
slfpdmul
slfpddiv
slfpdsub
slfpd2fs
slfpd2s
lnxmul
lnxdiv
slfpfsqrt
slfpdsqrt
lnxsqr
lstup
lxsCnvCase
lcvb24
slfpfadd
slfpdadd
lnxadd
slfpfgt
slfpdgt
lnxnur
slfpflt
slfpdlt
lxoCnvCh2Wide
lemgem
slemdsp
nigcui
lficls
lfifno
lfifpo
lxlterm
lsfcln
lpmdelete
lpmterm
lputerm
lmlterm
lxsCatStr
lxscat
lstcpn
lxsCntChar
lxoCpChar
lcv42b
lxsCpStr
lmxconp2
lmxconpar2
OCIErrorGet
lxoCnvCase
slspool
upiarc
lxoSkip
lxmdigx
upigml
upisto
lxsCnvEqui
upidbg
lsfp
vsnnum_full
upista8
lxmalpx
lxmalnx
lxhnmod
lxhnsize
lxsCntByte
lxmr2w
lxmdssln
lxmdspx
upih2o
upiopn
upicls
upiosd
upidfn
upiefn
upidpr
upidsc
SlfFopen2
OCIDescriptorFree
OCIDescriptorAlloc
OCIDateTimeConvert
OCIDateTimeToText
lxoSchPat
lxoPadStr
lxsCnvIntToNumStr
lstcprs
lfimknam
lfilini
lfiopn
SlfFclose
lnxgfs
ldxdts
lxoCnvNumStrToInt
lxmblax
lxsCnvNumStrToInt
lfidlb
lfird
lfiwr
lxoCpToOp
lxsRepStr
lfvini
lfvtyp
lxlinit
lxinitc
lxhLangEnv
lxhnamemap
lpminit
lpmloadpkg
lsfini
lmlinit
lpuinit
lfpinit
slzgetevar
lxCmpStr
nigsui
ldxsto
ldxmdsz
ldxmxsz
lxhcsn
kpusvcrh
kpusvc2hst
lxoCvChar
lxmc2wx
lstrtb
slfpdisinf
lcvb2w
OCITypeByName
OCIObjectUnpin
OCITypeTypeCode
OCITypeName
OCITypeCollElem
OCITypeCollTypeCode
OCITypeCollSize
OCITypeAttrs
OCITypeIterNew
OCITypeAttrNext
OCITypeElemName
OCITypeIterFree
OCITypeElemExtTypeCode
OCITypeElemTypeCode
OCITypeElemType
OCITypeElemLength
OCIObjectMarkDelete
OCIIterCreate
OCIIterNext
OCIIterDelete
OCIIntervalToText
OCIRefHexSize
OCIRefToHex
OCIDateToText
OCINumberToText
OCIStringSize
OCIStringPtr
OCIObjectGetAttr
OCIPStreamClose
OCIObjectFree
OCIPStreamFromXMLType2
OCIPStreamFromXMLType
OCIPStreamRead
OCIServerRelease2
OCIPIsConnectstringBEQ
OCIBindByName2
OCIBindByPos2
OCIDefineByPos2
OCIStmtGetNextResult
OCITypeElemCharSetForm
OCICollGetElem
OCIClientVersion
OCILobFileGetName
OCIStmtRelease
OCINumberToInt
OCIAnyDataAccess
OCIAnyDataGetType
OCIServerRelease
OCIEnvNlsCreate
OCIEnvCreate
OCIObjectGetTypeRef
OCIObjectPin
OCIObjectNew
OCILobFreeTemporary
OCILobIsTemporary
OCILogoff
OCILogon
OCIResultSetToStmt
OCIAttrSet
OCIAttrGet
OCIBreak
OCILobRead2
OCILobGetLength2
OCITransRollback
OCITransCommit
OCIParamGet
OCIDescribeAny
OCIStmtGetBindInfo
OCIStmtFetch2
OCIDefineObject
OCIDefineByPos
OCIStmtExecute
OCIStmtSetPieceInfo
OCIStmtGetPieceInfo
OCIBindObject
OCIBindByName
OCIBindByPos
OCIStmtPrepare2
OCIPasswordChange
OCISessionBegin
OCISessionEnd
OCIServerDetach
OCIServerAttach
OCIHandleFree
OCIHandleAlloc
OCIRawSize
OCIRawPtr
lfimkpth
lfignam
lxsCntDisp
lxmlowx
lstprintf
Slu8ToTextl
lsfmai
lmsaicmt
lmsacin
lmsacbn
lmsatrm
lxmcpbx
lxhschar
lpucompose
lxmnceq
lxwc2lx
lpuparse
lpuresolve
lxhnlangid
vsnnum
vsnpri
lxgratio
sqlrv8c
sqlcxt
sqlaldt
sqlnult
sqlfcn
sqlclut
lctbnam
sqlprct
sltln
lfifex
slfnp
slgfn
slsprom
SlfVfprintf
lfipthad
SlfFflush
lfiflu
lpuopen
lpuread
lpuclose
lpuerror
sqlglmt
slfpdisnan
slfpf2sb
slfpfisinf
slfpfisnan
lxoCmpNStr
OCILobLocatorIsInit
lnxsni
lnxn2cg
lnxsub
OCIPing
lxoCpStr
lxmfwtx
lxmfwdx
slfpd2sb
lxoWriChar
lxoCnvIntToNumStr
ldxstd
slfpfs2d
lnxfcng
slfpfs2f
lnxpflg
sldxgd
ldxsti
ldxini
lnxscng
lxhlinfo
slfps2de
lnxcpng
slfps2fe
lmsagbf
lxmspax
lxmctex
lxmopen
lxsCmpStr
lxscop
lstss
lxsulen

kernel32

EnterCriticalSection
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
LoadLibraryA
GetThreadLocale
InitializeCriticalSection
LoadLibraryExA
LeaveCriticalSection
GetModuleHandleExA
GetConsoleScreenBufferInfo
GetStdHandle
ReadConsoleInputA
ExitProcess
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
FormatMessageA
LocalFree
CloseHandle
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
RtlCaptureContext

user32

MessageBoxA

vcruntime140

__C_specific_handler
longjmp
memcpy
memchr
__intrinsic_setjmp
memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strtok_s
strcat_s
strncat
strlen
strncpy
tolower
strcspn

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
terminate
__p___argv
__p___argc
exit
signal
_initterm_e
_initterm
_c_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_cexit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_exit
_set_app_type
_seh_filter_exe
_initialize_onexit_table
perror
_errno

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_set_new_mode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_ftime64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f742c68e0a23d3c687aa8469824dd58

Headers

DLL Characteristics

File Characteristics

Imports

oci

kernel32

user32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 872KB - Virtual size: 871KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 16KB - Virtual size: 16KB

_RDATA Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 872KB - Virtual size: 871KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 16KB - Virtual size: 16KB

_RDATA
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 3KB