oringo[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

oringo.dll
Size

2.0MB
MD5

287c529328ab762c81455f9be7d6f24e
SHA1

150e57fa1e7c819613054dcd4035e658de6050c4
SHA256

dc5a3c7ef53334034d9a05f9e84e73a716e054e031c544f24a745446b9bd2ad1
SHA512

59baf340bf48f19bab2a30a760fe5d748edf572bf10ce997b83e21ea86cc82c8fc603e49655291553a2fa51acb05db6e68a9c6b78712ca82619cc304a49f5f5a
SSDEEP

24576:fjP9oZmSQqPUm+wp8xcPWNY+yCbXdkZ8Ua9K/lEiqSRMUZTAhAfJQn652MOaUA:fG5wxcPWXymNUa9URqSPZTASUu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oringo.dll

Files

oringo.dll
.dll windows:6 windows x64 arch:x64

ce07ffdf884a0afee2577ee436aa8ac5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetQueuedCompletionStatusEx
SetFilePointerEx
GetConsoleOutputCP
CreateIoCompletionPort
SetFileCompletionNotificationModes
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetSystemInfo
K32GetPerformanceInfo
GlobalMemoryStatusEx
GetFileInformationByHandleEx
SwitchToThread
ReleaseSRWLockExclusive
WriteFile
PostQueuedCompletionStatus
FlushFileBuffers
SetStdHandle
HeapSize
GetStringTypeW
GetFileType
AcquireSRWLockExclusive
QueryPerformanceFrequency
QueryPerformanceCounter
HeapReAlloc
FindVolumeClose
FindNextVolumeW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
WaitForSingleObject
FlsAlloc
GetFileInformationByHandle
GetModuleHandleA
GetProcAddress
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
CreateThread
SetThreadStackGuarantee
CreateFileW
ExitProcess
GetSystemTimeAsFileTime
SetHandleInformation
GetCommandLineA
GetCPInfo
GetOEMCP
GetProcessTimes
OpenProcess
GetFullPathNameW
SetLastError
GetACP
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
IsValidCodePage
LocalFree
GetLastError
CloseHandle
GetProcessHeap
FindNextFileW
FindFirstFileExW
FindClose
GetModuleFileNameW
GetModuleHandleExW
GetDriveTypeW
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
DeviceIoControl
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
LoadLibraryExA
FreeLibrary
HeapFree
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
HeapAlloc
FindFirstVolumeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess

ws2_32

WSASocketW
shutdown
getsockopt
WSAIoctl
freeaddrinfo
WSAStartup
WSACleanup
getpeername
setsockopt
getaddrinfo
connect
closesocket
ioctlsocket
WSASend
send
bind
getsockname
WSAGetLastError
recv

ntdll

RtlNtStatusToDosError
RtlGetVersion
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtQueryInformationProcess
NtQuerySystemInformation

advapi32

CopySid
RegCloseKey
RegQueryValueExW
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
SystemFunction036
RegOpenKeyExW

crypt32

CertCloseStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertOpenStore
CertFreeCertificateContext
CertDuplicateStore
CertDuplicateCertificateContext

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
AcquireCredentialsHandleA
ApplyControlToken

user32

MessageBoxW

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter
PdhCloseQuery
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

shell32

CommandLineToArgvW

powrprof

CallNtPowerInformation

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

Exports

Exports

Java_me_oringo_Native_a
Java_me_oringo_Native_b
Java_me_oringo_Native_c
bz_internal_error

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce07ffdf884a0afee2577ee436aa8ac5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

ntdll

advapi32

crypt32

secur32

user32

pdh

shell32

powrprof

oleaut32

bcrypt

psapi

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 544KB - Virtual size: 543KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 24KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 544KB - Virtual size: 543KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 24KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 6KB - Virtual size: 6KB