55bd75a5db470de0c6a560161a4bb046f4a99134b9a0fcffd04e12632e95b828

Sharing

Copy URL Twitter E-mail

General

Target

55bd75a5db470de0c6a560161a4bb046f4a99134b9a0fcffd04e12632e95b828
Size

68KB
MD5

a98d32342f91542053f4f48cae99446c
SHA1

76d3a4e0d1c432ba02e72e8ea06fb13967cb3e3e
SHA256

55bd75a5db470de0c6a560161a4bb046f4a99134b9a0fcffd04e12632e95b828
SHA512

4046ce8d6d772ef5bca7e43ca927f325b9aadd660df9bb328afac8097471be7154d45f81809079155f4b2df787de05be474e27d8673f99d1c62d9f183130f55a
SSDEEP

1536:eAPR1q51K7EFNi072qt3e3H+m2SJQ8qp85AIlgab+ZsevK/:eAPR1IK7EFU5qtO3Hh2SL+sv/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55bd75a5db470de0c6a560161a4bb046f4a99134b9a0fcffd04e12632e95b828

Files

55bd75a5db470de0c6a560161a4bb046f4a99134b9a0fcffd04e12632e95b828
.dll windows:4 windows x86 arch:x86

31a15dfcd2010e138ac7b6af3a517396

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

erglib_dyn

pool_strsave
all_space
bigstr_aprintf
nvl_nth_value
list_iter_destroy
list_iter_next
list_iter_create
list_get
nvl_delete
nvl_destroy
nvl_insert_enum
nvl_create
nvl_value_list
list_length
rt_obj_iter_destroy
pool_alloc
rt_obj_iter_create
list_destroy
bug
store_env
list_iterate
strtrim
bytes2hexstr
bigstr_appc
nvl_duplicate
strsave
list_locate
strequal
list_sort
strzcpy
list_create
list_insert
pool_clear_alloc
bigstr_value
strupper
ergon_cat_sprintf
bigstr_setstr
pool_free
bigstr_trunc
sysdatetime100
rt_get_string
bigstr_printf
bigstr_appstr
rt_obj_iter_next

libdml_dyn

ddl_add_datatype
dml_rec_free
dml_pool_strsave
dml_read
dml_rec_bind
dml_rec_alloc
dml_sql_cmd
dml_get_db_resource
dml_any_null
dml_read_value
dml_correct_cursize
dml_remove_where
dml_print_record
dml_print_pkey
ddl_set_flags_from_nvl
ddl_type_size
dml_duplicate_view_info
dml_field_source_from_nvl
dml_sort_src_tables
dml_close_src_table_info
dml_field_set
dml_rel_get
dml_rel_open
dml_rel_close
ddl_perm_user_list
ddl_perm_user_free
ddl_grant_cmd_list
ddl_grant_cmd_free
dml_db_get
dml_ref_integrity
dml_field_get
dml_open_sql_file
dml_print_new_conn
dml_error_add
dml_global_rec
dml_field_list
ddl_substitute

oci

oparse
oexn
ocan
ologof
ofetch
ocom
oexec
oopen
orlon
oerhms
odefin
odescr
orol
obindps

nutlibc4

_iob
malloc
sprintf
atoi
fprintf
free
fputs
strchr
fgets
fclose
strcasecmp
__p__pctype
toupper
___NutIsForkingChild
_NutDisableThreadLibraryCalls
___NutAtExitStaticCDone
___NutInitTerm
___NutAtExitInitBlock
___NutAtExitRunBlock
___NutUnregisterModule
___NutProcDetachValidate
___NutPrepareOptionBlock
___NutValidateDllLoadAddress
___NutRegisterModule
___NutMarkDllMain
_except_handler3
___NutAtExitRegister

Exports

Exports

dml_oracle_init

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31a15dfcd2010e138ac7b6af3a517396

Headers

File Characteristics

Imports

erglib_dyn

libdml_dyn

oci

nutlibc4

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB