orantcp12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

orantcp12.dll
Size

186KB
MD5

09038aac6d2099f06611a8c18bd5cbe3
SHA1

aad9186c11460ad59192a4a1d3f455bf3e76504a
SHA256

94552da9439326c72098abb8efb33447da5990fd12be291e477efa663ae1ffb9
SHA512

53fb5ac75b859d79dd58ed3d851e2b1cb1b209db3ca00fed2f9466b1563cf3d74118298310cc194259d050dd94fef9b2a6147ccf69fb4d12177b8e07d6db0e59
SSDEEP

3072:QNTWLnoJeRTGet6eN3KQgONlCUXEJnDoz5Tyc6NQ3kwQu0FN66pFLVJVAWDiEK:QNCnoJyCQgO7eOMsQlu6pFLVJVKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
orantcp12.dll

Files

orantcp12.dll
.dll windows:5 windows x64 arch:x64

7b2c062afb2b8c860b79fda9b5b7c771

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_1\oracle\network\bin\orantcp12.dll.pdb

Imports

oran12

sntsgasy
sntsgclm
sntseltst
ntvlser
ntacbnd2addr
ntwts
ntctst
ntvlin
ntvlpcst
ntvldl

oranl12

nlbamsg
nlpagbp
nlddwrite
nldtwrite
nldddiagctxinit
nlpagip
snlinAddrLocalhost
snlinGetNameInfo
nlnvlet
snlinGetAddrInfo
snlinAddrInList
snlinFreeAddrInfo
snlinAddrEqual
nldsfprintf
nldsflush
snlinAddrLocal
snlinGetLoopback
nlnviet
snlinAddrAny

oracore12

sltskyg
ss_mem_fre
sscoreserverflag
slzgetevar
lstmclo
lstclo
lstprintf
ss_mem_alc

orageneric12

dbgtCtrl_intEvalCtrlEvent
dbgaDmpCtxParamStructGet
dbgtGrpB_int
dbgtTrc_int
dbgtGrpE_int
dbgtWrf_int
dbgdChkEventIntV
dbgtCtrl_intEvalTraceFilters

orauts

WSAIoctl
LoadLibraryA
GetProcAddress
GetModuleHandleA
recvfrom
CloseHandle
send
recv
Sleep
WSAGetLastError
setsockopt
ioctlsocket
WSASocketA
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSACloseEvent
closesocket
WSASetLastError
GetCurrentThreadId
SleepEx
WSASend
GetLastError
connect
accept
SetEvent
WSAEnumNetworkEvents
CreateEventA
WaitForSingleObjectEx
select
sendto
WSARecv

ws2_32

__WSAFDIsSet
gethostname
listen
bind
shutdown
getsockopt
getsockname
getpeername
htonl

kernel32

GetModuleFileNameA
UnmapViewOfFile
EncodePointer
DecodePointer
GetTickCount
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA

msvcr100

memset
__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
memcpy
__C_specific_handler
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
toupper
malloc
free
_errno
_splitpath
sprintf
strtol
strcmp

Exports

Exports

nttaddrdmpcb
nttini
snttclose

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b2c062afb2b8c860b79fda9b5b7c771

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oran12

oranl12

oracore12

orageneric12

orauts

ws2_32

kernel32

advapi32

msvcr100

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 2KB - Virtual size: 2KB