orasql12[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

orasql12.dll
Size

303KB
MD5

14c0e517e3918fb3d1e923775a17d41b
SHA1

7af7d126a7b3be425d7c17327f86cc53377534ae
SHA256

a5c172324dda6f0ffedb6a72c691149d51fb5b26c3ceef959829b20c3d1ebfea
SHA512

852defc85313f509ca89e59b03b8dfe409207e1ac87d9882a47201bf906cf59cf69e7e8ffd6713542ce31dd4807d282ea7b7a7a3149df731a4f07570f02ef862
SSDEEP

6144:JtGv1rvpNODxXe/Aqp3hcX4RnzB0S0L03gkmyi5rYEVwx:Jm1rvpNODAA03KXQzfT3gkmyTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
orasql12.dll

Files

orasql12.dll
.dll windows:5 windows x64 arch:x64

4068e343e64c3e089d9d81c3f644a1d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_956679\oracle\precomp\bin\orasql12.dll.pdb

Imports

oci

lxmopen
lxoWriChar
lxmblax
lxoCpChar
lxmfwdx
lxoSkip
upifcn
kpusvc2hst
OCIStmtGetBindInfo
upigbp
upihmi
upidsc
OCIDescriptorFree
lxnpdp
lmsagbf
upih2o
OCIServerAttach
upigml
lxsCntChar
lxsCpToWide
lxsCpFrWide
lxmcpen
lxoSchPat
OCITransRollback
OCIConnectionPoolCreate
OCIAttrSet
OCISessionBegin
OCIPasswordChange
upilem
lxsCpStr
OCIRefAssign
OCINumberToReal
OCIIntervalToText
OCIDateTimeToText
OCIDateToText
OCIDateAssign
OCINumberFromReal
OCIStringSize
OCIStringPtr
OCIStringAssign
OCILobLocatorAssign
OCICollAssign
OCINumberAssign
OCINumberToInt
OCIIntervalFromText
OCIDateTimeFromText
OCIDateFromText
OCIStringAssignText
OCINumberFromInt
lxsCmpStr
OCIObjectPinTable
OCIObjectNew
OCIObjectGetInd
OCIObjectGetObjectRef
OCIObjectArrayPin
OCIObjectUnpin
OCIObjectMarkDelete
OCIObjectMarkUpdate
OCIDescribeAny
OCIObjectFlush
upiosq
upiosd
upirol
slpdln
slbtpd
lcvb24
slpdtb
lcv42b
lxsCnvSimple
sltsini
sltsmxi
sltster
upiico
lmtrand
OCIObjectPin
OCIErrorGet
sltsmxd
OCIConnectionPoolDestroy
ociepgoe
OCIStmtFetch2
kpumfs
OCIDescriptorAlloc
OCITypeCollTypeCode
lmsatrm
lxlterm
lxldfcb
lxwblax
lxsCntByte
lxmcpbx
lxsCnvEqui
upicls
upiopn
OCIBindArrayOfStruct
upibpps
upibnchr
OCIBindDynamic
OCIBindObject
upibadt
upidfps
OCIDefineArrayOfStruct
upidnchr
OCIDefineObject
upidadt
upiefn
upifch
upiexn
lxhci2h
lxhnsize
lxCmpStr
lxhname2id
lxhid2name
kpurpc
OCIObjectFree
OCILobAppend
OCILobFileClose
OCILobClose
OCILobCopy
OCILobCreateTemporary
OCILobEnableBuffering
OCILobDisableBuffering
OCILobErase
OCILobFileCloseAll
OCILobFileOpen
OCILobOpen
OCILobFileSetName
OCILobFlushBuffer
OCILobFreeTemporary
OCILobLoadFromFile
OCILobRead
OCILobTrim
OCILobWriteAppend
OCILobWrite
OCILobGetChunkSize
OCILobFileGetName
OCILobFileExists
OCILobFileIsOpen
OCILobIsOpen
OCILobIsTemporary
OCILobGetLength
OCICollSize
OCITableSize
OCITableNext
OCICollGetElem
OCIObjectCopy
OCICollTrim
OCICollAppend
kptrgetv
kptrget
kptrput
kptrputv
OCITypeVTInsert
lxhnlangid
sltsmnr
OCITypeVTInit
OCIHandleAlloc
OCIEnvInit
OCIInitialize
sltsmna
OCIDefineByPos2
OCIBindByPos
OCIStmtPrepare2
OCIStmtExecute
OCIStmtPrepare
OCIStmtRelease
lxsulen
OCIHandleFree
OCIServerDetach
OCISessionEnd
kpusvcrh
upicom
OCITransCommit
lstmclo
OCIParamGet
sltsmnt
upiad2
upiad1
upiab2
kpugc
upiab3
lcvb2w
lmsaicmt
lxhcsn
lxhLangEnv
lxinitc
lxlinit
lxldini
ocieperr
ociepmsg
OCITypeTypeCode
OCIAttrGet

kernel32

RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetThreadLocale
FormatMessageA
IsBadReadPtr
TlsAlloc
TlsSetValue
LocalAlloc
TlsFree
LocalFree
TlsGetValue
RtlLookupFunctionEntry

msvcr100

__crt_debugger_hook
_errno
_snprintf
fputs
__iob_func
strcpy
strtod
fprintf
strncmp
sprintf
strncpy
abs
memcpy
calloc
printf
realloc
free
malloc
strlen
memset

Exports

Exports

DSNTIAR
ORASQL8
SQLAB1
SQLAD1
SQLADR
SQLADRCR
SQLADRVC
SQLALD
SQLALDT
SQLBEX
SQLBS1
SQLBXT
SQLCDA
SQLCOLPROP
SQLCUR
SQLEnvGet
SQLExtProcError
SQLGB1
SQLGD1
SQLGLM
SQLGLMT
SQLGLS
SQLGLST
SQLGRI
SQLGS2
SQLGSS
SQLGSST
SQLLD2
SQLLDA
SQLLEN
SQLLIB17
SQLLIB18
SQLLIB19
SQLLIB80
SQLLIB81
SQLLO1
SQLMOV
SQLNUL
SQLNULT
SQLORA
SQLOS1
SQLPCS
SQLPR2
SQLPR2T
SQLPRC
SQLPRCT
SQLRCXGet
SQLROWIDGET
SQLRowidGet
SQLSTRD
SQLSvcCtxGet
SQLVCP
dsntiar
sqgctx
sqgrct
sqlOCIErrorGet
sqlOCIMemCheck
sqlab1
sqlab2
sqlad1
sqlad2
sqladr
sqladrcr
sqladrvc
sqlalc
sqlald
sqlaldt
sqlbcc
sqlbs1
sqlbs2
sqlbuf
sqlbuft
sqlbxt
sqlccl
sqlcda
sqlcdat
sqlcex
sqlcin
sqlcln
sqlcls
sqlclu
sqlclut
sqlcolprop
sqlcom
sqlcps
sqlcte
sqlcucAllocate
sqlcucFree
sqlcur
sqlcurt
sqlcxt
sqldsnt
sqlexp
sqlfcc
sqlfch
sqlfcn
sqlfre
sqlfv8c
sqlgb1
sqlgb2
sqlgd1
sqlgd2
sqlghp
sqlglm
sqlglmt
sqlgls
sqlglst
sqlgri
sqlgs2
sqlgs2t
sqlgss
sqlgsst
sqliap
sqllamgetcphandle
sqllamgetenv
sqlld2
sqlld2t
sqllda
sqlldat
sqllen
sqllo1
sqlmov
sqlnFetchError
sqlna2c
sqlncre
sqlndel
sqlndrf
sqlnesm
sqlnfls
sqlnget
sqlnn2o
sqlno2n
sqlnrls
sqlnset
sqlnul
sqlnult
sqlnupd
sqloca
sqloer
sqloew
sqlofftb
sqlopn
sqlora
sqlorat
sqlos1
sqlosq
sqlpcs
sqlpr2
sqlpr2t
sqlprc
sqlprct
sqlrcn
sqlrcxp
sqlret
sqlrog
sqlrol
sqlros
sqlrv8c
sqls2u
sqlsc2
sqlsca
sqlsqs
sqlstrd
sqlstrdt
sqltem
sqltex
sqltfl
sqltoc
sqlu2s
sqlvcp
sqlvcpt
sqlxadh
sqlxads
sqlxafr
sqlxal
sqlxansi
sqlxarc
sqlxass
sqlxcac
sqlxdh
sqlxds
sqlxfr
sqlxrc
sqlxrcb
sqlxss
sssqluga

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4068e343e64c3e089d9d81c3f644a1d2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oci

kernel32

msvcr100

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 213KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.trace Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 213KB - Virtual size: 213KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.trace
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 5KB - Virtual size: 5KB