oraplp12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

oraplp12.dll
Size

4.0MB
MD5

0fdaad1faa21ae750c8ca2432e38c65d
SHA1

e4f65d3bdef8089e8fb6a9486fdac19f06fed5ec
SHA256

4aeb6f1b7d23f71b489d5013b55500ecbfa2b52883b6163fa286e97081ccbf8a
SHA512

a7ce3331c39dc5bd3aa2a6eb5866b5b9c485503d7a0386d26dac648734cd32977c3d80842ce010225f93372170e8990957b3cae4869aa59107136bf89b8ad9f5
SSDEEP

49152:lfw67zqZQ0VVw6Co8JQ6m/xDbu+i0psSUXGN4htvJV5TgeujrXIH6/TB2XCqgGp9:Np2ZyIrUAIH3M2tYWUcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oraplp12.dll

Files

oraplp12.dll
.dll windows:5 windows x64 arch:x64

2339e4a4fdf4c900afeb87b4576a7ffc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_956679\oracle\plsql\bin\oraplp12.dll.pdb

Imports

oracore12

slfpfcoerce
slfpdcoerce
lnxmin
sLdiGetDate
LdiDateToString
lnxchk
LdiInterToString
LdiParseForInput
lstlo
lstclo
lstmclo
LdiDateDateSubtract
lcvb24
lstmup
lnxcpng
lnxnucg
lnxmul
lnxsni
lnxneg
lnxrou
lnxdiv
lnxsub
lnxmod
lnxinc
lnxsgn
lstss

oranls12

lxhlinfo
lxsulen
lxhnmap
lxhnlsdata
lmsaicmt
lmsacin
lmsacbn
lxTrnNameToID
lmsatrm
lmsagbf
lxhcsn
lxhnmod
lxhasc
lxsCnvIntToNumStr
lxhnamemap
lxsCnvNumStrToInt
lxmcpen
lxmfwdx
lxsCpStr
lxsCmpStr
lxhnsize
lxhLangEnv
lxXmlGEntEsc2
lxXmlIdConv
lxsVldStr
lxhLaToId
lxhname2id
lxhtn2h
lxsCnvSimple
lxhdab2f_f2ab
lxhdab2f
lxsCntChar
lxgratio
lxgcnv
lxhchtoid
lxTransliteration
lxgXmlConv

oraclient12

OCIErrorGet

orageneric12

kghfrf
kgeasnmierr
nhpGetOracleError
nhpGetHTTPIOClientError
nhpGetLastResponse
kgerec0
kgerec1
kgasct_connect_tcp
kgasra_recv_avail
kgasr_recv
kgass_send
kgasf_flush
kgasc_close
nhpReqEnd
nhpRespEnd
nhpDestroyRequestContext
nhpTerm
nhpInit
nhpSetServerCertCheck
nhpReleaseProcMem
nhpSetProxy
nhpGetProxy
nhpSetCookieSupport
nhpGetCookieSupport
nhpPersistConnUpdateCtx
nhpSetPersistConnSupport
nhpGetPersistConnSupport
nhpSetBodyCharset
nhpGetBodyCharset
nhpSetFollowRedirect
nhpGetFollowRedirect
nhpSetRespErrorCheck
nhpGetRespErrorCheck
nhpSetWallet
nhpGetWallet
nhpSetTransferTimeout
nhpGetTransferTimeout
nhpSetContentEncSupport
nhpGetContentEncSupport
kgemem1
kgemem0
nhpCreateRequestContext
nhpReqGetRequestContext
nhpRespGetRequestContext
nhpReqBegin
nhpReqUpdateCtx
nhpReqSetProperty
nhpReqSetHeader
nhpReqSetAuthFromWallet
nhpReqSetAuthentication
nhpReqSetCookieSupport
nhpReqSetFollowRedirect
nhpReqSetPersistConnSupport
nhpReqSetBodyCharset
nhpReqSetTransferTimeout
nhpReqSetContentEncSupport
nhpReqSetRespErrorCheck
nhpReqGetOutput
nboWriteBinary
nboWriteText
nboWriteLine
nhpRespGet
nhpRespSetBodyCharset
nhpRespUpdateCtx
nhpRespGetHeaderCount
nhpRespGetHeader
nhpRespGetHeaderByName
nhpRespGetAuthentication
nhpRespGetInput
nbiReadBinary
nbiReadText
nbiReadLine
nhpCookieCount
nhpCookieFirst
nhpCookieNext
nhpCookieAdd
nhpCookieClear
nhpPersistConnCount
nhpPersistConnFirst
nhpPersistConnNext
nhpPersistConnClose
kgghstcrt
kgghstfel_wfp
kgghstgnel_wfp
kgghstine_wfp
OCIStringAssignText
OCICollAppend
OCIObjectFree
OCICollSize
skge_sign_fr
kge_reuse_guard_fr
kge_push_guard_fr
kge_pop_guard_fr
kgesic2
kgersel
kgekeep
slghst
kgasgng_get_npd_global
OCINumberFromInt
OCICollAssignElem
OCICollGetElem
nbioGetSSLError
nbioEndSSLConn
nbiDestroy
nboDestroy
nbioSSLTerm
nbioSSLReleaseProcMem
nbiCreate
nboCreate
nbiSetTrace
nboSetTrace
nbioBeginSSLConn
nbioGetSSLInput
nbioGetSSLOutput
nbioSSLInit
nbiAvailable
nboFlush
pmucase
pmucsiz
pmucitini
pmucitnxt
kgemem2
kgerec2
nbioGetCSID
kghgrw
kgesin
kglpin
kgebse
kgesecl0
kgimfr
kgimal
kgccinit
kgcdend
kgcddo
kgcdinit
kgccend
kgccdo
kglchk1
kghalf

orasnls12

lxkInstr
lxkSubstr

oranl12

snlinFreeAddrInfo
snlinGetNameInfo
snlinGetAddrInfo

orapls12

ptp_s4
ptp_s2
ptp_pt
ptgetx
ptgend
ptgeu4
ptgeu2
ptgeu1
ptges4
ptges2
ptgept
ociepmsg
ociepgoe
ociepvagt
ptp_tx
ociepvaga
peipro
pegnichar
pisodb
pisonu
peginu
pisrraw
pisofl
pegifl
pegidb
pes_dummy
pesist
pesupp
peslow
pesasc
pesastr
pesustr
peschr
pesicp
peslpd
pesrpd
pesrep
pesltr
pesrtr
peslik
pesli2
pesmod
pesflo
pescei
pessqt
pessgn
pescos
pessin
pestan
pescsh
ptg_pt
pestnh
pesexp
pesln
pesbtd
pesbtdn
peslog
pestru
pesrnd
pespow
pesnwt
pesc2d
pesc2n
peszle
peszlt
peszeq
pesxco
pesxup
peslcnup
pesxlo
peslcnlr
pesxcp
pesxis
pesxsi
pesxmu
pesd2c
pesn2c
pesxcs
pesatan
peslcem
peslbem
pesfnm
pes3tm
pes3ts
pes3tp
pes3te
pes2dsi
pesatz
pesstz
pestrim
pesati
pesadi
pesaii
pessti
pessdi
pessii
pessttds
pessddds
pessttym
pessddym
pesmni
pesdvin
pescdt
pesctm
pescts
pesc2ymi
pesc2dsi
pesc2tim
pesc2tsp
pesc2date
pesefd
pesefdt
pesefi
peslcln
peslclb
peslcst
peslcsb
ptp_u1
peslcib
peslcct
peslclp
peslcrp
peslclr
peslcup
peslclm
peslcrm
peslctr
peslclk
peslcl2
peslcnl
peslcrl
pesleq2
pesllt2
peslle2
pesllt3
peslle3
peslbln
peslblb
pestzo
pesftz
pesinc
pescnv
peslccnv
pesefdrvc2
pesdtm2c
pesitv2c
pesist2
pesist4
pesistc
peslen2
peslen4
peslenc
peslik2
pesli22
peslik4
pesli42
peslikc
peslic2
pessexu
pescomp
pesdcmp
pesnanf
pesnand
pesinf
pesinff
pesinfd
pesc2flt
pesc2dbl
pesflt2c
pesdbl2c
pesrem
pesremf
pesremd
pesatand
pesmodf
pesmodd
pesflof
pesflod
pesceif
pesceid
pessqtf
pessqtd
pessgnf
pessgnd
pessgni
pescosd
pessind
pestand
pescshd
pessnhd
pestnhd
pesexpd
peslnd
peslogd
pestruf
pestrud
pestrui
pesrndf
pesrndd
pesrndi
pespowd
pesmcnt
pesmie
pesacosd
pesasind
pesatn2d
pesxlt
pessdx
pesuen
pesacos
pesasin
pesatn2
plzsql
pesn2ymi
pesn2dsi
pessdt
pesguid
pessysctx2
pessts
pesdbtz
pessysctx3
pss_fclose
pss_fopen
pss_putc
pss_getc
pss_ungetc
pigicollection
psiini3
phpcas
phpcac
pisocollection
pl_udp
phdste
pht_type_node
ptp_u2
ptp_u4
peslcin
ptp_nd
ptg_s2
ptg_s4
ptg_u1
ptg_u2
ptg_u4
ptg_nd
ptg_tx
ptac_attr_valid_obj
ptgsln
ptac_sequence_valid
ptac_attr_valid_nty
ptac_nty_valid
ptfnxt
plsdiana
pegipt
pisopt
ptftin
ptfcre
pknanm
pfrbtl
pfrbtu
pfrbtd
pfrlxd
pfrstd
pfruln
pfrced
pfrown
pfrsub
peiiob
pefsperc
ocieperr
ociepacm
pefsplskgp
phdds_diana_stats
pppjmp
ptkin
ptlu
ptac_node_valid
pisoch
ptfudp
peirai
pisosc
pk_is_really_valid1
pk_exists1
pkls
pegisc
pegich
pessnh
ociepvaa

orannzsbb12

ztcx
ztcr2ub4
zterr2ora

msvcr100

_unlock
strncmp
sprintf
_vsnprintf
strchr
strncat
_setjmp
memchr
__iob_func
setbuf
fflush
isspace
isdigit
memcpy
memset
strcmp
fputs
_snprintf
_errno
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_amsg_exit
__C_specific_handler
__crt_debugger_hook
_onexit
_lock
__dllonexit
strncpy
__clean_type_info_names_internal
__CppXcptFilter

orauts

LoadLibraryA
Sleep
GetCurrentThreadId

kernel32

FormatMessageA
GetThreadLocale
EncodePointer
DecodePointer
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

PLITBLM_S
STANDA_B
STANDA_S
STANXB
STANXS
TEXTIO_B
TEXTIO_S
cllib
diu_attribute_use_statistics
diu_node_use_statistics
diugdn
diustx
picomp_3gl_fvec
picomp_alloc
picomp_deflate_init
picomp_free
picomp_map_kgc_error
picompfree
picomplz
picompmalloc
picompulz
picstkicdv
pidacn
pidanm
pidaty
pidbty
pidkin
pidnnm
pidnxt
pidrty
pidtin
pienc_3gl_fvec
pig_nd
pig_pt
pig_s2
pig_s4
pig_tx
pig_u1
pig_u2
pig_u4
pigdk_3gl_fvec
pigend
pigept
piges2
piges4
pigetx
pigeu1
pigeu2
pigeu4
pigsln
pigsnd
pihti_3gl_fvec
pihtsp
pii18n_3gl_fvec
piinad_3gl_fvec
pilms_3gl_fvec
pimatchicdv
pinla_3gl_fvec
pip_nd
pip_pt
pip_s2
pip_s4
pip_tx
pip_u1
pip_u2
pip_u4
pirg2_utlpg
pirg_utlraw
pism_3gl_fvec
pitci_3gl_fvec
pitcsp
piuri_3gl_fvec
stdicd_i
tiocls
tioeof
tiofop
tiogln
tiopcv
tiopnl
wpiudsc_describe_subprog

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2339e4a4fdf4c900afeb87b4576a7ffc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oracore12

oranls12

oraclient12

orageneric12

orasnls12

oranl12

orapls12

orannzsbb12

msvcr100

orauts

kernel32

Exports

Exports

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 44KB - Virtual size: 44KB

.trace Size: 21KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 44KB - Virtual size: 44KB

.trace
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 32KB - Virtual size: 31KB