orancrypt12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

orancrypt12.dll
Size

98KB
MD5

4f78c483a394650bcb7a34dc44ddcf69
SHA1

624ca8209e888cf283f00b1e655b1944a0335dbf
SHA256

eb45548b32d3f302c3d1025aeb168926beeb971279636a63ef559dcb3cef188c
SHA512

d5f0e9a9c5a815bed82e5be0a80de303aed533fecc1683aa3e84d83e3c31980c49ee400deefffbdccb4654fb38e367cf3dcc9be8a433d1ad063d5a2ff3fb886c
SSDEEP

3072:P13vZDqFEN1bUEjD7bzzPF0JBA7Yd6Sib:P1ZIEjbbF0JB4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
orancrypt12.dll

Files

orancrypt12.dll
.dll windows:5 windows x64 arch:x64

e71783833afce2b976fe1745f155245c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_1\oracle\network\bin\orancrypt12.dll.pdb

Imports

oran12

naeueab_encryption_init
naeueag_terminate_encryption
naeucah_terminate_checksum
naeucaa_checksum_init
naeueac_encrypt
naeucae_compute_checksum
naeucaf_check_checksum
naeuead_decrypt
nam_gnsp

oranl12

nlstreturn

orannzsbb12

ztceenc
ztcrseed3
ztcr2rnd
ztcr2seed
ztcrandom
ztcen
ztcegml
ztcef
ztchi
ztchn
ztchf
ztcei
ztcedec
zterr2ora

oracore12

ss_mem_alc
lmebco
ss_mem_fre
ss_mem_cal
sscoreserverflag

msvcr100

__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
strcmp
memcpy
memset
calloc
free
malloc
sprintf

orauts

Sleep
GetCurrentThreadId

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
DecodePointer
EncodePointer

Exports

Exports

naeb2xp
naebadd
naebb2c
naebc2b
naebcon
naebinv
naeblen
naebmdx
naecta
naectc
naecti
naectn
naed4ci
naed56a
naed56b
naed56c
naed56d
naed56e
naed56f
naed56k
naed56m
naed56p
naed56q
naed56r
naed56t
naed56v
naed5ui
naedhp
naedhpk
naedhsk
naedmcc
naedpwd_decrypt
naedpwd_encrypt
naeeta
naeetau
naeetc
naeetcu
naeeti
naeetn
naeetnu
naegprdm
naemd5a
naemd5f
naemd5g
naemd5h
naemd5i
naemd5k
naemd5n
naemd5p
naemd5r
naemd5s
naemd5t
naemd5u
naemd5v
naemd5w
naemd5y
naerefb
naerefi
naerena
naerenb
naerenc
naerend
naerene
naereni
naerenk
naerenm
naerenp
naerenq
naerenr
naerent
naerenu
naerenv
naesh1g
naesha256_allocate
naesha256_compare_checksums
naesha256_compute_checksum
naesha256_deallocate
naesha256_fixes
naesha256_get_size
naesha256_get_version
naesha256_key_initialize
naesha256_rekey
naesha256g
naesha256w
naesha256y
naesha384_allocate
naesha384_compare_checksums
naesha384_compute_checksum
naesha384_deallocate
naesha384_fixes
naesha384_get_size
naesha384_get_version
naesha384_key_initialize
naesha384_rekey
naesha384g
naesha384w
naesha384y
naesha512_allocate
naesha512_compare_checksums
naesha512_compute_checksum
naesha512_deallocate
naesha512_fixes
naesha512_get_size
naesha512_get_version
naesha512_key_initialize
naesha512_rekey
naesha512g
naesha512w
naesha512y
naeshaf
naeshah
naeshai
naeshau

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e71783833afce2b976fe1745f155245c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oran12

oranl12

orannzsbb12

oracore12

msvcr100

orauts

kernel32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 2KB - Virtual size: 2KB