orazt12[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

orazt12.dll
Size

124KB
MD5

9a00808c70e86d1d2b70744921b2a303
SHA1

4404abebab4ddffac3da3f678255fccf83b6c7c9
SHA256

b3c2d2ebccc19def9a68ff65510306e1cb9a2a3fa970e9e59ad9ffbcc62290d8
SHA512

7ba1b0554c7604f8531096f105e372d26892dd819ced3f76f20bb4842165a28e855854656f54c7c1c0f7083539b7e20088a4d9f4d13eda3908d9f58a758972a4
SSDEEP

3072:vVoI71DgntKQYaXjSwSuJdL62CX4fkeXzjD7bzzqJTAbbFdAlqvgnI:vTDgntKQYa2C62eJTgbDvg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
orazt12.dll

Files

orazt12.dll
.dll windows:5 windows x64 arch:x64

778fcba0c458f6810330b5fe20fca1e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\oracle\ldap\bin\orazt12.dll.pdb

Imports

oranls12

lxgcnv
lxhLaToId
lxinitc
lxlinit
lxsCmpStr

oracore12

lmebco
lstclo
sltskyg
lstprintf

oraldapclnt12

ber_free
ldap_msgfree
ldap_unbind
ldap_open
ldap_bind_s
ldap_get_option
ldap_search_s
ldap_count_entries
ldap_first_entry
ldap_first_attribute
ldap_add_s
ldap_delete_s
ldap_modify_s
ldap_init_SSL
ldap_value_free
ldap_get_values
ldap_get_dn
ldap_is_ldap_url
ldap_free_urldesc
ldap_get_values_len
ldap_unbind_s
ldap_next_entry
ldap_memfree
ldap_next_attribute
ldap_url_search_s
ldap_set_option
ldap_init
ldap_url_parse
ldap_value_free_len

oran12

nlstdstp
nlstdgg

oranl12

nldddiagctxinit
nlemfireg
nlstdtrm
nlstdini
nlemgmz
nlnvfbp
nlnvcrb
nlpagip
nlpagsp
nlgblfpgt
nlepeget
nlpagbp
nlnvdeb
nlnvgap
nldtwrite
nlddwrite
nlgblftgt

orannzsbb12

ztcegml
nzihgwt_get_WRLType
nzustralloc
nzstr_copy
nzumfree
snzdafn_assemble_filename
nzstrfc_free_content
nzstr_alloc
nzusnt_save_null_terminate
nzumalloc
nzu_init_trace
nzu_exit_trace
ztucbtx
ztcr2rnd
ztcr2seed
ztcedec
ztceenc
nzcrl_CreateCtx
ztch
nzcsf_AddtoCredStore
nzstrcpy
nzstrlen
nzu_print_trace

oraztkg12

ztgss_nt_service_name
ztgss_import_name
ztgss_release_name
ztgss_release_buffer
ztgss_init_sec_context
ztgss_unwrap
ztgss_wrap
ztgss_release_cred
ztgss_acquire_cred
ztgss_accept_sec_context
ztgss_delete_sec_context

orageneric12

dbgdChkEventIntV
sltln
dbgtCtrl_intEvalCtrlEvent
dbgtCtrl_intEvalTraceFilters

msvcr100

_unlock
__dllonexit
__clean_type_info_names_internal
_onexit
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
strcmp
memset
memcpy
sprintf
vsprintf
isspace
sscanf
strtok
_lock
strncpy

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
DecodePointer
EncodePointer
RtlCaptureContext

Exports

Exports

nzsuppgp_get_parameter
nzsupplfc_ldap_fetch_crl
nzsupplfc_ldap_fetch_crldp
nzsupplfc_ldap_store_close
nzsupplfc_ldap_store_read
nzsuppliu_ldap_is_url
nzsuppls_lmss_sprintf
nzsuppni_nl_init
nzsuppnt_nl_term
nzsupppl_pkivendor_lookup
nzsuppte_trace_exit
nzsuppti_trace_init
nzsupptw_trace_write
nzsuppwl_wallet_lookup
ztgss_AddRecipient
ztgss_Create
ztgss_CreateRecipientList
ztgss_Decrypt
ztgss_Destroy
ztgss_DestroyBuffer
ztgss_DestroyRecipientList
ztgss_DigestData
ztgss_Encrypt
ztgss_Sign
ztgss_Verify
zts_client_new
zts_client_setAuthid
zts_client_setPassword
zts_client_setUid
zts_client_step
zts_decode
zts_decode_getlength
zts_dispose
zts_encode
zts_getprop
zts_server_new
zts_server_setVerifier
zts_server_step
zts_setprop
ztsm_digest_client_get_maxbufsize
ztsm_digest_client_set_cipher
ztsm_digest_client_set_maxbufsize
ztsm_digest_client_set_maxqop
ztsm_digest_client_set_minqop
ztsm_digest_client_set_realm
ztsm_digest_client_set_uri
ztsm_digest_client_step
ztsm_digest_decode_mesg
ztsm_digest_dispose
ztsm_digest_encode_mesg
ztsm_digest_getrealm
ztsm_digest_getrealmresp
ztsm_digest_server_get_maxbufsize
ztsm_digest_server_set_cipher
ztsm_digest_server_set_maxbufsize
ztsm_digest_server_set_qop
ztsm_digest_server_set_realm
ztsm_digest_server_step
ztsm_gssapi_client_step
ztsm_gssapi_decode_mesg
ztsm_gssapi_dispose
ztsm_gssapi_encode_mesg
ztsm_gssapi_server_step
ztsm_plain_client_step
ztsm_plain_server_step

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

778fcba0c458f6810330b5fe20fca1e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oranls12

oracore12

oraldapclnt12

oran12

oranl12

orannzsbb12

oraztkg12

orageneric12

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 2KB - Virtual size: 1KB