oraons[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

oraons.dll
Size

215KB
MD5

28969bc0068c9be402d7d2af7656a4c7
SHA1

72c6f7e480c3c31c5a60d5c1329ede1c072d780f
SHA256

0736ef5738c3cff9ea0a233258bf00c447d5fba09ed8f325d269db81b061ea85
SHA512

f7717f42fc4fbcb62b9efb32b1136a0cba41d48892c12f8e5caa28ad9504e69f5bdd4ce25886dce5c6f39be62d34bfaa570a1f666e35caab41000504a8136dbe
SSDEEP

3072:W9SR+WNMUrRsekdgOymhSh05+GDoPjG/X5dHytxMdlqegpeukpLhgjD7bzzT/EJX:ssPpRsqOvhSU56xMLG/EJl5Ml74

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oraons.dll

Files

oraons.dll
.dll windows:5 windows x64 arch:x64

ff7aae4f9266cd52fd437485dd51d674

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_ons_12.2.1.3.0_16\opmn\bin\oraons.dll.pdb

Imports

ws2_32

gethostname
getnameinfo
freeaddrinfo
htonl
ntohl
getaddrinfo
ntohs
htons
__WSAFDIsSet
select
sendto
recvfrom
send
connect
accept
listen
bind
WSASetLastError
getsockopt
setsockopt
closesocket
recv
ioctlsocket
shutdown
WSAGetLastError
socket
WSAStartup
WSACleanup

kernel32

FormatMessageA
GetProcAddress
FreeLibrary
LoadLibraryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
DecodePointer
EncodePointer
SetHandleInformation
ReleaseMutex
CreateMutexA
GetSystemTime
GetLastError
CloseHandle
SetEvent
ResetEvent
InitializeCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
CreateEventA
EnterCriticalSection
LeaveCriticalSection
Sleep
WaitForSingleObject

msvcr100

__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_onexit
__crt_debugger_hook
_fileno
_strdup
_open
_read
_lock
fprintf
_endthread
_beginthread
strrchr
sprintf
getenv
_stricmp
strerror
fopen
_get_osfhandle
_errno
__iob_func
_time64
_localtime64
_close
vfprintf
fputc
fflush
fclose
malloc
realloc
free
strncpy
fgets
strstr
isdigit
atoi
strchr
isspace
isupper
tolower
_fstat64i32
strncmp
_strnicmp
strtol
_snprintf
_getpid
memmove
perror
memset
memcpy
strcmp
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__C_specific_handler

Exports

Exports

ons_block_init
ons_cond_broadcast
ons_cond_create
ons_cond_destroy
ons_cond_free
ons_cond_init
ons_cond_signal
ons_cond_timedwait_ms
ons_cond_timedwait_sec
ons_cond_wait
ons_connection_host
ons_connection_id
ons_connection_next
ons_connection_ping
ons_connection_port
ons_connection_release
ons_connection_status
ons_connection_status_string
ons_error_set
ons_get_ids_wtimeout
ons_init
ons_init_wconfig
ons_init_wconfig_ctx
ons_init_woraclehome
ons_init_woraclehome_ctx
ons_laddrlist_add
ons_laddrlist_count
ons_laddrlist_create
ons_laddrlist_destroy
ons_laddrlist_get
ons_logicaladdr_equals
ons_logicaladdr_getComponent
ons_logicaladdr_getHostName
ons_logicaladdr_getInstanceName
ons_logicaladdr_getProperty
ons_logicaladdr_getPropertyCount
ons_logicaladdr_getPropertyIndex
ons_logicaladdr_getRouteId
ons_mutex_create
ons_mutex_destroy
ons_mutex_free
ons_mutex_init
ons_mutex_trylock
ons_nodelist_active
ons_nodelist_concurrency
ons_nodelist_connections
ons_nodelist_failover_list
ons_nodelist_id
ons_nodelist_next
ons_nodelist_release
ons_nodelists
ons_nodelists_ctx
ons_notification_affectedComponents
ons_notification_affectedNodes
ons_notification_body
ons_notification_clusterName
ons_notification_create
ons_notification_creationTime
ons_notification_deliveryTime
ons_notification_generatingComponent
ons_notification_generatingNode
ons_notification_generatingProcess
ons_notification_getAllProperties
ons_notification_getProperty
ons_notification_id
ons_notification_instanceName
ons_notification_localOnly
ons_notification_print
ons_notification_setLocalOnly
ons_notification_setProperty
ons_notification_stamp
ons_notification_type
ons_notification_version
ons_one_time_publish
ons_one_time_remote_publish
ons_proplist_create
ons_proplist_destroy
ons_proplist_get
ons_proplist_put
ons_publisher_close
ons_publisher_create
ons_publisher_create_ctx
ons_publisher_publish
ons_rpcclient_create
ons_rpcclient_destroy
ons_rpcclient_getservers
ons_rpcclient_invoke
ons_rpcclient_invoke_wcallback
ons_rpcclient_setlocal
ons_rpcinvocation_destroy
ons_rpcinvocation_getresponse
ons_rpcinvocation_isdone
ons_rpcrequest_senderror
ons_rpcrequest_sendprogress
ons_rpcrequest_sendresult
ons_rpcresponse_destroy
ons_rpcresponse_getaddr
ons_rpcresponse_getdata
ons_rpcserver_addfunc
ons_rpcserver_create
ons_rpcserver_destroy
ons_rpcserver_isrunning
ons_rpcserver_launch
ons_rpcserver_setaddrprops
ons_rpcserver_setcbmode
ons_rpcserver_shutdown
ons_shutdown
ons_shutdown_nowait
ons_shutdown_wtimeout
ons_shutdown_wtimeout_ctx
ons_socket_accept
ons_socket_bind
ons_socket_close
ons_socket_close_on_exec
ons_socket_connect
ons_socket_create
ons_socket_error_string
ons_socket_getopt
ons_socket_listen
ons_socket_poll
ons_socket_poll_single
ons_socket_recv
ons_socket_recvfrom
ons_socket_send
ons_socket_sendto
ons_socket_setnonblock
ons_socket_setopt
ons_socket_shutdown
ons_subscriber_cancelcallback
ons_subscriber_close
ons_subscriber_close_disconnect
ons_subscriber_component
ons_subscriber_create
ons_subscriber_create_async
ons_subscriber_create_async_ctx
ons_subscriber_create_disconnect_ctx
ons_subscriber_create_wtimeout
ons_subscriber_create_wtimeout_ctx
ons_subscriber_getPublisher
ons_subscriber_id
ons_subscriber_receive
ons_subscriber_registercallback
ons_subscriber_relinquish
ons_subscriber_status
ons_subscriber_subscription
ons_sync_destroy
ons_sync_enter
ons_sync_exit
ons_sync_init
ons_thread_create
ons_thread_exit
ons_thread_join
ons_thread_self
ons_thread_sleep
ons_thread_stacksize
ons_thread_yield
ons_trace_set
opmn_create_body_block
opmn_destroy_body_block
opmn_generate_body
opmn_get_body_block
opmn_get_body_element
opmn_get_body_segment
opmn_get_nested_element
opmn_get_nested_segment
opmn_get_old_segment
opmn_put_body_element
opmn_put_nested_element
opmn_put_nested_segment
opmn_put_old_segment

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff7aae4f9266cd52fd437485dd51d674

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

msvcr100

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 169KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 6KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 1024B - Virtual size: 744B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 170KB - Virtual size: 169KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 6KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 1024B - Virtual size: 744B

.reloc
Size: 2KB - Virtual size: 1KB