oraldapclnt12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

oraldapclnt12.dll
Size

720KB
MD5

6c8a89f4c5b76eebb04ba0a9a6bd3d45
SHA1

29e0ef7b0c74dd48f2551354da6d0a1908a086e7
SHA256

0074eeb760ddbd46543ec0658e60e42f57d4032d46d1725f5297c1d10c2764e8
SHA512

ba678bfdbfd139d21a1427bc71755dde15568bef81c6c8f38907ceb415c0a73acb7cfff202b1513ea3f59c225db219ee972b353c6aa1f9d1c6d53a727a101ba4
SSDEEP

12288:fFlMRpeY7B4Adg+tPkJ+PwcVX/jWWuPsKtC/OzXYJbMvukGfCjhnUYgQJDe:fv6X72Eg+tsgPtGvH3EQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oraldapclnt12.dll

Files

oraldapclnt12.dll
.dll windows:5 windows x64 arch:x64

332b3e971d09de79ccd6f7fbf34bfb4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\b\oracle\ldap\bin\oraldapclnt12.dll.pdb

Imports

oranls12

lxhsftime
lxregfree
lxregexec
lxregcomp
lxoCvChar
lxmalnx
lxoCpToOp
lxgcnv
lxhclrsave
lxhlinfo
lxmxdix
lxmbteqx
lxwlowx
lxwuppx
lxwpunx
lxwprix
lxmdigx
lxoCnvNumStrToInt
lxwgrax
lxwalnx
lxwalpx
lxwdigx
lmsagbf
lxwspax
lxoSchPat
lxsCmpStr
lxsCatStr
lxscat
lxsCnvCase
lxsCpStr
lmsacbn
lmsacin
lmsaicmt
lxhLaToId
lxhlmod
lxhLangEnv
lxinitc
lxlinit
lxzinit
lxlterm
lmsatrm
lxoCpStr
lxmcpen
lxmprix
lxmspax
lxoCpChar
lxscop
lxsulen
lxmctex
lxoWriChar
lxmfwdx
lxmopen

oracore12

SltsPrWrite
SltsPrUnlock
SltsPrDestroy
SltsPrRead
slzsetevar
sldxgd
ldxsti
ldxstd
ldxdts
ldxdtd
ldxdyf
lnxmin
lnxmul
lnxsni
lnxdiv
ldxftd
SltsPrInit
lstmclo
lstmup
lstprintf
sltspcwait
sltspcbroadcast
sltspcsignal
sltspcdestroy
sltspcinit
lstlo
lpminit
lpmatterm
lstclo
lfimknam
lfilini
lfiopn
slmttpow
lfigfn
lmtrand
sltmgcs
slmaacb
ss_mem_fre
ss_mem_ral
lmmcalloc
ss_mem_cal
ss_mem_alc
lsfini
lpmloadpkg
lrmini
sltsini
ldxbegin
sltsmxi
lpmmkpri
sltsimr
sltsima
lpmgetcompctx
lpmsavecompctx
sltsmxd
lrmtrm
ldxend
lficls
lpmdelete
lsfcln
SlfOpen
ldxsto
lfifpo
lfiabt
lsfp
lfipthad
lfimkpth
slzgetevar
sltsmnr
lfifex
sltsmna
lsfdi
lsfdrm
lsfpd
lsfdl
lfitell
lfiflu
lsfpv
lfiskb
lfiwr
lfird
lfifno
ldxads

oranl12

snlpcgun
nlpatrm
nlpagsp
nlpagvc
nlpains

orannzsbb12

ztvulc
nzdst_terminate
nzdsi_initialize
ztcegml
ztcsr
ztcedec
ztceenc
ztcsl
ztcsh
ztcrseed3
ztcrandom
ztchi
ztchn
ztchf
nzos_Read
nzos_SetSqlnetFunc
nzos_Initialize
nzos_Get_Ctx
nzos_Configure
nzos_OToolkitContext
nzos_SetLdapFunc
nzos_OpenWallet
nzos_RetrievePersonaCopy
nztSetAppDefaultLocation
nztwCloseWallet
nzosDestroyCredential
nzos_Destroy_Ctx
nzos_Deinitialize
nzosSetCredential
nzos_Create_Ctx
nzos_Handshake
nzosGetPeerCredential
nztSearchNZDefault
nzos_ServiceWriteQueue
ztch
ztucxtb
nzos_Write
ztvovg
ztucbtx
ztvulp
nzos_Close
ztcr2ub4
ztcr2rnd
ztchdst
ztvp522

orazt12

nzsupplfc_ldap_fetch_crldp
zts_client_new
ztsm_digest_client_set_uri
nzsuppliu_ldap_is_url
zts_client_setPassword
nzsupplfc_ldap_fetch_crl
nzsuppte_trace_exit
ztsm_digest_client_set_realm
ztsm_digest_client_set_maxbufsize
ztsm_digest_client_set_maxqop
nzsupptw_trace_write
nzsuppti_trace_init
nzsuppgp_get_parameter
nzsuppwl_wallet_lookup
nzsupppl_pkivendor_lookup
nzsuppnt_nl_term
zts_client_setUid
nzsuppni_nl_init
ztsm_digest_client_set_minqop
ztsm_digest_client_set_cipher
zts_client_step
zts_getprop
zts_decode
zts_encode
zts_dispose

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
FreeLibrary
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentThreadId
GetTickCount
Sleep
FormatMessageA
TlsGetValue
TlsAlloc
TlsFree
TlsSetValue
RtlCaptureContext

wsock32

gethostbyname
__WSAFDIsSet
send
recv
select
htonl
ntohl
gethostname
WSAStartup
WSACleanup
setsockopt
WSAGetLastError
shutdown
closesocket
accept
inet_addr
ioctlsocket
htons
bind
listen
connect
getsockopt
getpeername
gethostbyaddr
inet_ntoa
sendto
recvfrom
socket
WSASetLastError

iphlpapi

GetNetworkParams

oraxml12

getAttributeIndex
getAttrLocal
getAttrValue
numAttributes
xmlparse
xmlinit
xmlterm

advapi32

RegQueryValueExA
RegOpenKeyExA

orauts

longjmp

ws2_32

freeaddrinfo
getnameinfo
getaddrinfo

msvcr100

_amsg_exit
__C_specific_handler
__CppXcptFilter
__clean_type_info_names_internal
_unlock
__dllonexit
_initterm_e
_initterm
_malloc_crt
strcmp
memcpy
memset
_lock
_onexit
__crt_debugger_hook
_encoded_null
_mktemp
_unlink
_write
_read
memmove
calloc
strstr
_setjmp
exit
__iob_func
fputs
free
qsort
sscanf
_time64
_gmtime64
strftime
_localtime64
strncpy
atoi
_mktime64
toupper
strncmp
memchr
sprintf
strncat
_getpid

Exports

Exports

ber_alloc_t
ber_bvfree
ber_dump
ber_flatten
ber_free
ber_get_boolean
ber_get_int
ber_get_ostring
ber_get_tag
ber_init
ber_peek_tag
ber_printf
ber_put_boolean
ber_put_int
ber_put_ostring
ber_put_seq
ber_scanf
ber_skip_tag
ber_start_seq
gslccx_Getgsluctx
gslclegalGetAsLDIF
gslcres_SaveRebindInfo
gslcsa_SaslInit
gsldlAStrParseLine
gsldlBStrGetline
gslufcClose
gslufoOpen
gslufpFLog
gslufpFprintf
gsluinit
gsluizgcGetContext
gslumcCalloc
gslumfFree
gslummMalloc
gsluscmStrcmp
gslushut
gslusibIsSpace
gslusicIsDecPtr
gslusicIsIncPtr
gslusicStrcasecmp
gsluspSprintf
gslussdStrdup
gslusslStrlen
gslussnStrncpy
gslusspStrcpy
gslusstStrChr
gslusstStrStr
gsluswck
gsluswfpeFreePwdEntry
gsluswipeInitPwdEntry
gsluswspeSetPwdEntry
gsluswspsSetPwdStore
gslutcTrace
gsluuReadLdifEntry
gslxdv1cCleanup
gslxdv1cpCreateParserCtx
gslxdv1pParse
ldap_abandon
ldap_abandon_ext
ldap_add
ldap_add_ext
ldap_add_ext_s
ldap_add_s
ldap_bind
ldap_bind_s
ldap_build_filter
ldap_compare
ldap_compare_ext
ldap_compare_ext_s
ldap_compare_s
ldap_control_free
ldap_controls_free
ldap_count_entries
ldap_count_messages
ldap_count_references
ldap_count_values
ldap_count_values_len
ldap_debug
ldap_delete
ldap_delete_ext
ldap_delete_ext_s
ldap_delete_s
ldap_dn2ufn
ldap_err2string
ldap_explode_dn
ldap_explode_dns
ldap_explode_rdn
ldap_first_attribute
ldap_first_entry
ldap_first_message
ldap_first_reference
ldap_free_urldesc
ldap_get_dn
ldap_get_entry_controls
ldap_get_lderrno
ldap_get_option
ldap_get_values
ldap_get_values_len
ldap_getfilter_free
ldap_getfirstfilter
ldap_getnextfilter
ldap_init
ldap_init_SASL
ldap_init_SSL
ldap_init_getfilter
ldap_init_getfilter_buf
ldap_is_ldap_url
ldap_memfree
ldap_modify
ldap_modify_ext
ldap_modify_ext_s
ldap_modify_s
ldap_modrdn
ldap_modrdn2
ldap_modrdn2_s
ldap_modrdn_s
ldap_mods_free
ldap_msgdelete
ldap_msgfree
ldap_msgid
ldap_msgtype
ldap_native_bind_s
ldap_next_attribute
ldap_next_entry
ldap_next_message
ldap_next_reference
ldap_open
ldap_parse_result
ldap_parse_sasl_bind_result
ldap_perror
ldap_rename
ldap_rename_s
ldap_replic_bind
ldap_replic_bind_s
ldap_result
ldap_result2error
ldap_sasl_bind
ldap_sasl_bind_s
ldap_search
ldap_search_ext
ldap_search_ext_s
ldap_search_s
ldap_search_st
ldap_set_lderrno
ldap_set_option
ldap_simple_bind
ldap_simple_bind_s
ldap_sort_entries
ldap_unbind
ldap_unbind_s
ldap_url_parse
ldap_url_search
ldap_url_search_s
ldap_url_search_st
ldap_value_free
ldap_value_free_len
ora_create_discov_hdl
ora_free_discov_hdl
ora_free_result_hdl
ora_get_discov_prop
ora_get_result
ora_ldap_abandon
ora_ldap_abandon_ext
ora_ldap_add
ora_ldap_add_ext
ora_ldap_add_ext_s
ora_ldap_add_s
ora_ldap_authenticate_user
ora_ldap_ber_alloc_t
ora_ldap_ber_bvfree
ora_ldap_ber_dump
ora_ldap_ber_end_seq
ora_ldap_ber_flatten
ora_ldap_ber_free
ora_ldap_ber_get_boolean
ora_ldap_ber_get_int
ora_ldap_ber_get_ostring
ora_ldap_ber_get_tag
ora_ldap_ber_init
ora_ldap_ber_peek_tag
ora_ldap_ber_printf
ora_ldap_ber_put_boolean
ora_ldap_ber_put_int
ora_ldap_ber_put_ostring
ora_ldap_ber_put_seq
ora_ldap_ber_scanf
ora_ldap_ber_skip_tag
ora_ldap_ber_start_seq
ora_ldap_bind
ora_ldap_bind_s
ora_ldap_build_filter
ora_ldap_check_group_membership
ora_ldap_check_user_subscription
ora_ldap_compare
ora_ldap_compare_ext
ora_ldap_compare_ext_s
ora_ldap_compare_s
ora_ldap_control_free
ora_ldap_controls_free
ora_ldap_count_entries
ora_ldap_count_messages
ora_ldap_count_references
ora_ldap_count_values
ora_ldap_count_values_len
ora_ldap_create_clientctx
ora_ldap_create_cred_hdl
ora_ldap_create_group_handle
ora_ldap_create_service_handle
ora_ldap_create_subscriber_handle
ora_ldap_create_user_handle
ora_ldap_delete
ora_ldap_delete_ext
ora_ldap_delete_ext_s
ora_ldap_delete_s
ora_ldap_destroy_clientctx
ora_ldap_discover
ora_ldap_discover_open
ora_ldap_dn2ufn
ora_ldap_err2string
ora_ldap_escape_splchars
ora_ldap_explode_dn
ora_ldap_explode_dns
ora_ldap_explode_rdn
ora_ldap_first_attribute
ora_ldap_first_entry
ora_ldap_first_message
ora_ldap_first_reference
ora_ldap_free_cred_hdl
ora_ldap_free_handle
ora_ldap_free_properties
ora_ldap_free_propertyset
ora_ldap_free_urldesc
ora_ldap_get_available_services
ora_ldap_get_cred_props
ora_ldap_get_direct_group_membership
ora_ldap_get_dn
ora_ldap_get_entry_controls
ora_ldap_get_group_dn
ora_ldap_get_group_membership
ora_ldap_get_group_properties
ora_ldap_get_lderrno
ora_ldap_get_option
ora_ldap_get_subscribed_services
ora_ldap_get_subscribed_users
ora_ldap_get_subscriber_dn
ora_ldap_get_subscriber_ext_properties
ora_ldap_get_subscriber_properties
ora_ldap_get_user_dn
ora_ldap_get_user_extended_properties
ora_ldap_get_user_properties
ora_ldap_get_user_props_and_auth
ora_ldap_get_values
ora_ldap_get_values_len
ora_ldap_getfilter_free
ora_ldap_getfirstfilter
ora_ldap_getnextfilter
ora_ldap_init
ora_ldap_init_SASL
ora_ldap_init_SSL
ora_ldap_init_getfilter
ora_ldap_init_getfilter_buf
ora_ldap_initbr
ora_ldap_is_ldap_url
ora_ldap_locate_subscriber_for_user
ora_ldap_memfree
ora_ldap_modify
ora_ldap_modify_ext
ora_ldap_modify_ext_s
ora_ldap_modify_s
ora_ldap_modrdn
ora_ldap_modrdn2
ora_ldap_modrdn2_s
ora_ldap_modrdn_s
ora_ldap_mods_free
ora_ldap_msgdelete
ora_ldap_msgfree
ora_ldap_msgid
ora_ldap_msgtype
ora_ldap_native_bind_s
ora_ldap_next_attribute
ora_ldap_next_entry
ora_ldap_next_message
ora_ldap_next_reference
ora_ldap_normalize_dn
ora_ldap_normalize_dn_with_case
ora_ldap_open
ora_ldap_parse_result
ora_ldap_parse_sasl_bind_result
ora_ldap_perror
ora_ldap_rename
ora_ldap_rename_s
ora_ldap_replic_bind
ora_ldap_replic_bind_s
ora_ldap_result
ora_ldap_result2error
ora_ldap_sasl_bind
ora_ldap_sasl_bind_s
ora_ldap_search
ora_ldap_search_ext
ora_ldap_search_ext_s
ora_ldap_search_s
ora_ldap_search_st
ora_ldap_set_clientctx
ora_ldap_set_cred_props
ora_ldap_set_group_handle_properties
ora_ldap_set_lderrno
ora_ldap_set_option
ora_ldap_set_rebind_proc
ora_ldap_set_user_handle_properties
ora_ldap_set_user_properties
ora_ldap_setfilteraffixes
ora_ldap_simple_bind
ora_ldap_simple_bind_s
ora_ldap_sort_entries
ora_ldap_subscribe_user
ora_ldap_unbind
ora_ldap_unbind_s
ora_ldap_unsubscribe_user
ora_ldap_url_parse
ora_ldap_url_search
ora_ldap_url_search_s
ora_ldap_url_search_st
ora_ldap_value_free
ora_ldap_value_free_len
ora_set_discov_prop

Sections

.text
Size: 587KB - Virtual size: 587KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

332b3e971d09de79ccd6f7fbf34bfb4f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oranls12

oracore12

oranl12

orannzsbb12

orazt12

kernel32

wsock32

iphlpapi

oraxml12

advapi32

orauts

ws2_32

msvcr100

Exports

Exports

Sections

.text Size: 587KB - Virtual size: 587KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 5KB - Virtual size: 6KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 587KB - Virtual size: 587KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 5KB - Virtual size: 6KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 5KB - Virtual size: 5KB