orasnls12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

orasnls12.dll
Size

236KB
MD5

34c2f5ee8710c823ff5f6003d0f9bd26
SHA1

9f1980643959c9f1102f89ae3c5bf47d4c6db528
SHA256

a7bb2130f35626f134d926467c9780fd4de79b7c6e45d607cb2823e80ebcb4a6
SHA512

4dfd8f1951c4b34e389969e8050b74ffedf8853341c019c215b4801e88d183569b654603fc7bdc877d32fd5d9855082367e8e353e5d959fee210fa11abe4cdb7
SSDEEP

6144:qHX8++iitbgYL8zkDqL/vQ3pHMcJ3Znx:qHX8+1itESqL/vKpH9Jp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
orasnls12.dll

Files

orasnls12.dll
.dll windows:5 windows x64 arch:x64

2a009cbea178f8f5293ed90229b90ac0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_1\oracle\nlsrtl3\bin\orasnls12.dll.pdb

Imports

oracore12

lstcpyr

oranls12

lxoCpToOp
lxsCnvSimple
lxsCnvCase
lxpLinMatch
lxoSkip
lxsCntChar
lxcgbgwt2
lxsCntByte
lxoSchPat
lxpoLinDirMatch
lxmfwdx
lxoCntChar
lxoCntByte
lxpLinTrimPunc
lxcss2m
lxmctex
lxoCpChar
lxsCmpStr
lxmbteqx
lxoCmpStr
lxpoLinMatch
lxpLinDirMatch
lxcsCompose
lxhebc
lxhlinfo
lxptmult
lxoCpDisp
lxoCpStr
lxregcomp
lxregmatch
lxregmatchknl
lxhnmod
lxregfree
lxregexec
lxldfre
lxldalc
lxregreplace
lxsCpStr
lxmvopen
lxsRepStr
lxmcpen
lxppCodeHexToIntASCIITbl
lxsCnvNumStrToInt
lxgucs2utf
lxppCodeHexToIntEBCDICTbl
lxppCodeHexToIntEBCDICTblSpec
lxgcnv
lxoCnvNumStrToInt
lxptmutf8
lxoWriWChar
lxcsbmr
lxcsbm
lxcgbMaping
lxcsVldAL32UTF8
lxcsVldAL16UTF16
lxcsVldUTF8
lxcsu2mAL32UTF8
lxcsu2mUTF8
lxcgbgwt
lxcsm2uGB18030
lxcsu2mGB18030
lxcsm2uAL16UTF16
lxcsm2ux
lxcsm2uUTF32
lxcsm2uUTFE
lxcsm2uAL16UTF16LE
lxcsm2uUTF8
lxmopen
lxmc2wx
lxhcsn
lxcsm2uAL32UTF8
lxcsu2mAL16UTF16
lxcsu2mx
lxcsu2mUTF32
lxcsu2mUTFE
lxcsu2mAL16UTF16LE
lxdlwkb
lxgt2u
lxmfwtx
lxpcset
lxpe2i
lxhci2h
lxsCntDisp

msvcr100

memcpy
__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
strcmp
memset
memmove

orauts

Sleep
GetCurrentThreadId

kernel32

DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
EncodePointer

Exports

Exports

lxkAscii
lxkAsciistr
lxkCSConvTest
lxkChr
lxkConcat
lxkInitcap
lxkInstr
lxkLikPatPref
lxkLike
lxkPad
lxkRegexpComp
lxkRegexpCount
lxkRegexpCountLob
lxkRegexpErr
lxkRegexpFree
lxkRegexpInstrLobNSub
lxkRegexpInstrNSub
lxkRegexpLike
lxkRegexpLikeLob
lxkRegexpReplace
lxkRegexpReplaceLob
lxkRegexpReusable
lxkRegexpSubstrLobNSub
lxkRegexpSubstrNSub
lxkReplace
lxkSubstr
lxkToUL
lxkTranslate
lxkTrim
lxkUnistr

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a009cbea178f8f5293ed90229b90ac0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oracore12

oranls12

msvcr100

orauts

kernel32

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 213KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 213KB - Virtual size: 213KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 3KB - Virtual size: 2KB