oraocr12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

oraocr12.dll
Size

1.2MB
MD5

4b9962066cd7663733e1d38026ef8e4d
SHA1

12ccff1b564a12a01b79778637b62bd152135b87
SHA256

43a83b595007894cc38e25ea527643872f0b2d7ab89d891907ad0d6e3bd3afb3
SHA512

83269e996b215b4207cd0f9f0ffee61a18ca9a848d49b8591e63a798985abaec1b9a50760c9ca29480b2dbfdc069419b50d41f4fea971f1dc13b950519bdea31
SSDEEP

12288:2tf7VKYDO7QD9DZzDHownJnqZZtfjPIrjayrijjNg7hCrLg4Vgt8cv9:2d5KYD0GDZzzoZ1jjNgcrLg4VgtV1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oraocr12.dll

Files

oraocr12.dll
.dll windows:5 windows x64 arch:x64

ea80ef404e71041be174a92b957c5172

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\v3\oracle\opsm\bin\oraocr12.dll.pdb

Imports

oracommon12

vsnupr
vsnpri
vsnnum

orageneric12

slgfn
slgtd

oranls12

lxlterm
lxlinit
lxdobl
lxinitc
lxhLangEnv
lmsaicmt
lmsacin
lmsacbn
lmsatrm
lmsagbcmt

oracore12

sltstcl
sltsthnddestroy
sltstgi
sltstgh
sltspcbroadcast
ldxdtd
ldxsdc
sltstprint
lsfcln
sltspin
sltsini
lficrt
lfifpo
lfieno
lfidlb
lfifcp
lfiren
lfitrim
lfiisop
lfilen
lfiflu
lfiwr
lfird
lfiskbn
lfifno
lficls
lfifex
lfilini
lfiopn
lfifini
lfimknam
lfimkpth
sltskys
sltskyg
lpminit
lsfpv
lsttokr
lmmfree
lmmcalloc
lmmtophp
lpmdelete
sltster
lpmprinit
sltsmna
sltsmnr
SltsPrRead
SltsPrUnlock
lstss
lstclo
SltsPrInit
SltsPrDestroy
SltsPrWrite
sltspsinit
sltsmxi
sltspspost
lstprintf
sltspswait
sltsmnt
sltsmxd
sltspsdestroy
LhtStrDestroy
sltskydestroy
sltspcdestroy
sltstiddestroy
lpmprterm
LhtStrBeginIter
LhtStrYield
LhtStrEndIter
sltspcinit
sltrusleep
lcvb24
slmtnatol
sltskyc
lsfini
lpmloadpkg
LhtStrCreate
sltspctimewait
lbivand
sldxgd
ldxsto
ldxdts
LhtStrSearch
LhtStrInsert
LhtStrRemove
ldxcmp
lstap
ldxini
ldxbegin
sltstidinit
sltsthndinit
slzgetevar
sltstspawn

oraocrb12

prop_replace_dev
prop_prechk_confchange
prop_check_dev
prop_get_conf_handle
prop_check_logical_corruption
prop_is_ocronasm
prop_batch_execute
prop_get_version
prop_set_block
prop_interpret_block
prop_migrate_dev
prop_get_block
prop_get_status
prop_get_id
prop_terminate
prop_move_key
prop_delete_key
prop_delete_value
prop_check_perm_recurse
prop_close_io
prop_set_value
prop_get_security
prop_get_value
prop_enum_subkey
prop_delete_asmfile
prop_create_key
prop_close
prop_open
prop_init_reboot
prop_dump_ctx
prop_recover
prop_init
prop_setup
prop_get_state
prop_set_state
prop_repair_conf
prop_overwrite_conf
prop_check_storage
prop_get_conf
prop_compare_dev
prop_copy_bkpfile
prop_get_dev
prop_recover_media
prop_reinit
prop_recover_numpage
prop_autorepair_conf
prop_delete_bkpfile
prop_rename_bkpfile
prop_create_n_set_key
prop_bkup
prop_get_devid
prop_set_security

orahasgen12

clsdterm
clssnsnodenumbyhost
clssgsmbrkill
scls_iddb_has_privgrp_by_name
clssgsupdatepublic
clsssattrib
clssgsqgrp
scls_pid_get_self
scls_pid_to_string
crswconfig
clsdinitx
clsdset_logperm
clsdset_trcperm
clsdget_logname
clsslsshrlock
clssnsqueryrole
clssnshostbynodenum
clsu_get_private_ip_addr
clssnsqclname
scls_iddb_get_user_id_by_name
scls_iddb_get_privgrp_id_by_name
scls_iddb_is_a_privgrp_member_by_id
clsslsmutexlock
clssgsgrppubdata
clsdwftlv
clsdprft1
clscbinit
gipcInitializeF
gipcContextF
clsdwrft
clsutcpbase
gipcDestroyF
gipcAssociateF
gipcPostF
gipcEndpointF
gipcAddressF
gipcConnectF
gipcSetAttributeStringF
clsuGetDevEnv
gipcListenF
gipcGetAttributeStringF
gipcContainerF
gipcWaitF
gipcDissociateF
gipcReleaseBufferF
gipcreqtypeTranslate
gipcRecvSyncF
gipcSendSyncF
gipcDumpF
clssnsprivatebynum
clsuhexdump
clsssrecoverytime
clssnsquerymode
clssgsupdategrpprivate
clsssSetActiveVersion
clssgsgrppridata
scls_process_spawn
scls_process_get_output
scls_process_close_output
scls_process_join
clssgsupdategrppublic
clsssterm
clssgsSetMemberAttr
clssgsSetGroupAttr
clssgsCreateGroup
clssnsNodeList
clssgspubdata
clsv_cluster_consistent
clso_copykey
clsvswversion
clsvswpatch
clscrs_init_crs
clscrs_res_create
clscrs_res_set_attr
clscrs_reslist_create
clscrs_reslist_append
clscrs_register_resource2
clscrs_reslist_destroy
clscrs_reslist_first
clscrs_res_get_op_status
clscrs_term_crs
clscrs_splist_create
clscrs_splist_append
clscrs_env_create
clscrs_start_resource2
clscrs_splist_destroy
clscrs_env_delete
clsu_get_config_node_role
clsu_get_target_node_role
scls_idq_get_crs_user_id
scls_iddb_compare_user_id
clsdwflv
clsu_get_asm_mode
clsuhost
scls_iddb_has_ha_privs
scls_idq_get_user_id
scls_idq_get_primary_privgrp_name
scls_idq_get_user_name
scls_meta_ctx_init
scls_meta_query_size
scls_meta_init
gipcretTranslate
gipcSetAttributeNativeF
clsdprintf
clsdset_loglvl
clsdcompreg
clsuSlosFormatDiag
scls_exit_fast
clsdfflush
clsd_alertprintft
clssgsdereg
clssgsreg
clsem_getMsgStr
clsem_init
clsdgetcompid
clsgSet
clsdprintft
clsgTerm
clsgUnlock
clsgGet
clsgLock
clsgInit
scls_meta_ctx_destroy
clssgsgrpstat
clsslsunlock
clssnsqlnum
clsssinit

oraasmclnt12

kgfpmRecoverRollingMigration
kgfpmGetPatchlvl
kgfpmTerm
kgfnmFree
kgfnmParse
kgfnmAlloc
kgfpmStartRollingPatch
kgfpmClientInit
kgfpmClusterStateToStr
kgfpmQryClusterState
kgfpmConnect
kgfpmErrorMessage
kgfpmStopRollingMigration

orannzsbb12

ztcr2ub4

orauts

Sleep
GetCurrentThreadId

kernel32

UnhandledExceptionFilter
GetTickCount
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
EncodePointer
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls

msvcr100

_flushall
sscanf
__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
strchr
_vsnprintf
_snprintf
strrchr
_time64
_difftime64
memcmp
printf
sprintf
strncat
strtol
strncmp
strcat
memcpy
strcmp
strstr
abort
strncpy
strcpy
memset
strlen

Exports

Exports

procr_backup
procr_backup_loc
procr_batch_execute
procr_batch_init
procr_batch_terminate
procr_begin_asm_shutdown
procr_check_logical_corruption
procr_check_storage
procr_close_key
procr_compare_dev
procr_copy_bkpfile
procr_create_key
procr_create_key_ext
procr_create_n_set_key
procr_create_n_set_key_ext
procr_delete_key
procr_delete_key_ext
procr_delete_value
procr_delete_value_ext
procr_deregister_crsstandby
procr_deregister_localgroup
procr_dump_ctx
procr_end_asm_shutdown
procr_enum_subkey
procr_enum_subkey_ext
procr_get_backup_loc
procr_get_block
procr_get_conf
procr_get_ctx
procr_get_dev
procr_get_devid
procr_get_error_message
procr_get_id
procr_get_key_security
procr_get_key_security_ext
procr_get_last_error
procr_get_max_subkeys
procr_get_max_valuesize
procr_get_max_valuesize_ext
procr_get_online_conf
procr_get_state
procr_get_status
procr_get_value
procr_get_value_ext
procr_init
procr_init_ext
procr_init_ext2
procr_interpret_block
procr_kill_peer
procr_move_key
procr_move_key_ext
procr_open_key
procr_open_key_ext
procr_overwrite_conf
procr_patch_cluster
procr_register_crsstandby
procr_register_localgroup
procr_register_master_change
procr_repair_conf
procr_replace_dev
procr_restore
procr_set_block
procr_set_key_security
procr_set_key_security_ext
procr_set_ohasd_dependencies
procr_set_state
procr_set_value
procr_set_value_ext
procr_terminate
procr_upgrade_cluster

Sections

.text
Size: 919KB - Virtual size: 918KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea80ef404e71041be174a92b957c5172

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oracommon12

orageneric12

oranls12

oracore12

oraocrb12

orahasgen12

oraasmclnt12

orannzsbb12

orauts

kernel32

msvcr100

Exports

Exports

Sections

.text Size: 919KB - Virtual size: 918KB

.rdata Size: 256KB - Virtual size: 255KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 752B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 919KB - Virtual size: 918KB

.rdata
Size: 256KB - Virtual size: 255KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 752B

.reloc
Size: 5KB - Virtual size: 5KB