oranls12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

oranls12.dll
Size

1017KB
MD5

77a3ef0ad96740f7cd41e2b46dd63b67
SHA1

489ae0b162e532c73925791f3d4b3b37c843958e
SHA256

6022bbdcccd67a11e12c629bf2804aa7709f9b4953efd246687e19317327b788
SHA512

4a9f76c9add6d1744bc2bf23c7f007c70783a48595e42650e4ca8de05adcda9f4ff8166ac568a517cadcbe3aa5e41f10a25ff12c75b8a8ee1c460d5c5837587a
SSDEEP

12288:dWyjqSBs4bNykA9Pqs369DlWwEViM961Lx4bsJHpyTt8hAgJO62x:dWyjqSBHNyk2b690sb4b5ChAg8P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oranls12.dll

Files

oranls12.dll
.dll windows:5 windows x64 arch:x64

09f18e81b2eff0772dda96324af2dc75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\ADE\aime_1\oracle\nlsrtl3\bin\oranls12.dll.pdb

Imports

oracore12

lmebco
slmaacb
ldxdfd
lfvpos
lfvpkgname
slcgems
SltsPrUnlock
lfvread
lfvseek
lfvclose
lfvopen
slrreg
lstlo
ss_snprintf
ssgetosver
lcvb24
lstrj
lcv42b
lstcpyr
lmebucp
lfvini2
lcvb2w
lfvIsVfsMode
slzgetevar
ss_mem_fre
ss_mem_alc
sscoreserverflag
lnxadd
lnxdiv
lnxmin
ldxdtd
ldxnbeg
lstprintf
lstmclo
slste2a
SltsPrDestroy
sltsmxd
sltsmnr
sltstiddestroy
sltsmna
sltstgi
sltster
sltstidinit
SltsPrInit
sltsmxi
sltsini
sltspin
lstclo
SltsPrWrite
SltsPrRead

oraunls12

lxuCvtToCtx
lxu4Property
lxu4GBlock
lxuComposition
lxu4GCombiningClass
lxuDecomposition
lxu4TstClass

orauts

TlsSetValue
CreateFileA
TlsAlloc
longjmp
GetLastError
CloseHandle
ReadFile
GetCurrentThreadId
Sleep
WriteFile
TlsGetValue
SetFilePointer

msvcr100

strerror
rename
remove
_snprintf
bsearch
printf
qsort
isprint
memmove
free
malloc
strtoul
_setjmp
memcpy
tolower
strchr
toupper
atoi
atol
isspace
fputs
fprintf
__iob_func
strncpy
sprintf
__crt_debugger_hook
memset
strcmp
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
_vsnprintf
__clean_type_info_names_internal
_unlock
_access
__dllonexit
_lock
strncmp
_onexit

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
DecodePointer
EncodePointer
GetCurrentProcess

Exports

Exports

LXUCOLKEYSZ
LXUHCDECOMP
lms_fblang
lms_pmlang
lmsacb
lmsacbn
lmsaci1
lmsacin
lmsagbcmt
lmsagbf
lmsaicmt
lmsamtsini
lmsamtsmxlk
lmsamtsmxunlk
lmsapbn
lmsapcb
lmsapcc
lmsapfc
lmsapic
lmsapnc
lmsapnm
lmsapop
lmsaprb
lmsapsc
lmsatd
lmsatp
lmsatrm
lmsggfl
lmsggfx
lxBomDetect
lxClnLxglo
lxCmpStr
lxDesLxglo
lxDesLxhnd
lxDesLxitm
lxFbLang
lxGetGloPtr
lxIsValidDatabaseCharacterSet
lxSerGetVersion
lxSerLxglo
lxSerLxhnd
lxSerLxhnd2
lxSerLxitm
lxTransliteration
lxTrnNameToID
lxXmlCDataEsc
lxXmlCharRefEsc
lxXmlCvEsc
lxXmlCvEsc0
lxXmlGEntEsc
lxXmlGEntEsc2
lxXmlGEntEscImpl
lxXmlIdConv
lxXmlPrologueParser
lxcdone
lxcgbMaping
lxcgbgwt
lxcgbgwt2
lxclas
lxcsCompose
lxcsDeCompose
lxcsVldAL16UTF16
lxcsVldAL32UTF8
lxcsVldUTF8
lxcsbm
lxcsbmr
lxcscan
lxcscom
lxcsdcp
lxcsdec
lxcsgcm
lxcsgmc
lxcsgmt
lxcsgmw
lxcsm2uAL16UTF16
lxcsm2uAL16UTF16LE
lxcsm2uAL32UTF8
lxcsm2uGB18030
lxcsm2uUTF32
lxcsm2uUTF8
lxcsm2uUTFE
lxcsm2ux
lxcsmlo
lxcsmup
lxcss2m
lxcsu2mAL16UTF16
lxcsu2mAL16UTF16LE
lxcsu2mAL32UTF8
lxcsu2mGB18030
lxcsu2mUTF32
lxcsu2mUTF8
lxcsu2mUTFE
lxcsu2mx
lxcsugcm
lxcsugdd
lxcsuglbdt
lxcsugnv
lxcsugpv
lxcsuti
lxcswlo
lxcswup
lxdchn
lxdcmptbl
lxdfoblx
lxdgetobj
lxdlcag
lxdllib
lxdlobj
lxdlwkb
lxdn2m
lxdnscmp
lxdobl
lxdoblx
lxdprl
lxdsupid
lxdsupsn
lxeadm
lxecerr
lxeg2u
lxegera
lxeifnd
lxeisl
lxeldd
lxeldm
lxeldy
lxelgsz
lxesbm
lxetbn
lxeu2g
lxfbucmp
lxfbver
lxfgnb
lxfgno
lxg2cnv
lxg2cvp
lxg2t2u
lxg2u2t
lxgConvertToAL32UTF8
lxgXmlConv
lxgXmlPcnv
lxgcnv
lxgcnvb
lxgcnvc
lxgcvp
lxgcvp_init
lxgcvpc
lxgd2s
lxgful
lxgncc
lxgpth
lxgratio
lxgraw
lxgrls
lxgs2d
lxgstm
lxgt2u
lxgt2uc
lxgu2t
lxgu2tc
lxgucs2utf
lxgutf2ucs
lxhLaToId
lxhLangEnv
lxhab2f
lxhasc
lxhchtoid
lxhci2h
lxhclrsave
lxhcnv
lxhcsn
lxhdStatus
lxhdab2f
lxhdab2f_f2ab
lxhdata
lxhddump
lxhdisp
lxhdtchid
lxhdumpbufsz
lxhdvld
lxhebc
lxhh2ci
lxhi2s
lxhid2disp
lxhid2name
lxhidtolang
lxhlck
lxhlcmod
lxhlfind
lxhlinfo
lxhlmod
lxhlod
lxhmcnv
lxhmnorm
lxhname2id
lxhnamemap
lxhninfo
lxhnlangid
lxhnlsdata
lxhnmap
lxhnmod
lxhnsize
lxhrefdecr
lxhrefget
lxhrefincr
lxhrefset
lxhschar
lxhsftime
lxhti2h
lxhtn2h
lxilibl
lxinitc
lxinitsc
lxisftx
lxlMatch
lxlbhs
lxlbsz
lxlcpol
lxldalc
lxldfcb
lxldfre
lxldini
lxldlbb
lxldlod
lxldunl
lxlfopn
lxlfrd
lxlfterm
lxlgsz
lxligbl
lxligcs
lxligkey
lxligsbl
lxligsl
lxligss
lxligsu
lxlinfo
lxlinit
lxlsaved
lxlterm
lxm2wlx
lxm2wux
lxmalnx
lxmalpx
lxmbctype
lxmbeqn
lxmblax
lxmbteqx
lxmc2wx
lxmcntx
lxmcpbx
lxmcpen
lxmctex
lxmdigx
lxmdspx
lxmdssln
lxmfwdx
lxmfwtx
lxmgrax
lxmlowx
lxmnceq
lxmnsg
lxmnsp
lxmnspt
lxmopen
lxmprix
lxmpunx
lxmr2w
lxmral
lxmskps
lxmspax
lxmtblank
lxmtos
lxmuppx
lxmvfwdx
lxmvopen
lxmwclose
lxmwterm
lxmxdix
lxnpdp
lxnpdpc
lxoCmpNStr
lxoCmpStr
lxoCntByte
lxoCntChar
lxoCnvCase
lxoCnvCh2Wide
lxoCnvIntToNumStr
lxoCnvNumStrToInt
lxoCpChar
lxoCpDisp
lxoCpStr
lxoCpToOp
lxoCvChar
lxoPadStr
lxoSchPat
lxoSkip
lxoVldStr
lxoWriChar
lxoWriWChar
lxovid
lxpLinDirMatch
lxpLinMatch
lxpLinTrimPunc
lxpTstClsXMLPubidCharTbl
lxpcget
lxpcset
lxpdcset
lxpe2i
lxpebcx
lxpeget
lxpendian
lxphlc
lxpmclo
lxpname
lxpoLinDirMatch
lxpoLinMatch
lxppCodeHexToIntASCIITbl
lxppCodeHexToIntEBCDICTbl
lxppCodeHexToIntEBCDICTblSpec
lxppFrNumStrRomTbl
lxppFrNumStrRomTblLen
lxppFrNumStrRomTblWid
lxppFrNumStrUnicodeRomTbl
lxppFrNumStrUnicodeRomTblWid
lxppToNumStrIdx
lxppebc
lxptmult
lxptmutf8
lxregcomp
lxregdumppat
lxregexec
lxregfree
lxregmatch
lxregmatchknl
lxregreplace
lxsBytePos
lxsCatStr
lxsCmpStr
lxsCntByte
lxsCntChar
lxsCntDisp
lxsCntExc
lxsCntXExc
lxsCnvCase
lxsCnvEqui
lxsCnvIntToNumStr
lxsCnvNumStrToInt
lxsCnvSimple
lxsCpFrWide
lxsCpStr
lxsCpToWide
lxsNextCol
lxsNormStr
lxsRepStr
lxsStrCol
lxsStrPrep
lxsTrnStr
lxsUnclassifiedChar
lxsUnconvertibleChar
lxsVldStr
lxsbcpl
lxsbcpu
lxscat
lxscop
lxspln
lxsplth
lxsply
lxsucPushKeysToBuf
lxsucShiftBuf
lxsulen
lxtegcmtz
lxucConKey
lxucCsKey
lxucGetKeys
lxucUC2key
lxucaGetImplicitWeightBase
lxucaParseCollationName
lxucaToParameterString
lxucom2u
lxujmc
lxujmd
lxvers
lxwCmpStr
lxwCnvCase
lxwCvCplrChar
lxwalnx
lxwalpx
lxwblax
lxwc2lx
lxwc2ux
lxwcicx
lxwcntx
lxwctex
lxwdigx
lxwdspx
lxwgrax
lxwlowx
lxwprix
lxwpunx
lxwspax
lxwuppx
lxwwrap
lxwwsg
lxwxdix
lxxclig
lxxcomp
lxxfcm
lxxlayout
lxxliga
lxxligc
lxxligd
lxxrlayout
lxxscm
lxxshape
lxxshpr
lxzinit
nlsglobal
slmsbdf
slmsbfn
slmscc
slmscl
slmscr
slmscw
slmsop
slmsrd
slmstr
slx_current_tid
slx_global_lock
slx_lock_count
slx_sltscontext
slxcfct
slxcfgc
slxcfgclfv
slxcfna
slxcfot
slxcfrt
slxcfrtlfv
slxcfst
slxcfstlfv
slxcfwt
slxcrl
slxdfobl
slxdfsync
slxefop
slxgmsg
slxlrestore
slxlstore
slxpelen
slxperr
slxpnotset
slxpvalid
ssnlsserverdetach
ssnlsserverflag
ssnlssetserverflag

Sections

.text
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09f18e81b2eff0772dda96324af2dc75

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oracore12

oraunls12

orauts

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 863KB - Virtual size: 863KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 27KB - Virtual size: 33KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 863KB - Virtual size: 863KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 27KB - Virtual size: 33KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 9KB - Virtual size: 9KB