oraocrutl12[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

oraocrutl12.dll
Size

82KB
MD5

eedd36804692911c922db74813b35a65
SHA1

00f5dee0a7dad74d6d9aa91b5f46f4042c2afef3
SHA256

9ea570332df773ee1c183974f56be52f6209c908d64c477c83d50d809c109235
SHA512

ea428555a85e4694a470daf560742df474c65eddc1bc8059f350144194f58ffd8c63add7bd682e35a19ae56d4698d53386336fccd0a8d75231715d6836f2c769
SSDEEP

768:n183EgJCxekA06wM5Oh8mr5ilJZCA5nOenGroKTXiUXZtH1yaeFksINPGddg0D+P:nS9zFHOr58OCcSUXZtV9CksIqMG+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
oraocrutl12.dll

Files

oraocrutl12.dll
.dll windows:5 windows x64 arch:x64

e256cff1b90f02efb8fd6fde527cdc46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\v3\oracle\opsm\bin\oraocrutl12.dll.pdb

Imports

oracommon12

vsnupr

orageneric12

slgfn
slgtd

oranls12

lmsagbcmt

oracore12

lfiskbn
lmmcalloc
lmmfree
sltrusleep
lsttokr
lsfpv
lstprintf
sltstidinit
sltstgi
sltstprint
sltstiddestroy
LhtStrSearch
LhtStrInsert
LhtStrRemove
lstclo
lpminit
sltsmna
sltskyg
sltsmnr
sltskys
SltsPrWrite
SltsPrUnlock
lcvb24
slzgetevar
slmtnatol
lfimkpth
lfimknam
lfifini
lfiopn
lficrt
lfifpo
lfieno
lfidlb
lfifcp
lfiren
lfitrim
lfiisop
lfilen
lfiflu
lfiwr
lfird
lfilini
lfifno
lficls
lfifex
lmmtophp

orahasgen12

scls_iddb_get_user_id_by_name
scls_idq_get_crs_user_id
scls_meta_query_size
clsdwftlv
clsu_get_target_node_role
clsu_get_config_node_role
clsuSlosFormatDiag
scls_iddb_compare_user_id
clscrs_splist_destroy
clscrs_start_resource2
clsdprft1
clscrs_splist_append
clscrs_splist_create
clscrs_term_crs
clscrs_res_get_op_status
clscrs_reslist_first
clsdwflv
clscrs_env_delete
clscrs_reslist_destroy
clscrs_register_resource2
clscrs_reslist_append
clscrs_reslist_create
clscrs_res_set_attr
clscrs_res_create
clscrs_init_crs
clsdprintf
clsdprintft
clsdgetcompid
clscrs_env_create

oraasmclnt12

kgfnmFree
kgfnmParse
kgfnmAlloc

msvcr100

sscanf
__crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
strchr
printf
strtol
strncmp
_vsnprintf
_snprintf
strncat
memcpy
strncpy
strrchr
strstr
strcmp
strlen
strcpy
memset
_time64
_difftime64

orauts

Sleep
GetCurrentThreadId

kernel32

DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
EncodePointer

Exports

Exports

prou_add_list_log_ext
prou_allocm
prou_ator
prou_caching_unlock
prou_caching_write_lock
prou_check_keycomp
prou_check_tag
prou_clsd_list_log
prou_copy_error_msg_to_error
prou_copy_error_to_error_msg
prou_delete_error
prou_error_destfunc
prou_fill_errorbuf
prou_fill_tag
prou_find_keydepth
prou_freem
prou_get_env_loglevel
prou_get_error
prou_get_keydepth
prou_get_node_role
prou_hash
prou_hashfunc
prou_init_list_hdr
prou_initstring
prou_insert_error
prou_invalidate_tag
prou_lht_allocm
prou_lht_freem
prou_modify_asm_dep
prou_parse_asm_alloccb
prou_parse_asm_freecb
prou_parse_asmfname
prou_print_log_list
prou_reset_error
prou_set_comp_error
prou_set_gbl_comp_error
prou_set_ocr_error
prou_sleep
prou_split_asmbkpfname
prou_start_local_asm
prou_trace
prou_version_compatible
proudp_backup_env_set
proudp_check_priv_giuser_permission
proudp_delay_req_op_id_env_set
proudp_device_env_set
proudp_failing_mas_conn_env_set
proudp_get_asm_cache
proudp_get_authdir
proudp_get_backupdir
proudp_get_connectstring
proudp_get_localnodenum
proudp_get_logbasedir
proudp_get_ocr9loc_env
proudp_get_ocrloc_env
proudp_get_olr_upg_env
proudp_get_olrloc_env
proudp_get_version
proudp_inv_tst_env_set
proudp_log_banner
proudp_loglevel_env_isset
proudp_recover_env_set
proudp_replace_permission
proudp_updatedep_fail_env_set
proudp_upgrade_env_set
proudp_upgrade_intg_env_set
proudp_version_env_set
proudp_vote_env_set
proulficlose
proulficp
proulficr
proulfide
proulfidelete
proulfie
proulfiopn
proulfir
proulfiren
proulfisz
proulfiw

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e256cff1b90f02efb8fd6fde527cdc46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oracommon12

orageneric12

oranls12

oracore12

orahasgen12

oraasmclnt12

msvcr100

orauts

kernel32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 512B - Virtual size: 168B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 512B - Virtual size: 168B