ocldr[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ocldr.dll
Size

2.2MB
MD5

141c3322d2f0ae3456062c0839671427
SHA1

f430cf7bb48589b28dfbbcc5b5a78b2fa226d0cc
SHA256

a18c8a0cafe4540ac0c39008bd451c3f61a3b96643261ea83de259ba443c2efc
SHA512

cdd34044b2b82b599cc26ea4b9352c448a41feafbf591a0db6b1bc923c68f23df798f15580629571ba5fb515dc1cf150bd6180127f32faff7e8f247d21cbb5f2
SSDEEP

49152:gzSjfOgOCumsk8nxOHZCUi38KmUZUWOD3inf:wWKo5K38KmUiV3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ocldr.dll

Files

ocldr.dll
.dll windows:6 windows x64 arch:x64

d0dbc6e2ebf73b1cabe5514fd137a65d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateIoCompletionPort
SetFileCompletionNotificationModes
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetSystemInfo
SetStdHandle
FlushFileBuffers
WriteFile
SetFilePointerEx
PostQueuedCompletionStatus
LCMapStringW
GetLogicalProcessorInformationEx
FlsFree
GetComputerNameExW
GetConsoleOutputCP
SwitchToThread
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
WaitForSingleObject
ReleaseSRWLockExclusive
GetCPInfo
GetOEMCP
GetModuleHandleA
GetFileType
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
GetACP
MultiByteToWideChar
WriteConsoleW
AcquireSRWLockExclusive
GetEnvironmentVariableW
GetFullPathNameW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
IsValidCodePage
GetModuleHandleW
FormatMessageW
FindNextFileW
FindFirstFileExW
FindClose
GetModuleFileNameW
CreateThread
SetThreadStackGuarantee
GetLastError
ExitProcess
GetSystemTimeAsFileTime
SetHandleInformation
GetModuleHandleExW
RtlPcToFileHeader
QueryPerformanceFrequency
QueryPerformanceCounter
HeapReAlloc
GetTickCount64
GlobalMemoryStatusEx
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
GetQueuedCompletionStatusEx
GetStringTypeW
GetProcAddress
GetLogicalDrives
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetProcessTimes
OpenProcess
RtlUnwindEx
GetStartupInfoW
ReadProcessMemory
CloseHandle
HeapFree
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
IsDebuggerPresent
LocalFree
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
FreeLibrary
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSize
HeapAlloc
SetLastError
GetProcessHeap

ntdll

NtReadFile
RtlGetVersion
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtCreateFile
NtQuerySystemInformation
NtQueryInformationProcess

ws2_32

getsockopt
connect
setsockopt
WSAIoctl
getaddrinfo
closesocket
freeaddrinfo
WSAStartup
WSACleanup
ioctlsocket
recv
bind
shutdown
send
getsockname
WSAGetLastError
getpeername
WSASend
WSASocketW

advapi32

RegCloseKey
RegQueryValueExW
GetTokenInformation
OpenProcessToken
LookupAccountSidW
CopySid
GetLengthSid
IsValidSid
GetUserNameW
SystemFunction036
RegOpenKeyExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhRemoveCounter
PdhOpenQueryA
PdhCollectQueryData

oleaut32

SafeArrayUnaccessData
SysAllocString
SafeArrayGetLBound
VariantClear
SysStringLen
SysFreeString
GetErrorInfo
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetUBound

crypt32

CertAddCertificateContextToStore
CertDuplicateStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
LsaFreeReturnBuffer
LsaGetLogonSessionData
AcquireCredentialsHandleA
EncryptMessage
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken
LsaEnumerateLogonSessions

user32

MessageBoxW

bcrypt

BCryptGenRandom

psapi

GetPerformanceInfo
GetModuleFileNameExW

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2
GetAdaptersAddresses

netapi32

NetApiBufferFree
NetUserGetInfo
NetUserEnum
NetUserGetLocalGroups

shell32

CommandLineToArgvW

powrprof

CallNtPowerInformation

Exports

Exports

Java_me_oringo_Native_a
Java_me_oringo_Native_b
Java_me_oringo_Native_c
bz_internal_error

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0dbc6e2ebf73b1cabe5514fd137a65d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ws2_32

advapi32

ole32

pdh

oleaut32

crypt32

secur32

user32

bcrypt

psapi

iphlpapi

netapi32

shell32

powrprof

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 575KB - Virtual size: 574KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 575KB - Virtual size: 574KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 7KB - Virtual size: 6KB