__FineObjUsed
Static task
static1
Behavioral task
behavioral1
Sample
FormReaderDLL.dll
Resource
win7-20221111-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
FormReaderDLL.dll
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
FormReaderDLL.dll
-
Size
224KB
-
MD5
f270d8c432fc2cc96cd4e9028038ae00
-
SHA1
8b331cda6039356b5050d12459a7605063ca5c02
-
SHA256
798d8bf99a06f0ade5e65ba06f3105ff24a5884d06b85568632000b29ab2c5d9
-
SHA512
b48cb09bb1cd1a1ea2a05658cf8d60ee526383264c69d900f80548849b1c2310fc40bf8ed42f77616266b2e27de30b5a321d0dc6a16b706dfdfa4ff127e251e5
-
SSDEEP
3072:E/eApJqLqEZzDC/Bo31gBaEsEEEEEEEEEEErOEEEEIqK89Rd4+YdoQC06HhXg0pR:E/eAfqL3DCEMgrYdoQC0kxmMQ
Score
N/A
Malware Config
Signatures
Files
-
FormReaderDLL.dll.dll windows x86
3f0f53db599da8cfd4ea6e14e26c9612
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
InterlockedIncrement
SetLastError
GetLastError
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
LoadLibraryA
InterlockedDecrement
FreeLibrary
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
user32
PtInRect
MessageBoxA
fineobj
?Value@CUnicodeString@FObj@@QBE_NAA_N@Z
?Value@FObj@@YA_NABVCUnicodeString@1@AAVCString@1@@Z
?Value@CUnicodeString@FObj@@QBE_NAAHH@Z
??1CSetupEnum@FObj@@UAE@XZ
??1?$CSetup@H@FObj@@UAE@XZ
??0CSetupEnum@FObj@@QAE@ABVCUnicodeString@1@0HPBUCEnumItem@1@W4TSetupType@1@@Z
??0?$CSetup@H@FObj@@QAE@ABVCUnicodeString@1@0HW4TSetupType@1@@Z
??4CString@FObj@@QAEAAV01@ABV01@@Z
?CreateString@CUnicodeString@FObj@@QBE?AVCString@2@I@Z
?TrimLeft@CUnicodeString@FObj@@QAEXXZ
?TrimRight@CUnicodeString@FObj@@QAEXXZ
?Find@CUnicodeString@FObj@@QBEH_WH@Z
?StrDel@CUnicodeString@FObj@@QAEXHH@Z
??ACUnicodeString@FObj@@QBE_WH@Z
?SubstParam@CMessage@FObj@@QBE?AVCUnicodeString@2@ABV32@0@Z
?ReadText@CFile@FObj@@SAXABVCUnicodeString@2@AAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@I@Z
??0CMessage@FObj@@QAE@PB_WH@Z
??1CMessage@FObj@@QAE@XZ
?Length@CString@FObj@@QBEHXZ
?ReleaseBuffer@CString@FObj@@QAEXH@Z
?GetBuffer@CString@FObj@@QAEPADH@Z
?ReleaseBuffer@CUnicodeString@FObj@@QAEXH@Z
?GetBuffer@CUnicodeString@FObj@@QAEPA_WH@Z
?NormalizePath@FileSystem@FObj@@YAXAAVCUnicodeString@2@@Z
?Warning@FObj@@YAXPAVCException@1@@Z
?MakeDir@FileSystem@FObj@@YAXABVCUnicodeString@2@@Z
??YCString@FObj@@QAEAAV01@D@Z
?AccessFile@FileSystem@FObj@@YA_NABVCUnicodeString@2@I@Z
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?GetNameExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
??0CString@FObj@@QAE@PBD@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??1CVerInfo@FObj@@QAE@XZ
?Compare@CUnicodeString@FObj@@QBEHPB_W@Z
?GetString@CVerInfo@FObj@@QAE?AVCUnicodeString@2@PB_W@Z
??0CVerInfo@FObj@@QAE@ABVCUnicodeString@1@@Z
?LoadDLL@FObj@@YAPAUHINSTANCE__@@PB_W@Z
?GetFilesInDir@FileSystem@FObj@@YAXABVCUnicodeString@2@AAV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@2@0@Z
?AccessDir@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
??YCUnicodeString@FObj@@QAEAAV01@ABV01@@Z
??YCUnicodeString@FObj@@QAEAAV01@PB_W@Z
??ACString@FObj@@QBEDH@Z
??YCUnicodeString@FObj@@QAEAAV01@_W@Z
?HashKey@@YAHPB_W@Z
?CharIns@CUnicodeString@FObj@@QAEX_WH@Z
?Str@FObj@@YA?AVCString@1@HH@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@HH@Z
?GetDrivePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?StrDel@CString@FObj@@QAEXHH@Z
??4CString@FObj@@QAEAAV01@PBD@Z
?Mid@CString@FObj@@QBE?AV12@HH@Z
?Mid@CString@FObj@@QBE?AV12@H@Z
?CharPos@CString@FObj@@QBEHDH@Z
?Left@CString@FObj@@QBE?AV12@H@Z
?GetLength@CString@FObj@@QBEHXZ
?Compare@CString@FObj@@QBEHPBD@Z
?MakeUpper@CString@FObj@@QAEXXZ
??BCString@FObj@@QBEPBDXZ
?CmpNoCase@CUnicodeString@FObj@@SAHPBV12@0@Z
?GetName@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?GetExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?ThrowFileException@FObj@@YAXW4TType@CFileException@1@ABVCUnicodeString@1@@Z
?ReplaceExt@FileSystem@FObj@@YAXAAVCUnicodeString@2@ABV32@@Z
?GetLength@CUnicodeString@FObj@@QBEHXZ
?Cmp@CUnicodeString@FObj@@SAHPBV12@0@Z
?GetFineObjectsVersion@FObj@@YAHXZ
?CopyObject@FObj@@YAXPBVIObject@1@PAV21@@Z
?Delete@CException@FObj@@QAEXXZ
?CompareNoCase@CUnicodeString@FObj@@QBEHPB_W@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@ABVCString@1@@Z
??0CString@FObj@@QAE@ABV01@@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@_N@Z
?SetString@CSetupBase@FObj@@QAEXABVCUnicodeString@2@@Z
?GetString@CSetupBase@FObj@@QBE?AVCUnicodeString@2@XZ
??1CSetupBase@FObj@@MAE@XZ
??0CSetupBase@FObj@@IAE@ABVCUnicodeString@1@0W4TSetupType@1@@Z
?Empty@CString@FObj@@QAEXXZ
?IsEmpty@CString@FObj@@QBE_NXZ
?Ptr@CString@FObj@@QBEPBDXZ
?Empty@CUnicodeString@FObj@@QAEXXZ
?Trim@CUnicodeString@FObj@@QAEXXZ
?FindOneOf@CUnicodeString@FObj@@QBEHPB_WH@Z
?Left@CUnicodeString@FObj@@QBE?AV12@H@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@H@Z
?UnicodeStr@FObj@@YA?AVCUnicodeString@1@JH@Z
??4CUnicodeString@FObj@@QAEAAV01@PB_W@Z
??0CString@FObj@@QAE@XZ
?CreateUnicodeString@CString@FObj@@QBE?AVCUnicodeString@2@I@Z
??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z
??1CString@FObj@@QAE@XZ
?IsEmpty@CUnicodeString@FObj@@QBE_NXZ
??0CRect@FObj@@QAE@XZ
??0CPoint@FObj@@QAE@HH@Z
??0CRect@FObj@@QAE@ABUtagRECT@@@Z
??0CRect@FObj@@QAE@HHHH@Z
?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A
??1CError@FObj@@QAE@XZ
??0CError@FObj@@QAE@PB_WH@Z
?UpperPrimeNumber@FObj@@YAHH@Z
?GenerateCheck@FObj@@YAXAAVCError@1@PB_W11@Z
?RegisterCreateObjectFunction@FObj@@YAXP6A?AV?$CPtr@VIObject@FObj@@@1@XZABVtype_info@@ABVCUnicodeString@1@@Z
?DoCreateObject@FObj@@YA?AV?$CPtr@VIObject@FObj@@@1@ABVCUnicodeString@1@@Z
??0CUnicodeString@FObj@@QAE@ABV01@@Z
?UnregisterCreateObjectFunction@FObj@@YAXABVtype_info@@@Z
?GenerateInternalError@FObj@@YA_NW4TInternalErrorType@1@PB_W11JK@Z
?AddResourcePrefix@FObj@@YAXPB_W0@Z
??0CUnicodeString@FObj@@QAE@XZ
??0CUnicodeString@FObj@@QAE@PB_W@Z
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@00@Z
??BCUnicodeString@FObj@@QBEPB_WXZ
?LoadModule@FObj@@YAPAUHINSTANCE__@@PB_W@Z
??1CUnicodeString@FObj@@QAE@XZ
?safeStrLen@CUnicodeString@FObj@@CAHPB_W@Z
?safeStr@CUnicodeString@FObj@@CAPB_WPB_W@Z
?Length@CUnicodeString@FObj@@QBEHXZ
?Ptr@CUnicodeString@FObj@@QBEPB_WXZ
?concatStr@CUnicodeString@FObj@@CAPAVCUnicodeStringBody@2@PB_WH0H@Z
??0CUnicodeString@FObj@@AAE@PAVCUnicodeStringBody@1@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
?UnregisterModule@FObj@@YAXPAUHINSTANCE__@@@Z
?BeginStaticPart@FObj@@YAXXZ
?GetErrorFlag@FObj@@YA_NXZ
?EndStaticPart@FObj@@YAXXZ
?RegisterModule@FObj@@YAXPAUHINSTANCE__@@P6AXXZ1@Z
?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z
?AddResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?RemoveResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
??0CSize@FObj@@QAE@HH@Z
msvcr71
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
_except_handler3
__CppXcptFilter
_adjust_fdiv
__CxxFrameHandler
__RTDynamicCast
_purecall
_CxxThrowException
memmove
__dllonexit
_onexit
malloc
free
_initterm
fineobjfc
ord3230
ord626
ord1631
ord1621
ord265
ord352
ord6313
ord747
ord1641
ord408
ord3074
ord353
ord5530
ord2861
ord3403
ord945
ord561
ord349
ord1206
ord863
ord5315
ord3904
ord6427
ord3454
ord2505
ord2443
ord5336
ord6296
ord700
langinfo
?IsValidLanguageName@LangInfo@@SI_NPBD@Z
?GetUserDefaultLanguage@LangInfo@@SIFXZ
?GetLanguageName@LangInfo@@SIPBDF@Z
?GetSystemCodePage@LangInfo@@SIHW4CodePageType@@@Z
??0CLetterString@@QAE@PBDH@Z
??0CLetterString@@QAE@PB_WF@Z
??4CLetterString@@QAEAAV0@ABV0@@Z
?emptyStringBody@CLetterStringBody@@2V1@A
?destroy@CLetterStringBody@@QAEXXZ
??1CLetterString@@QAE@XZ
grinf16
?ChangeDictionarySourceFile@CLanguageDataBase@@UAEXPAVCBaseLanguage@@HABVCUnicodeString@FObj@@@Z
?IsValid@CLanguageDataBase@@UBEHXZ
??1CLanguageDataBase@@UAE@XZ
?LoadFrom@CLanguageDataBase@@UAEKAAVCArchive@MFC@@@Z
?StoreTo@CLanguageDataBase@@UBEXAAVCArchive@MFC@@@Z
?ReleaseReference@LanguageDataBase@@SAXXZ
?SetNewLanguageDataBase@LanguageDataBase@@SAXPAVCLanguageDataBase@@@Z
??0CLanguageDataBase@@QAE@XZ
?TextLanguage@CLanguageDataBase@@QBEPBVCTextLanguage@@ABVCUnicodeString@FObj@@@Z
?NumberOfTextLanguages@CLanguageDataBase@@QBEHXZ
?TextLanguage@CLanguageDataBase@@QBEPBVCTextLanguage@@H@Z
?DictionariesCount@CBaseLanguage@@QBEHXZ
?GetDictionaryType@CBaseLanguage@@QBE?AW4TDictionaryType@Fine4@@H@Z
?GetDictionaryDescription@CBaseLanguage@@QBE?AVCUnicodeString@FObj@@H@Z
?SetDictionaryDescription@CBaseLanguage@@QAEXHW4TDictionaryType@Fine4@@VCUnicodeString@FObj@@@Z
?PredefinedTextLanguage@CLanguageDataBase@@SAPBVCTextLanguage@@ABVCUnicodeString@FObj@@@Z
??1CTextLanguage@@QAE@XZ
??1CBaseLanguage@@QAE@XZ
?ExternalName@CTextLanguage@@QBE?AVCUnicodeString@FObj@@XZ
?activeDataBase@LanguageDataBase@@0PAVCLanguageDataBase@@A
?SetLoadSuccess@LanguageDataBase@@SAXXZ
?AddReference@LanguageDataBase@@SAXXZ
?CompileUserDictionary@CLanguageDataBase@@UAE?AW4TCommitBaseLanguageResult@@PBVCBaseLanguage@@H@Z
da4
?classCFormTemplateTextField@CFormTemplateTextField@@2UCRuntimeClass@MFC@@A
?ConvertOldTemplatesToNew@@YAXPAUIImageDocument@@ABV?$CArray@PBVCFormTemplate@@VCurrentMemoryManager@FObj@@@FObj@@ABV?$CArray@VCUnicodeString@FObj@@VCurrentMemoryManager@2@@3@AAV?$CPointerArray@$$CBUIDAFormPageTemplate@FormLayout@@VCurrentMemoryManager@FObj@@@3@PAUIPageAnalysisParams@FormLayout@@PAUIRecognizerParams@@@Z
?ConvertOldPageParamsToNew@@YAXABUCApplyFormTemplateParams@@AAV?$CPtr@UIPageAnalysisParams@FormLayout@@@FObj@@@Z
?AddReference@CMultiReferenceObject@@QAEXXZ
?ReleaseReference@CMultiReferenceObject@@QAEXXZ
?IsEqualTo@CFormTemplateAnchor@@MBEHABVCLayoutBlock@@@Z
?GetFieldText@CLayoutBlock@@UBE?AVCUnicodeString@FObj@@PAVCEditorTextInterface@@@Z
?IsValid@CFormTemplateAnchor@@UBE_NXZ
?Serialize@CFormTemplateAnchor@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateAnchor@@UBEPAUCRuntimeClass@MFC@@XZ
?GetRuntimeClass@CFormTemplate@@UBEPAUCRuntimeClass@MFC@@XZ
?Serialize@CFormTemplate@@UAEXAAVCArchive@MFC@@@Z
?IsValid@CPageLayout@@UBE_NXZ
?MakeCopy@CFormTemplate@@UBEXAAVCPageLayout@@_N@Z
?SetGlobalRecognitionParam@@YAHPBDPB_W@Z
??0CFormTemplate@@QAE@XZ
?SetDAPermanentPageData@CPageLayout@@QAEXPAVCObject@MFC@@@Z
?IsFlexibleFormTemplate@@YA_NABVCPageLayout@@@Z
??1CPageLayout@@UAE@XZ
??0CFormTemplateAnchor@@QAE@XZ
??1CFormTemplateAnchor@@UAE@XZ
?classCFormTemplateAnchor@CFormTemplateAnchor@@2UCRuntimeClass@MFC@@A
?IsEqualTo@CFormTemplateBarcodeField@@MBEHABVCLayoutBlock@@@Z
?GetFieldText@CFormTemplateBarcodeField@@UBE?AVCUnicodeString@FObj@@PAVCEditorTextInterface@@@Z
?IsValid@CLayoutBlock@@UBE_NXZ
?Serialize@CFormTemplateBarcodeField@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateBarcodeField@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateBarcodeField@@QAE@XZ
??1CFormTemplateBarcodeField@@UAE@XZ
??0CRecognitionParams@@QAE@ABU0@@Z
??1CRecognitionParams@@QAE@XZ
??0CRecognitionParams@@QAE@XZ
??4CRecognitionParams@@QAEAAU0@ABU0@@Z
?SetCaseMode@CRecognitionParams@@QAEXW4TCaseRecognitionMode4@@@Z
?GetCaseMode@CRecognitionParams@@QBE?AW4TCaseRecognitionMode4@@XZ
?IsEqualTo@CFormTemplateCheckmark@@MBEHABVCLayoutBlock@@@Z
?GetFieldText@CFormTemplateCheckmark@@UBE?AVCUnicodeString@FObj@@PAVCEditorTextInterface@@@Z
?Serialize@CFormTemplateCheckmark@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateCheckmark@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateCheckmark@@QAE@XZ
??1CFormTemplateCheckmark@@UAE@XZ
?IsEqualTo@CFormTemplateTextField@@MBEHABVCLayoutBlock@@@Z
?GetFieldText@CFormTemplateTextField@@UBE?AVCUnicodeString@FObj@@PAVCEditorTextInterface@@@Z
?IsValid@CFormTemplateTextField@@UBE_NXZ
?Serialize@CFormTemplateTextField@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateTextField@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateTextField@@QAE@XZ
??1CFormTemplateTextField@@UAE@XZ
?Serialize@CRecognitionParams@@QAEXAAVCArchive@MFC@@_N@Z
?IsEqualTo@CFormTemplateImageField@@MBEHABVCLayoutBlock@@@Z
?Serialize@CFormTemplateImageField@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateImageField@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateImageField@@QAE@XZ
??1CFormTemplateImageField@@UAE@XZ
?IsEqualTo@CFormTemplateRadioButtonGroup@@MBEHABVCLayoutBlock@@@Z
?GetFieldText@CFormTemplateRadioButtonGroup@@UBE?AVCUnicodeString@FObj@@PAVCEditorTextInterface@@@Z
?Serialize@CFormTemplateRadioButtonGroup@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateRadioButtonGroup@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateRadioButtonGroup@@QAE@XZ
??1CFormTemplateRadioButtonGroup@@UAE@XZ
?IsEqualTo@CFormTemplateRadioButton@@MBEHABVCLayoutBlock@@@Z
?Serialize@CFormTemplateRadioButton@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateRadioButton@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateRadioButton@@QAE@XZ
??1CFormTemplateRadioButton@@UAE@XZ
?IsEqualTo@CFormTemplateTableField@@MBEHABVCLayoutBlock@@@Z
?IsValid@CFormTemplateTableField@@UBE_NXZ
?Serialize@CFormTemplateTableField@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateTableField@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateTableField@@QAE@XZ
??1CFormTemplateTableField@@UAE@XZ
?IsEqualTo@CFormTemplateBlock@@MBEHABVCLayoutBlock@@@Z
?Serialize@CFormTemplateUnrecognizableField@@UAEXAAVCArchive@MFC@@@Z
?GetRuntimeClass@CFormTemplateUnrecognizableField@@UBEPAUCRuntimeClass@MFC@@XZ
??0CFormTemplateUnrecognizableField@@QAE@XZ
??1CFormTemplateUnrecognizableField@@UAE@XZ
?InitializeFormTemplate@@YA_NQAVCFormTemplate@@@Z
??1CFormTemplate@@UAE@XZ
?classCFormTemplateBlock@CFormTemplateBlock@@2UCRuntimeClass@MFC@@B
Exports
Exports
Sections
.text Size: 124KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ