vfp9r[.]dll | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

vfp9r.dll
Size

4.5MB
MD5

074bd3b7cd21ea7e0013d62caee4dacf
SHA1

433cabb03b4ecfe4cc55ecee90d33b050a7240e4
SHA256

00e629266bab84966a2b386298f2f1ecc6c6e3c73efe2a8d15cde3a7c03d63c7
SHA512

3189d60d0e8e4745d83ec960f76784206ede98715d4503d64b1485b153f3d11deeac9ee7b8308009f23e13b99ad49fed8244f4f1411421830618cf48c001713a
SSDEEP

98304:S6rj+BTuGpFh0jB2zsOcO+7XzmSrQ+GbrYJ4ufm6MOXYjXCbz:xj+riUgOGySLGfYCrORb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
vfp9r.dll

Files

vfp9r.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6a63bf50ac61adf611e9bf1c0f2d7124

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\VFP92\vfp9r.opt.pdb

Imports

kernel32

ExitProcess
GetSystemTimeAsFileTime
GetStringTypeExA
LocalFree
GetComputerNameA
GetUserDefaultLangID
ExpandEnvironmentStringsA
GlobalFlags
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
lstrcmpiA
GetSystemDirectoryA
lstrcatA
IsBadCodePtr
IsBadReadPtr
LockResource
HeapDestroy
HeapCreate
GlobalMemoryStatus
HeapSize
SetProcessWorkingSetSize
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GlobalCompact
LCMapStringA
IsDBCSLeadByte
GetSystemDefaultLCID
GetSystemDefaultLangID
GetTempPathA
GetFileSize
MoveFileA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindNextFileA
GetLogicalDrives
GetVolumeInformationA
GetDiskFreeSpaceA
SystemTimeToFileTime
GetSystemTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetFileTime
UnlockFile
LockFile
SetEndOfFile
SetFilePointer
GetVersionExA
ReadFile
GetFileAttributesA
GetDriveTypeA
IsValidLocale
GetProfileStringA
GetExitCodeThread
CreateThread
GetOEMCP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount
GetFullPathNameA
SearchPathA
SetErrorMode
GlobalFree
GlobalReAlloc
Sleep
FlushFileBuffers
lstrcpyA
SetFileAttributesA
CopyFileA
FindClose
FindFirstFileA
GetCPInfo
QueryPerformanceFrequency
IsValidCodePage
GetLocalTime
VirtualAlloc
GetSystemInfo
VirtualFree
FormatMessageA
HeapAlloc
GetProcessHeap
HeapFree
WinExec
LoadLibraryA
FreeLibrary
GetLastError
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetProfileIntA
RaiseException
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
MulDiv
UnmapViewOfFile
SetEvent
ReleaseMutex
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
CreateMutexA
CreateEventA
MapViewOfFile
CreateFileMappingA
lstrcpynA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter

user32

PeekMessageA
SetTimer
TranslateMessage
GetQueueStatus
GetDesktopWindow
GetSubMenu
EnableMenuItem
GetSysColorBrush
SendMessageA
GetSystemMetrics
DrawIconEx
RegisterWindowMessageA
RedrawWindow
GetClientRect
SetWindowPos
PostQuitMessage
GetMenu
OpenClipboard
EmptyClipboard
CloseClipboard
EndMenu
GetWindowLongA
SetWindowLongA
ShowWindow
IsWindowVisible
CreateWindowExA
LoadCursorA
RegisterClassExA
GetKeyState
IsWindow
DestroyWindow
MenuItemFromPoint
ReleaseDC
GetDC
wsprintfA
SetClipboardData
DrawFocusRect
SetCursor
GetCursor
SetRect
UnregisterClassA
MessageBoxA
SetFocus
ReleaseCapture
SetCapture
GetMessageExtraInfo
ClientToScreen
KillTimer
GetSysColor
CharPrevA
SetClipboardViewer
ChangeClipboardChain
GetDoubleClickTime
LoadImageA
GetClassInfoA
RegisterClassA
InvalidateRect
AdjustWindowRect
BringWindowToTop
EnableWindow
DefWindowProcA
SetClassLongA
GetClassLongA
EndPaint
BeginPaint
GetUpdateRect
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
SetCursorPos
ClipCursor
RegisterClipboardFormatA
GetCapture
GetAsyncKeyState
FrameRect
InflateRect
FillRect
ValidateRect
DdeEnableCallback
DdeGetLastError
DdeAccessData
DdeUnaccessData
DdeFreeDataHandle
DdeConnect
DdeDisconnect
DdePostAdvise
DdeClientTransaction
DdeInitializeA
DdeUninitialize
DdeAbandonTransaction
GetMessageA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
WindowFromPoint
GetClassNameA
GetWindow
UpdateWindow
SubtractRect
CopyRect
EqualRect
GetWindowDC
GrayStringA
GetMenuItemRect
DrawMenuBar
LoadMenuIndirectA
SetMenuItemInfoA
CreateMenu
CreatePopupMenu
GetSystemMenu
DeleteMenu
GetMenuItemCount
InsertMenuItemA
DestroyMenu
GetMenuItemInfoA
InsertMenuA
ModifyMenuA
SetMenu
CharLowerBuffA
CharUpperBuffA
ChangeDisplaySettingsA
CreateIcon
LoadCursorFromFileA
CreateCursor
DestroyCursor
SetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
GetWindowTextA
GetDlgItem
DestroyIcon
LoadBitmapA
DrawIcon
CreateAcceleratorTableA
CopyAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
IsChild
GetClipboardData
EnumDisplaySettingsA
FindWindowA
GetWindowThreadProcessId
ScreenToClient
keybd_event
MessageBeep
MapVirtualKeyA
CharToOemA
WinHelpA
SetKeyboardState
GetKeyboardState
SendDlgItemMessageA
SetWindowTextA
SetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
DrawCaption
AppendMenuA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetScrollInfo
SetScrollInfo
ShowScrollBar
SetParent
IsZoomed
AdjustWindowRectEx
LoadIconA
OemToCharBuffA
InSendMessage
CharNextA
GetKeyboardType
DrawFrameControl
ShowCaret
HideCaret
SetCaretPos
DestroyCaret
InvalidateRgn
ScrollDC
DrawTextA
CharToOemBuffA
PostMessageA
ShowCursor
MsgWaitForMultipleObjects
DispatchMessageA
EnumThreadWindows
GetFocus
GetActiveWindow
GetCursorPos
GetClipboardFormatNameA
GetParent
ActivateKeyboardLayout
GetKeyboardLayout
CreateCaret
IsClipboardFormatAvailable
MoveWindow
DdeQueryStringA
DdeCreateStringHandleA
DdeCreateDataHandle
DdeNameService
DdeFreeStringHandle
RemoveMenu

gdi32

EnumFontFamiliesExA
GetTextColor
GetBkColor
SetTextColor
PatBlt
GetObjectA
GetDIBColorTable
CreatePalette
CreateHalftonePalette
SelectPalette
RealizePalette
GetTextAlign
MoveToEx
LineTo
Ellipse
Polygon
Polyline
PolyBezier
RoundRect
CreateRectRgnIndirect
CombineRgn
FillRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreateRoundRectRgn
CreatePen
UnrealizeObject
SetBrushOrgEx
SetBkMode
GetROP2
SetROP2
CreateSolidBrush
CreateRectRgn
SetTextAlign
CreateBitmap
CreatePatternBrush
GetRgnBox
RectInRegion
FrameRgn
GetPixel
CreateFontIndirectA
EnumFontsA
GetTextMetricsA
AddFontResourceA
RemoveFontResourceA
CopyMetaFileA
CreateHatchBrush
TranslateCharsetInfo
SetRectRgn
SelectClipRgn
GetTextExtentPoint32A
GdiFlush
CreateBrushIndirect
ExcludeClipRect
SetStretchBltMode
StretchBlt
GetBitmapBits
StretchDIBits
SetDIBits
CreateDIBitmap
CreateICA
StartDocA
EndDoc
AbortDoc
SetBitmapBits
OffsetRgn
CreateDCA
LPtoDP
SaveDC
SetWindowOrgEx
RestoreDC
CreateMetaFileA
CloseMetaFile
DeleteMetaFile
DeleteObject
DeleteDC
GetDIBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
GetStockObject
SelectObject
SetViewportExtEx
SetWindowExtEx
SetMapMode
ExtTextOutA
SetBkColor
GetDeviceCaps
EndPage
StartPage
GetDCOrgEx
PaintRgn
GetClipBox

winspool.drv

ClosePrinter
EnumPrintersA
StartDocPrinterA
EndDocPrinter
WritePrinter
OpenPrinterA
DocumentPropertiesA
GetPrinterA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
ChooseFontA
CommDlgExtendedError
PrintDlgA
PageSetupDlgA

comctl32

ImageList_Destroy
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_Add
ImageList_Create
ord17
ImageList_DragMove

advapi32

RegEnumKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyW
RegCreateKeyA
RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA

shell32

SHAppBarMessage
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
SHFileOperationA
DragQueryFileA

imm32

ImmSetCompositionFontA
ImmGetContext
ImmGetConversionStatus
ImmSetConversionStatus
ImmReleaseContext
ImmGetOpenStatus
ImmIsIME
ImmAssociateContext
ImmGetCompositionStringA
ImmSetCompositionWindow
ImmEscapeA
ImmSimulateHotKey
ImmNotifyIME

oledlg

ord8
ord3
ord4
ord5

urlmon

HlinkGoBack
HlinkGoForward
HlinkSimpleNavigateToString

msvcr71

__security_error_handler
_CIpow
_setjmp3
_CIasin
_CIacos
_strnicmp
memset
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
_onexit
__dllonexit
_CxxThrowException
__CxxFrameHandler
_except_handler3
_access
_strrev
ldiv
_finite
isdigit
isalpha
_strupr
div
strtoul
_ultoa
_isnan
ldexp
modf
_setmode
_isatty
_mkdir
_rmdir
getenv
strpbrk
_HUGE
sscanf
strtok
_control87
memchr
atof
strcspn
strncat
strncpy
strstr
strrchr
strchr
_seh_longjmp_unwind
_stricmp
_mbsnbcat
_mbsnbicmp
_mbsnbcpy
_mbsstr
_mbsrchr
_mbschr
_mbscspn
_mbsicmp
toupper
_winminor
_winmajor
wcscpy
qsort
wcstombs
floor
_itoa
_wcsicmp
realloc
wcscmp
_errno
strtol
atoi
isspace
atol
strncmp
strspn
wcschr
_purecall
memmove
iswspace
_vsnprintf
ceil
malloc
longjmp
exit
_resetstkoflw
free
wcsncpy
wcslen
_tempnam
_snprintf
_makepath
_splitpath
_snwprintf
_fpreset

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mpr

WNetEnumResourceA
WNetCloseEnum
WNetGetUserA
WNetAddConnection2A
WNetCancelConnection2A
WNetGetConnectionA
WNetOpenEnumA

oleaut32

SafeArrayUnaccessData
UnRegisterTypeLi
LHashValOfNameSys
SafeArrayPutElement
SafeArrayCreate
LoadRegTypeLi
LoadTypeLi
VariantCopy
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysReAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SafeArrayGetVartype
SafeArrayDestroy
VarDecFromR8
VariantCopyInd
RevokeActiveObject
RegisterActiveObject
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
RegisterTypeLi
SafeArrayGetDim
SafeArrayGetElemsize
VarR8FromDec
SysAllocStringLen
GetActiveObject
DispCallFunc
OleCreatePropertyFrameIndirect
OleCreateFontIndirect
OleCreatePictureIndirect
OleLoadPicture
VarUI4FromStr

ole32

OleIsRunning
OleQueryCreateFromData
GetClassFile
GetHGlobalFromILockBytes
StgOpenStorageOnILockBytes
WriteClassStm
OleGetIconOfClass
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleDoAutoConvert
ReadClassStm
CoGetClassObject
OleSaveToStream
CoTaskMemAlloc
CoTaskMemRealloc
OleSetClipboard
CreateGenericComposite
CreateItemMoniker
OleSetMenuDescriptor
IsAccelerator
OleQueryLinkFromData
OleConvertIStorageToOLESTREAM
ProgIDFromCLSID
OleSetContainedObject
OleCreateStaticFromData
OleCreateFromData
OleCreateLinkFromData
CoIsOle1Class
OleCreateFromFile
OleCreateLinkToFile
OleCreate
ReadClassStg
OleConvertOLESTREAMToIStorage
CreateFileMoniker
OleLoad
OleDraw
OleSave
WriteClassStg
StringFromCLSID
BindMoniker
MkParseDisplayName
CreateBindCtx
CLSIDFromString
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorage
StgIsStorageFile
OleUninitialize
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleGetClipboard
OleDuplicateData
RevokeDragDrop
RegisterDragDrop
DoDragDrop
StgCreateDocfile
OleInitialize
CoGetMalloc
ReleaseStgMedium
CoUninitialize
CoInitialize
CoRegisterClassObject
CoLockObjectExternal
CoRevokeClassObject
CoCreateGuid
StringFromGUID2
CoTaskMemFree
CoDisconnectObject
OleRun
CoCreateInstance
CLSIDFromProgID

winmm

PlaySoundA
timeGetTime

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateHBITMAPFromBitmap
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageRotateFlip
GdipGetImageFlags
GdipGetImageType
GdipCombineRegionRectI
GdipCreateRegionRectI
GdiplusShutdown
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileDestPointI
GdipDrawImagePointRectI
GdipGetDpiY
GdipSetCompositingMode
GdipPlayMetafileRecord
GdipRecordMetafileFileName
GdipRecordMetafile
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromScan0
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipComment
GdipGetImageHeight
GdipGetImageWidth
GdipSaveAddImage
GdipSaveAdd
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipGetFontHeight
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteRegion
GdipCreateRegion
GdipGetClip
GdipSetClipRegion
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipMeasureString
GdipDrawString
GdipFillPath
GdipFillEllipseI
GdipFillRectangleI
GdipFillRectangle
GdipDrawPath
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipGetDpiX
GdipGetPageUnit
GdipSetPageScale
GdipSetPageUnit
GdipTranslateWorldTransform
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetInterpolationMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipCreatePen1
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCloneBrush
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCreateHatchBrush
GdipCreateSolidFill
GdipDeletePen
GdipSetPenWidth
GdipSetPenMode
GdipSetPenDashStyle
GdipCloneStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatTabStops
GdipSetStringFormatTrimming
GdipStringFormatGetGenericDefault
GdipCreatePath
GdipDeletePath
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCreateFromHDC

Exports

Exports

@OCXAPIInit@4
DllCanUnloadNow
DllGetClassObject
DllOleInit
DllRegisterServer
DllUnregisterServer
DllWinMain
VFPDllCanUnloadNow
VFPDllGetClassObject

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a63bf50ac61adf611e9bf1c0f2d7124

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

comctl32

advapi32

shell32

imm32

oledlg

urlmon

msvcr71

version

mpr

oleaut32

ole32

winmm

gdiplus

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 96KB - Virtual size: 93KB

.data Size: 68KB - Virtual size: 73KB

.rsrc Size: 244KB - Virtual size: 241KB

.reloc Size: 136KB - Virtual size: 133KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 96KB - Virtual size: 93KB

.data
Size: 68KB - Virtual size: 73KB

.rsrc
Size: 244KB - Virtual size: 241KB

.reloc
Size: 136KB - Virtual size: 133KB