DOCSLIB.ORG

Automated Malware Analysis Report for 18-02-22-(K-Irie).Xls

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Malware Analysis Report for 18-02-22-(K-Irie).Xls ID: 47598 Sample Name: 18-02-22-(k- irie).xls Cookbook: defaultwindowsofficecookbook.jbs Time: 01:30:58 Date: 23/02/2018 Version: 21.0.0 Table of Contents Table of Contents 2 Analysis Report 4 Overview 4 General Information 4 Detection 4 Confidence 5 Classification 5 Analysis Advice 5 Signature Overview 6 AV Detection: 6 Software Vulnerabilities: 6 Networking: 6 Data Obfuscation: 6 Spreading: 6 System Summary: 6 HIPS / PFW / Operating System Protection Evasion: 7 Anti Debugging: 7 Malware Analysis System Evasion: 7 Hooking and other Techniques for Hiding and Protection: 7 Language, Device and Operating System Detection: 7 Behavior Graph 7 Simulations 8 Behavior and APIs 8 Antivirus Detection 8 Initial Sample 8 Dropped Files 8 Unpacked PE Files 8 Domains 9 Yara Overview 9 Initial Sample 9 PCAP (Network Traffic) 9 Dropped Files 9 Memory Dumps 9 Unpacked PEs 9 Joe Sandbox View / Context 9 IPs 9 Domains 9 ASN 9 Dropped Files 10 Screenshot 10 Startup 11 Created / dropped Files 11 Contacted Domains/Contacted IPs 12 Contacted Domains 12 Contacted IPs 12 Static File Info 13 General 13 File Icon 13 Static OLE Info 13 General 13 OLE File "18-02-22-(k-irie).xls" 14 Indicators 14 Summary 14 Document Summary 14 Streams with VBA 14 Copyright Joe Security LLC 2018 Page 2 of 23 VBA File Name: Sheet1.cls, Stream Size: 977 14 General 14 VBA Code Keywords 14 VBA Code 14 VBA File Name: ThisWorkbook.cls, Stream Size: 5760 14 General 14 VBA Code Keywords 15 VBA Code 16 Streams 16 Stream Path: \x1CompObj, File Type: data, Stream Size: 107 16 General 16 Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 240 16 General 16 Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 168 17 General 17 Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 55082 17 General 17 Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 425 17 General 17 Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 62 17 General 17 Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 3005 18 General 18 Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 1414 18 General 18 Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 106 18 General 18 Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 548 18 General 18 Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 481 19 General 19 Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 524 19 General 19 Network Behavior 19 Network Port Distribution 19 TCP Packets 19 UDP Packets 20 ICMP Packets 20 DNS Queries 20 DNS Answers 20 HTTP Request Dependency Graph 20 HTTP Packets 20 Code Manipulations 21 Statistics 21 Behavior 21 System Behavior 21 Analysis Process: EXCEL.EXE PID: 3268 Parent PID: 2948 21 General 21 File Activities 21 Registry Activities 22 Key Created 22 Analysis Process: cmd.exe PID: 3348 Parent PID: 3268 22 General 22 Analysis Process: powershell.exe PID: 3376 Parent PID: 3348 22 General 22 File Activities 23 File Created 23 File Deleted 23 Registry Activities 23 Disassembly 23 Code Analysis 23 Copyright Joe Security LLC 2018 Page 3 of 23 Analysis Report Overview General Information Joe Sandbox Version: 21.0.0 Analysis ID: 47598 Start time: 01:30:58 Joe Sandbox Product: CloudBasic Start date: 23.02.2018 Overall analysis duration: 0h 4m 16s Hypervisor based Inspection enabled: false Report type: light Sample file name: 18-02-22-(k-irie).xls Cookbook file name: defaultwindowsofficecookbook.jbs Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1) Number of analysed new started processes analysed: 7 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies HCA enabled EGA enabled HDC enabled GSI enabled (VBA) Analysis stop reason: Timeout Detection: MAL Classification: mal84.evad.expl.winXLS@5/3@3/2 HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 EGA Information: Failed HDC Information: Failed Cookbook Comments: Adjust boot time Found application associated with file extension: .xls Found Word or Excel or PowerPoint document Simulate clicks Number of clicks 142 Close Viewer Warnings: Show All Exclude process from analysis (whitelisted): WmiApSrv.exe, conhost.exe, dllhost.exe Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: EXCEL.EXE, powershell.exe Detection Strategy Score Range Reporting Detection Threshold 84 0 - 100 Report FP / FN Copyright Joe Security LLC 2018 Page 4 of 23 Confidence Strategy Score Range Further Analysis Required? Confidence Threshold 5 0 - 5 false Classification Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior Copyright Joe Security LLC 2018 Page 5 of 23 Signature Overview • AV Detection • Software Vulnerabilities • Networking • Data Obfuscation • Spreading • System Summary • HIPS / PFW / Operating System Protection Evasion • Anti Debugging • Malware Analysis System Evasion • Hooking and other Techniques for Hiding and Protection • Language, Device and Operating System Detection Click to jump to signature section AV Detection: Multi AV Scanner detection for domain / URL Multi AV Scanner detection for submitted file Software Vulnerabilities: Potential document exploit detected (performs DNS queries) Potential document exploit detected (performs HTTP gets) Potential document exploit detected (unknown TCP traffic) Document exploit detected (process start blacklist hit) Networking: Downloads files from webservers via HTTP Performs DNS lookups Urls found in memory or binary data Domain name seen in connection with other malware HTTP GET or POST without a user agent Internet Provider seen in connection with other malware Data Obfuscation: Document contains an embedded VBA with many string operations indicating source code obfuscation Obfuscated command line found Spreading: Enumerates the file system System Summary: Checks whether correct version of .NET is installed Found graphical window changes (likely an installer) Uses Microsoft Silverlight Checks if Microsoft Office is installed Copyright Joe Security LLC 2018 Page 6 of 23 Uses new MSVCR Dlls Binary contains paths to debug symbols Binary contains paths to development resources Classification label Creates files inside the user directory Creates temporary files Document contains an OLE Workbook stream indicating a Microsoft Excel file Found command line output Parts of this applications are using the .NET runtime (Probably coded in C#) Reads ini files Reads software policies Sample is known by Antivirus (Virustotal or Metascan) Spawns processes Uses an in-process (OLE) Automation server Creates mutexes Document contains embedded VBA macros Reads the hosts file Document contains an embedded VBA macro which executes code when the document is opened / closed Document contains an embedded VBA macro which may execute processes Powershell connects to network HIPS / PFW / Operating System Protection Evasion: May try to detect the Windows Explorer process (often used for injection) Very long cmdline option found, this is very uncommon (may be encrypted or packed) Anti Debugging: Creates guard pages, often used to prevent reverse engineering and debugging Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) Enables debug privileges Malware Analysis System Evasion: Queries a list of all running processes Enumerates the file system Hooking and other Techniques for Hiding and Protection: Disables application error messsages (SetErrorMode) System process connects to network (likely due to code injection or exploit) Language, Device and Operating System Detection: Queries the cryptographic machine GUID Queries the installation date of Windows Queries the volume information (name, serial number etc) of a device Behavior Graph Copyright Joe Security LLC 2018 Page 7 of 23 Hide Legend Behavior Graph Legend: ID: 47598 Process Sample: 18-02-22-(k-irie).xls Startdate: 23/02/2018 Signature Architecture: WINDOWS Score: 84 Created File DNS/IP Info holdoc.com Is Dropped started Is Windows Process Multi AV Scanner detection Multi AV Scanner detection Obfuscated command line 3 other signatures for domain / URL for submitted file found Number of created Registry Values Number of created Files EXCEL.EXE Visual Basic 34 17 Delphi Java Document exploit detected Obfuscated command line (process start blacklist started .Net C# or VB.NET found hit) C, C++ or other language cmd.exe Is malicious Obfuscated command line started found powershell.exe 12 8 holdoc.com 8.8.8.8, 53, 53440, 56842 92.53.78.250, 49163, 49164, 80 GOOGLE-GoogleIncUS SELECTELRU United States Russian Federation System process connects to network (likely due Powershell connects to code injection or to network exploit) Simulations Behavior and APIs Time Type Description 01:31:49 API Interceptor 1x Sleep call
Load more

Recommended publications
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • 4. Simulation Software: Current
    4. SIMULATION SOFTWARE : CURRENT EXPERIENCES AND THE DOT NET SIM PROJECT Chapter overview 64 4.1. Current experiences in simulation software: 66 4.1.1. Process Simulator TM 67 4.1.2. Micro Saint Sharp TM 69 4.1.3. HighMast TM 71 4.2. An alternative vision for simulation software 73 4.3. The idea of DotNetSim 79 4.4. The DotNetSim computing technological background 81 4.4.1. The Microsoft Automation 81 4.4.2. The Microsoft .NET Framework 83 4.4.3. .NET Framework’s Architectural components 85 4.4.4. Multiplatform and multiple lingual integration 88 4.4.5. Integration of Microsoft Office with the .NET Framework 90 4.5. The DotNetSim prototype 91 4.5.1. DotNetSim and other developments 93 4.6. The Chapter in context 96 CHAPTER OVERVIEW The successive advances in computer science have constantly increased the 64 CHAPTER 4 - SIMULATION SOFTWARE : CURRENT EXPERIENCES AND THE DOT NET SIM expectations of the users and developers of application software, simulation software applications in our case. The early expectations and concerns with the proper processing of the input data were replaced by concerns over the portability, usability, extension and integration of software. Nowadays, correct functioning, portability and ease of use are taken for granted. It is also taken for granted that simulation packages are extensible to meet specific needs and that data can flow in and out of different packages. Current expectations and concerns are diverse, but focus mainly on the ease and speed of customisation. However, it is likely that, some time in the future, developers, builders or end users may want tools that let them select, modify and assemble only the functionality that each simulation solution requires.
    [Show full text]
  • Open Excel Spreadsheet Using C
    Open Excel Spreadsheet Using C Assayable Jens dingo very discretionally while Anders remains itchiest and pitchier. Carlyle usually rainproofs psychically or syndicating appetizingly when indeterminate Herold buccaneers undutifully and sedately. Lily-white Lex bowse his placket disinherits pitapat. A Simple reward to Read on Excel Spreadsheet Let us start than opening form sample spreadsheet from openpyxl import loadworkbook. Never shot out touch the latest updates and handy tips for getting the most fell of Google Docs. Places the bitch in the worksheet header. Follow the options in effect from the compress function designed for the file extension is. Created in asp. While traveling outside, i keep it could be relied on this process to do this. The Google Sheets you friend with added security and overlap for teams. Excel evaluate the client machine. LibXL is enterprise library for whole reading precise writing the Excel files xlsxlsx without OLE automation and Microsoft Excel Supports C C CNET Delphi PHP. What excel spreadsheets using the use to us by opening a worksheet? The spreadsheet using a better in a good future of opening a string columns have used on which you need that we make the formula of. Curated by its Real Python team. SpreadsheetOpenCMyModelsSales Numbersxls ExcelWorkbook. Make it open spreadsheet using open excel spreadsheet as column headers and csv file which office access. This programming language has gained traction over recent years. How quite i like an excel file using C UNIX and Linux Forums. C code to update excel became The ASPNET Forums. There appear not be literally tens of thousands of them.
    [Show full text]
  • Using SAS® Data to Drive Microsoft Office Darren Key and David Shamlin, SAS Institute, Cary, NC
    NESUG 15 Emerging Technologies Using SAS® Data To Drive Microsoft Office Darren Key and David Shamlin, SAS Institute, Cary, NC Office applications expose groups of related features through ABSTRACT automation interfaces. An interface is a collection of functions (also called methods) and attributes (also called properties) that Microsoft Office provides tools for integrating its suite of can be called from other application code. In one of our case programs with other vendors’ data sources. There are a variety of studies, we use a special automation interface that allows Excel ways to do this using various ActiveX components and VBA and Access to call custom data import and export wizards scripting techniques. While the number of choices available can implemented as COM add-ins. The interface is called add to the complexity of creating a customized solution, the IDTExtensibility2 and contains five methods: basics of integrating with SAS data sources can be simplified with some basic code patterns for migrating data and reports between • Microsoft Office and SAS. OnAddInsUpdate • OnBeginShutdown We will outline basic patterns for importing SAS data into • OnConnection Microsoft Office documents as well as exporting data back to • OnDisconnetion SAS. The paper gives implementations of these patterns in the • OnStartupComplete form of Visual Basic code that can be customized for site-specific usage scenarios. We will demonstrate the application of these Each of these methods is called by the Office application (also techniques to tasks involving the migration of data between SAS called the host application) running the add-in during different data sets and Microsoft Office and Outlook applications.
    [Show full text]
  • (Forte 4GL) Integrating with External Systems, Version
    Integrating with External Systems Release 3.5 of Forte™ 4GL Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 U.S.A. 1-800-786-7638 Part No. 806-6672-01 October 2000, Revision A Copyright 2000 Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, California 94303, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in this product. In particular, and without limitation, these intellectual property rights include U.S. Patent 5,457,797 and may include one or more additional patents or pending patent applications in the U.S. or other countries. This product is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. c-tree Plus is licensed from, and is a trademark of, FairCom Corporation. Xprinter and HyperHelp Viewer are licensed from Bristol Technology, Inc. Regents of the University of California. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun Logo, Forte, and Forte Fusion are trademarks or registered trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Intranet-Based Management of CAN Devices
    Intranet-Based Management of CAN Devices Dr.-Ing. Martin Wollschlaeger, Dipl.-Ing. Stefan Wehrmann With the steadily growing use of CAN devices within complex automation systems, the need for effective management solutions becomes more and more obvious. The spreading integration of CAN systems into Local Area Networks (LAN) provides the opportunity to build such solutions on intranet-based technologies like HTTP or COM/DCOM. Particularly the chances of a link between the intranet-stored information and the fieldbus layer let the development of a new generation of management tools be more than likely. Based on the illustration of principles for connecting fieldbus and LAN new concepts for the representation of CAN Higher Layer Protocol structures and data by intranet-based objects are introduced. Examples of practical realizations of the concepts for managing CAN modules prove the feasibility and show the prospects. 1. Introduction providing easy access to manufacturing related data from standard office One of the most outstanding trends in in- environment. This offers a starting point formation technology’s recent develop- for the implementation of management ments is the trend towards network-centric functions for the underlying fieldbus and its systems. Special attention has to be paid components, that are accessible from any to the overwhelming development of the point within the process information Internet and its enabling technologies in system. hard- and software, like TCP/IP, compo- nentware, browser technology, Java etc. 2. Integration concepts Using these technologies in an Intranet on There are different scenarios for the inte- top of a LAN enables the integration of gration of fieldbus systems into LANs different hard- and software platforms, as (Figure 1).
    [Show full text]
  • Developing ADO.NET and OLE DB Applications
    DB2 ® DB2 Version 9 for Linux, UNIX, and Windows Developing ADO.NET and OLE DB Applications SC10-4230-00 DB2 ® DB2 Version 9 for Linux, UNIX, and Windows Developing ADO.NET and OLE DB Applications SC10-4230-00 Before using this information and the product it supports, be sure to read the general information under Notices. Edition Notice This document contains proprietary information of IBM. It is provided under a license agreement and is protected by copyright law. The information contained in this publication does not include any product warranties, and any statements provided in this manual should not be interpreted as such. You can order IBM publications online or through your local IBM representative. v To order publications online, go to the IBM Publications Center at www.ibm.com/shop/publications/order v To find your local IBM representative, go to the IBM Directory of Worldwide Contacts at www.ibm.com/ planetwide To order DB2 publications from DB2 Marketing and Sales in the United States or Canada, call 1-800-IBM-4YOU (426-4968). When you send information to IBM, you grant IBM a nonexclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 2006. All rights reserved. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Chapter 1. ADO.NET development for .NET common language runtime (CLR) routines . .57 Supported .NET CLR routine development software 58 DB2 databases . .1 Support for external routine development in ADO.NET application development .
    [Show full text]
  • Microsoft Excel Demo
    Oracle COM Automation Developer’s Guide Release 8.1.6 for Windows NT January 2000 Part No. A73027-01 Oracle COM Automation Developer’s Guide, Release 8.1.6 for Windows NT Part No. A73027-01 Copyright © 1999, 2000 Oracle Corporation. All rights reserved. Contributors: Eric Belden, Kin Lau, Kian Fai Leong, Barmak Meftah, Steve Norall, Jeff Stein The Programs (which include both the software and documentation) contain proprietary information of Oracle Corporation; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation. If the Programs are delivered to the U.S. Government or anyone licensing or using the programs on behalf of the U.S. Government, the following notice is applicable: Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication, and disclosure of the Programs, including documentation, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement.
    [Show full text]
  • Hyperion® System 9 BI + Interactive Reporting Object Model And
    HYPERION® SYSTEM™ 9 BI+™ INTERACTIVE REPORTING™ RELEASE 9.2 OBJECT MODEL AND DASHBOARD DEVELOPMENT SERVICES DEVELOPER’S GUIDE VOLUME I: DASHBOARD DESIGN GUIDE Copyright 1989-2006 Hyperion Solutions Corporation. All rights reserved. “Hyperion,” the Hyperion logo, and Hyperion’s product names are trademarks of Hyperion. References to other companies and their products use trademarks owned by the respective companies and are for reference purpose only. No portion hereof may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose other than the recipient’s personal use, without the express written permission of Hyperion. The information contained herein is subject to change without notice. Hyperion shall not be liable for errors contained herein or consequential damages in connection with the furnishing, performance, or use hereof. Any Hyperion software described herein is licensed exclusively subject to the conditions set forth in the Hyperion license agreement. Use, duplication or disclosure by the U.S. Government is subject to restrictions set forth in the applicable Hyperion license agreement and as provided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995), DFARS 252.227-7013(c)(1)(ii) (Oct 1988), FAR 12.212(a) (1995), FAR 52.227-19, or FAR 52.227-14, as applicable. Hyperion Solutions Corporation 5450 Great America Parkway Santa Clara, California 95054 Printed in the U.S.A. Contents Preface . ix Audience . x Document Structure . x Related Documents . x Where to Find Documentation . xi Help Menu Commands . xi Conventions . xii Additional Support .
    [Show full text]
  • Proficy Ifix 6.5 OPC Client Driver
    Proficy iFIX 6.5 OPC Client Driver GE Digital Proficy Historian and Operations Hub: Data Analysis in Context 1 Proprietary Notice The information contained in this publication is believed to be accurate and reliable. However, General Electric Company assumes no responsibilities for any errors, omissions or inaccuracies. Information contained in the publication is subject to change without notice. No part of this publication may be reproduced in any form, or stored in a database or retrieval system, or transmitted or distributed in any form by any means, electronic, mechanical photocopying, recording or otherwise, without the prior written permission of General Electric Company. Information contained herein is subject to change without notice. © 2021, General Electric Company. All rights reserved. Trademark Notices GE, the GE Monogram, and Predix are either registered trademarks or trademarks of General Electric Company. Microsoft® is a registered trademark of Microsoft Corporation, in the United States and/or other countries. All other trademarks are the property of their respective owners. We want to hear from you. If you have any comments, questions, or suggestions about our documentation, send them to the following email address: [email protected] Table of Contents OPC Client Driver 1 OPC I/O Driver Overview 1 About the OPC Client Driver 1 OLE Automation Technology 2 Integration with iFIX 2 Event-Driven Architecture 2 OPC Compliance 2 How the I/O Driver Works 2 1. I/O Server 3 2. I/O Server Objects 3 3. OLE Interfaces 4 4. I/O DLL 4 5. Common Memory DLL 4 6. NIO DLL 4 7.
    [Show full text]
  • The Best of Sqlservercentral.Com Vol. 3
    The Best of SQLServerCentral.com — 3 Vol. In April 2001 six geeks banded together to form a more perfect site. Three years and 140,000+ members later, SQLServerCentral.com is one of the premier SQL Server communities in the world. We’ve got over 1,000 articles, 100s of scripts and FAQs, everything you would need as a SQL Server DBA or developer, and all The Best of at a great price — free. This book contains the best material published on the site from 2004. It’s a SQLServerCentral.com variety of topics from administration to advanced querying. XML to DTS, security to performance tuning. And of course, the famous White Board, Flip Chart, or Notepad debate. Vol. 3 So why print a book containing material you can get for free? Take a minute, read the introduction and find out! Essays and Ideas from the SQL Server Community Ameet Phadnis, Amit Jethra, Andre Vigneau, Andy Warren, Anthony Bressi, Ashish Kaushal, Brian Kelley, Brian Knight, Bruce Szabo, Chris Cathers, Chris Kempster, Christoffer Hedgate, Dale Elizabeth Corey, David Poole, Denny Figuerres, Dinesh Asanka, Dinesh Priyankara, Don Peterson, Eli Leiba, G Vijayakumar, Goce Smilevski, Haidong Ji, James Luetkehoelter, James Travis, Jeff Moden, Jeffrey Yao, Joe Sack, Jon Reade, Jon Winer, Joseph Gama, Keith Henry, Kevin O’Donovan, Krishna Sonti, Leo Peyasakhovich, Mark Nash, Nicholas Cain, Patryk Nowakowski, Paul Ibison, Randy Dyess, Ramesh Gummadi, Ramunas Balukonis, Robert Marda, Robert Pearl, Robin Back, Sanket Naik, Santveer Singh, Sharad Nandwani, Shiv Kumar, Sotiris Filippidis, Stefan Popovski, Stephen Lasham, Steve Jones, Sureshkumar Ramakrishnan, Vinod Kumar, Wayne Fillis, Wes Brown Shelving: Database/SQL Server $19.95 USA The Best of SQLServerCentral.com – Vol.
    [Show full text]
  • MFC FAQ Version
    Microsoft Visual C++/Microsoft Foundation Classes (MFC) Frequently Asked Questions Michael Pickens ([email protected]) Version 5.6 Last updated: 7/01/98 ATTENTION!!! The MFC FAQ 5.5 is still available to download. It is formatted in fancy HTML Help so you can download it and search it locally on your machine. Click here to download the file (mfc_faq.exe 1.34 Mb - self installing with instructions). The MFC FAQ is graciously sponsored by Stingray Software. Stingray Software was founded to create and market MFC extensions. It is our belief that MFC/VC++ developers would rather use object-oriented class libraries, instead of binary, black box, OLE controls (a.k.a. ActiveX controls). We are now almost three years old and have several thousand customers who agree that MFC extensions are a great solution to many Windows development problems. Here is a quick list of our products: Objective Grid - The first and by far the most full-featured 100% MFC grid control on the market - click here to check out the hundreds of advanced features that this super-powerful table/spreadsheet control offers. Objective Toolkit - Over 50 advanced GUI features for the MFC developer - bring your applications into the 90's and blow away your competition. Includes: Visual Studio style docking windows, incredible toolbar control, tree control, outlook control, tabbed windows and dozens of other great features. Objective Toolkit PRO - Advanced frameworks for the serious MFC developer such as: Model-View-Controller (design pattern that enhances document/view), layout manager, scripting engine and more! Objective Chart - The only 100% MFC charting system! Tons of chart types are supported, and the product is also extremely extensible so you can add your own custom chart types in minutes! Objective Diagram - Ever have to use GDI and MFC? Objective Diagram helps you create CViews in minutes instead of months! Objective Edit - An embeddable source code highlighting control - has a complete Visual C++ look and feel.
    [Show full text]