× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
File name: msvcr80.dll
Detection ratio: 0 / 41
Analysis date: 2009-11-30 09:44:24 UTC ( 6 years, 8 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20091129
AhnLab-V3 20091128
AntiVir 20091130
Antiy-AVL 20091130
Authentium 20091129
Avast 20091129
BitDefender 20091130
CAT-QuickHeal 20091130
ClamAV 20091130
Comodo 20091130
DrWeb 20091130
F-Prot 20091129
F-Secure 20091129
Fortinet 20091130
GData 20091130
Ikarus 20091130
Jiangmin 20091129
K7AntiVirus 20091127
Kaspersky 20091130
McAfee 20091129
McAfee+Artemis 20091129
McAfee-GW-Edition 20091130
Microsoft 20091130
NOD32 20091129
Norman 20091127
PCTools 20091130
Panda 20091129
Prevx 20091130
Rising 20091130
Sophos 20091130
Sunbelt 20091129
Symantec 20091130
TheHacker 20091128
TrendMicro 20091130
VBA32 20091130
ViRobot 20091130
VirusBuster 20091129
a-squared 20091130
eSafe 20091129
eTrust-Vet 20091127
nProtect 20091128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2005
Original name MSVCR80.DLL
Internal name MSVCR80.DLL
File version 8.00.50727.762
Description Microsoft® C Runtime Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-12-02 06:50:32
Entry Point 0x0000232B
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
PeekNamedPipe
GetEnvironmentVariableA
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
UnlockFile
ExitThread
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
SetLocalTime
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
GetDiskFreeSpaceA
HeapValidate
GetTimeFormatA
DeleteFileW
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
CreateProcessW
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
FindFirstFileA
PeekConsoleInputA
GetACP
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
_getdrives
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
Debug information
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Microsoft Visual Studio 2005

FileVersionNumber
8.0.50727.762

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
MSVCR80.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.00.50727.762

TimeStamp
2006:12:02 07:50:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSVCR80.DLL

ProductVersion
8.00.50727.762

FileDescription
Microsoft C Runtime Library

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
405504

FileSubtype
0

ProductVersionNumber
8.0.50727.762

EntryPoint
0x232b

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 e4fece18310e23b1d8fee993e35e7a6f
SHA1 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
SHA256 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
ssdeep
12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

authentihash 5dc5048b8d32ba457ef4deb14afff58676bfd479228a00ce5dba044842ea4e38
imphash 7fecbc4a16a5dc85a5394a1df6217680
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
nsrl pedll trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with msvcr80.dll as its name.
VirusTotal metadata
First submission 2009-02-11 13:02:58 UTC ( 7 years, 5 months ago )
Last submission 2016-07-26 07:04:14 UTC ( 1 day ago )
File names msvcr80.1.dll
73d7222e0ce3d101110000003804c00c_msvcr80.dll
bd02df71c0ded10114000000200d0c07_msvcr80.dll
eaa143ff32e1d10104000000bc0b080f_msvcr80.dll
ed985b2035e4d1017c00000088042c0c_msvcr80.dll
b706a7971be3d101c3020000bc6d7877_msvcr80.dll
bit45d3.tmp
vson0srg.8k7
bd923f67cae1d10104000000ac1b701b_msvcr80.dll
ed232d428ae3d101110000002413a017_msvcr80.dll
abe41ab328e4d10104000000e8175015_msvcr80.dll
418bd3c490cdd10108000000a040cc43_msvcr80.dll
bitd5f.tmp
bit935.tmp
17c1925cfee0d10127000000741bc00e_msvcr80.dll
9063817c6fe6d1010b0000006c133017_msvcr80.dll
c76c6aca65ddd10104000000d81e241f_msvcr80.dll
88d6800e80ddd1018d000000400e0415_msvcr80.dll
bit46d1.tmp
bit798b.tmp
ea91a9cba2e0d10104000000080b942b_msvcr80.dll
1b4bb2417ddfd10111000000a40d940d_msvcr80.dll
41a2eeed81e7d10101250000dc08940b_msvcr80.dll
31062970fdded10108000000202b641a_msvcr80.dll
bit5088.tmp
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Streets and Trips 2008 (Microsoft)
FileMaker Pro 9 (FileMaker Inc.)
MSDN Disc 2426.26 (Microsoft)
Quicken Personal Finances Starter Edition 2008 (Intuit Inc.)
Quicken Personal Finances Home and Business 2008 (Intuit Inc.)
Nero 8 Ultra Edition (Nero)
Adobe Photoshop Elements 6 (Adobe Systems Incorporated)
Trend Micro Internet Security 2008 (Trend Micro Inc.)
Symantec Endpoint Protection 11.0 (Symantec)
Quicken Premier 2008 (Intuit Inc.)
Quicken Deluxe 2008 (Intuit Inc.)
Corel PaintShop Pro Photo X2 (Corel Corporation)
MSDN Disc 2426.27 (Microsoft)
MSDN Disc 2436.31 (Microsoft)
Quicken Home Inventory Manager (Intuit Inc.)
Gears of War (Microsoft)
Scrapbook Factory Deluxe Version 4.0 (Nova Development Corporation)
TurboTax for Federal Returns Basic (Intuit Inc.)
TurboTax Federal and State Home and Business (Intuit Inc.)
TurboTax Federal and State Deluxe (Intuit Inc.)
File names 37hpravq.lm8, h2rg91xw.1p4, k2rg91xw.1p4
Web_Publishing_INSTALLDIR.Extensions.Web_Support.msvcr80.dll, msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!