× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
File name: msvcr80.dll
Detection ratio: 0 / 41
Analysis date: 2009-11-30 09:44:24 UTC ( 7 years, 10 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20091129
AhnLab-V3 20091128
AntiVir 20091130
Antiy-AVL 20091130
Authentium 20091129
Avast 20091129
BitDefender 20091130
CAT-QuickHeal 20091130
ClamAV 20091130
Comodo 20091130
DrWeb 20091130
F-Prot 20091129
F-Secure 20091129
Fortinet 20091130
GData 20091130
Ikarus 20091130
Jiangmin 20091129
K7AntiVirus 20091127
Kaspersky 20091130
McAfee 20091129
McAfee+Artemis 20091129
McAfee-GW-Edition 20091130
Microsoft 20091130
NOD32 20091129
Norman 20091127
PCTools 20091130
Panda 20091129
Prevx 20091130
Rising 20091130
Sophos AV 20091130
Sunbelt 20091129
Symantec 20091130
TheHacker 20091128
TrendMicro 20091130
VBA32 20091130
ViRobot 20091130
VirusBuster 20091129
a-squared 20091130
eSafe 20091129
eTrust-Vet 20091127
nProtect 20091128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2005
Original name MSVCR80.DLL
Internal name MSVCR80.DLL
File version 8.00.50727.762
Description Microsoft® C Runtime Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-12-02 06:50:32
Entry Point 0x0000232B
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
PeekNamedPipe
GetEnvironmentVariableA
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
UnlockFile
ExitThread
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
SetLocalTime
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
GetDiskFreeSpaceA
HeapValidate
GetTimeFormatA
DeleteFileW
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
CreateProcessW
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
FindFirstFileA
PeekConsoleInputA
GetACP
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
_getdrives
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.50727.762

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
225280

EntryPoint
0x232b

OriginalFileName
MSVCR80.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
8.00.50727.762

TimeStamp
2006:12:02 07:50:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSVCR80.DLL

ProductVersion
8.00.50727.762

FileDescription
Microsoft C Runtime Library

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
405504

ProductName
Microsoft Visual Studio 2005

ProductVersionNumber
8.0.50727.762

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Overlay parents
Compressed bundles
File identification
MD5 e4fece18310e23b1d8fee993e35e7a6f
SHA1 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
SHA256 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
ssdeep
12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

authentihash 5dc5048b8d32ba457ef4deb14afff58676bfd479228a00ce5dba044842ea4e38
imphash 7fecbc4a16a5dc85a5394a1df6217680
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.9%)
Win32 Executable MS Visual C++ (generic) (27.0%)
Win64 Executable (generic) (23.9%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.9%)
Tags
nsrl pedll trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with msvcr80.dll as its name.
VirusTotal metadata
First submission 2009-02-11 13:02:58 UTC ( 8 years, 7 months ago )
Last submission 2017-09-24 10:28:05 UTC ( 7 hours, 16 minutes ago )
File names _BACFB6EA4DDD477B898EC7538B48E888
_7DC5251060E346DC80637BB53E7FDBF8
_C7EB8A6E9DA24DD6B368BF7C25205F9D
FILE_MSVCR80.dll
ISSetupFile.SetupFile2
Msvcr80.dll
_86EE90A8DA5DAECACF018CF73F8E0B64
_6FE86ADFE4CD450CADF794964DED2F5E
_20D0E12464754626A3A0736793252F78
_C5BBD8E9DBFA4C80A335451B1DD20731
msvcr80.dll
_CE8F0088D99741ADAA417187EB5A2C3C
_8C0D9454B5824C25AAC0274570D77D96
_544D577FD6DF4BFA96DBE749035550B6
_259664EBB843422AB65C3C0EC5516AD8
_DA73DA73898C4DB4A00EB3FC9399BDDB
_59DA9079ED48411E854AB48633D96858
_C89ADF5145BB4FBBAEB1255D771A8A68
_05AB26993A8D525987E67F1BFB1EA576
file1047
_7219579A23374B64A2A336C2AAF16201
_15
_A7E11BAA2C954F1EB60A2FA1EC8BFB99
_5475FA327DB7A7E9153377B168EE0D26
_A555A7613D454D4C8607D92AB6887821
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Streets and Trips 2008 (Microsoft)
FileMaker Pro 9 (FileMaker Inc.)
MSDN Disc 2426.26 (Microsoft)
Quicken Personal Finances Starter Edition 2008 (Intuit Inc.)
Quicken Personal Finances Home and Business 2008 (Intuit Inc.)
Nero 8 Ultra Edition (Nero)
Adobe Photoshop Elements 6 (Adobe Systems Incorporated)
Trend Micro Internet Security 2008 (Trend Micro Inc.)
Symantec Endpoint Protection 11.0 (Symantec)
Quicken Premier 2008 (Intuit Inc.)
Quicken Deluxe 2008 (Intuit Inc.)
Corel PaintShop Pro Photo X2 (Corel Corporation)
MSDN Disc 2426.27 (Microsoft)
MSDN Disc 2436.31 (Microsoft)
Quicken Home Inventory Manager (Intuit Inc.)
Gears of War (Microsoft)
Scrapbook Factory Deluxe Version 4.0 (Nova Development Corporation)
TurboTax for Federal Returns Basic (Intuit Inc.)
TurboTax Federal and State Home and Business (Intuit Inc.)
TurboTax Federal and State Deluxe (Intuit Inc.)
File names 37hpravq.lm8, h2rg91xw.1p4, k2rg91xw.1p4
Web_Publishing_INSTALLDIR.Extensions.Web_Support.msvcr80.dll, msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!