× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
File name: msvcr80.dll
Detection ratio: 0 / 41
Analysis date: 2009-11-30 09:44:24 UTC ( 5 years, 4 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20091129
AhnLab-V3 20091128
AntiVir 20091130
Antiy-AVL 20091130
Authentium 20091129
Avast 20091129
BitDefender 20091130
CAT-QuickHeal 20091130
ClamAV 20091130
Comodo 20091130
DrWeb 20091130
F-Prot 20091129
F-Secure 20091129
Fortinet 20091130
GData 20091130
Ikarus 20091130
Jiangmin 20091129
K7AntiVirus 20091127
Kaspersky 20091130
McAfee 20091129
McAfee+Artemis 20091129
McAfee-GW-Edition 20091130
Microsoft 20091130
NOD32 20091129
Norman 20091127
PCTools 20091130
Panda 20091129
Prevx 20091130
Rising 20091130
Sophos 20091130
Sunbelt 20091129
Symantec 20091130
TheHacker 20091128
TrendMicro 20091130
VBA32 20091130
ViRobot 20091130
VirusBuster 20091129
a-squared 20091130
eSafe 20091129
eTrust-Vet 20091127
nProtect 20091128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Visual Studio® 2005
Original name MSVCR80.DLL
Internal name MSVCR80.DLL
File version 8.00.50727.762
Description Microsoft® C Runtime Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-12-02 06:50:32
Link date 7:50 AM 12/2/2006
Entry Point 0x0000232B
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
PeekNamedPipe
GetEnvironmentVariableA
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
UnlockFile
ExitThread
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
SetLocalTime
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
GetDiskFreeSpaceA
HeapValidate
GetTimeFormatA
DeleteFileW
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
CreateProcessW
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
FindFirstFileA
PeekConsoleInputA
GetACP
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
_getdrives
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Microsoft Visual Studio 2005

FileVersionNumber
8.0.50727.762

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
MSVCR80.DLL

FileTypeExtension
dll

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.00.50727.762

TimeStamp
2006:12:02 07:50:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSVCR80.DLL

ProductVersion
8.00.50727.762

FileDescription
Microsoft C Runtime Library

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
405504

FileSubtype
0

ProductVersionNumber
8.0.50727.762

EntryPoint
0x232b

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 e4fece18310e23b1d8fee993e35e7a6f
SHA1 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
SHA256 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
ssdeep
12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

authentihash 5dc5048b8d32ba457ef4deb14afff58676bfd479228a00ce5dba044842ea4e38
imphash 7fecbc4a16a5dc85a5394a1df6217680
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
nsrl pedll trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with msvcr80.dll as its name.
VirusTotal metadata
First submission 2009-02-11 13:02:58 UTC ( 6 years, 2 months ago )
Last submission 2015-04-25 17:23:02 UTC ( 12 hours, 55 minutes ago )
File names vs9s0t8a.fnu
vsdl0c4q.86a
vst01nq6.98v
19f55379be7dd001040000003c151c17_msvcr80.dll
56af1e2f137dd00113000000ec0a6009_msvcr80.dll
bf55bbc3ca7dd001100000000001f808_msvcr80.dll
vs06153t.o0v
b138a2d93b7cd00111000000a0288428_msvcr80.dll
320459b9d57dd0010b00000070197819_msvcr80.dll
859e79f1b77ed00106000000580e100e_msvcr80.dll
msvcr80.dll.inupdate
vsb41pk6.i2r
vsio1ccl.g9t
vsio1ccl.g9f
vs9s0t8a.fmi
vsj31ar9.ol3
vs1l1it2.00i
cffb702a167ed00143000000440da804_msvcr80.dll
cce6cb80637cd00110000000441e442f_msvcr80.dll
1bd5cc76d87ed00104000000cc0a7003_msvcr80.dll
4f837005db7cd001270000003436e811_msvcr80.dll
4fd5a76ff97dd00113000000f40afc0a_msvcr80.dll
vsrl1bap.80m
vshv1gmg.8l0
vs861sb7.4jk
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Streets and Trips 2008 (Microsoft)
FileMaker Pro 9 (FileMaker Inc.)
MSDN Disc 2426.26 (Microsoft)
Quicken Personal Finances Starter Edition 2008 (Intuit Inc.)
Quicken Personal Finances Home and Business 2008 (Intuit Inc.)
Nero 8 Ultra Edition (Nero)
Adobe Photoshop Elements 6 (Adobe Systems Incorporated)
Trend Micro Internet Security 2008 (Trend Micro Inc.)
Symantec Endpoint Protection 11.0 (Symantec)
Quicken Premier 2008 (Intuit Inc.)
Quicken Deluxe 2008 (Intuit Inc.)
Corel PaintShop Pro Photo X2 (Corel Corporation)
MSDN Disc 2426.27 (Microsoft)
MSDN Disc 2436.31 (Microsoft)
Quicken Home Inventory Manager (Intuit Inc.)
Gears of War (Microsoft)
Scrapbook Factory Deluxe Version 4.0 (Nova Development Corporation)
TurboTax for Federal Returns Basic (Intuit Inc.)
TurboTax Federal and State Home and Business (Intuit Inc.)
TurboTax Federal and State Deluxe (Intuit Inc.)
File names 37hpravq.lm8, h2rg91xw.1p4, k2rg91xw.1p4
Web_Publishing_INSTALLDIR.Extensions.Web_Support.msvcr80.dll, msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!