× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
File name: msvcr80.dll
Detection ratio: 0 / 41
Analysis date: 2009-11-30 09:44:24 UTC ( 5 years, 9 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20091129
AhnLab-V3 20091128
AntiVir 20091130
Antiy-AVL 20091130
Authentium 20091129
Avast 20091129
BitDefender 20091130
CAT-QuickHeal 20091130
ClamAV 20091130
Comodo 20091130
DrWeb 20091130
F-Prot 20091129
F-Secure 20091129
Fortinet 20091130
GData 20091130
Ikarus 20091130
Jiangmin 20091129
K7AntiVirus 20091127
Kaspersky 20091130
McAfee 20091129
McAfee+Artemis 20091129
McAfee-GW-Edition 20091130
Microsoft 20091130
NOD32 20091129
Norman 20091127
PCTools 20091130
Panda 20091129
Prevx 20091130
Rising 20091130
Sophos 20091130
Sunbelt 20091129
Symantec 20091130
TheHacker 20091128
TrendMicro 20091130
VBA32 20091130
ViRobot 20091130
VirusBuster 20091129
a-squared 20091130
eSafe 20091129
eTrust-Vet 20091127
nProtect 20091128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Visual Studio® 2005
Original name MSVCR80.DLL
Internal name MSVCR80.DLL
File version 8.00.50727.762
Description Microsoft® C Runtime Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-12-02 06:50:32
Link date 7:50 AM 12/2/2006
Entry Point 0x0000232B
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
PeekNamedPipe
GetEnvironmentVariableA
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
UnlockFile
ExitThread
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
SetLocalTime
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
GetDiskFreeSpaceA
HeapValidate
GetTimeFormatA
DeleteFileW
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
CreateProcessW
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
FindFirstFileA
PeekConsoleInputA
GetACP
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
_getdrives
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
8.0.50727.762

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
225280

EntryPoint
0x232b

OriginalFileName
MSVCR80.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
8.00.50727.762

TimeStamp
2006:12:02 07:50:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSVCR80.DLL

ProductVersion
8.00.50727.762

FileDescription
Microsoft C Runtime Library

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
405504

ProductName
Microsoft Visual Studio 2005

ProductVersionNumber
8.0.50727.762

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 e4fece18310e23b1d8fee993e35e7a6f
SHA1 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
SHA256 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
ssdeep
12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

authentihash 5dc5048b8d32ba457ef4deb14afff58676bfd479228a00ce5dba044842ea4e38
imphash 7fecbc4a16a5dc85a5394a1df6217680
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
nsrl pedll trusted via-tor

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with msvcr80.dll as its name.
VirusTotal metadata
First submission 2009-02-11 13:02:58 UTC ( 6 years, 6 months ago )
Last submission 2015-08-29 21:23:57 UTC ( 2 days, 10 hours ago )
File names 4ca83.tmpscan
b1bf3f3472d6d00165040000e8013411_msvcr80.dll
0f9359a6d5a9d0011c000000d4128018_msvcr80.dll
aa09d73a7fdfd001a9000000f810580a_msvcr80.dll
e53501ac5fd4d00121000000f8161c14_msvcr80.dll
vsi60cs8.6k7
95e97cf09bd3d0010d000000c01dc822_msvcr80.dll
b0f74a97ffd2d00121000000ecb580c1_msvcr80.dll
d7acfb9692dbd00111000000d815f815_msvcr80.dll
a6186.tmpscan
c00c1c1d6ddfd001e90b00005807840b_msvcr80.dll
eee9ad6018d4d00108000000d417281e_msvcr80.dll
b342b23a3fd5d001040000002c1d1c12_msvcr80.dll
efc794d4eed2d00121000000a4c124b4_msvcr80.dll
ab3a3093e7c3d0011100000038154410_msvcr80.dll
49ca3e3f6dd3d00104000000ac17bc16_msvcr80.dll
msvcr80.dll.inupdate
fl_msvcr80_dll_136328_____x86.3643236f_fc70_11d3_a536_0090278a1bb8
6378f251c0c4d001040000002c077019_msvcr80.dll
e3334fe918e0d001230100000c04380f_msvcr80.dll
09a600700ad5d00111000000d0105406_msvcr80.dll
bit846d.tmp
a0475401b3d5d001040000000007e819_msvcr80.dll
656581ef5cd4d00104000000380c0410_msvcr80.dll
309cf356fbd8d001040000005421c020_msvcr80.dll
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Streets and Trips 2008 (Microsoft)
FileMaker Pro 9 (FileMaker Inc.)
MSDN Disc 2426.26 (Microsoft)
Quicken Personal Finances Starter Edition 2008 (Intuit Inc.)
Quicken Personal Finances Home and Business 2008 (Intuit Inc.)
Nero 8 Ultra Edition (Nero)
Adobe Photoshop Elements 6 (Adobe Systems Incorporated)
Trend Micro Internet Security 2008 (Trend Micro Inc.)
Symantec Endpoint Protection 11.0 (Symantec)
Quicken Premier 2008 (Intuit Inc.)
Quicken Deluxe 2008 (Intuit Inc.)
Corel PaintShop Pro Photo X2 (Corel Corporation)
MSDN Disc 2426.27 (Microsoft)
MSDN Disc 2436.31 (Microsoft)
Quicken Home Inventory Manager (Intuit Inc.)
Gears of War (Microsoft)
Scrapbook Factory Deluxe Version 4.0 (Nova Development Corporation)
TurboTax for Federal Returns Basic (Intuit Inc.)
TurboTax Federal and State Home and Business (Intuit Inc.)
TurboTax Federal and State Deluxe (Intuit Inc.)
File names 37hpravq.lm8, h2rg91xw.1p4, k2rg91xw.1p4
Web_Publishing_INSTALLDIR.Extensions.Web_Support.msvcr80.dll, msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!