× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
File name: msvcr80.dll
Detection ratio: 0 / 41
Analysis date: 2009-11-30 09:44:24 UTC ( 5 years, 5 months ago ) View latest
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
AVG 20091129
AhnLab-V3 20091128
AntiVir 20091130
Antiy-AVL 20091130
Authentium 20091129
Avast 20091129
BitDefender 20091130
CAT-QuickHeal 20091130
ClamAV 20091130
Comodo 20091130
DrWeb 20091130
F-Prot 20091129
F-Secure 20091129
Fortinet 20091130
GData 20091130
Ikarus 20091130
Jiangmin 20091129
K7AntiVirus 20091127
Kaspersky 20091130
McAfee 20091129
McAfee+Artemis 20091129
McAfee-GW-Edition 20091130
Microsoft 20091130
NOD32 20091129
Norman 20091127
PCTools 20091130
Panda 20091129
Prevx 20091130
Rising 20091130
Sophos 20091130
Sunbelt 20091129
Symantec 20091130
TheHacker 20091128
TrendMicro 20091130
VBA32 20091130
ViRobot 20091130
VirusBuster 20091129
a-squared 20091130
eSafe 20091129
eTrust-Vet 20091127
nProtect 20091128
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Developer metadata
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Microsoft® Visual Studio® 2005
Original name MSVCR80.DLL
Internal name MSVCR80.DLL
File version 8.00.50727.762
Description Microsoft® C Runtime Library
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-12-02 06:50:32
Link date 7:50 AM 12/2/2006
Entry Point 0x0000232B
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
FindNextFileA
HeapDestroy
DebugBreak
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
SetErrorMode
GetLogicalDrives
FreeEnvironmentStringsW
HeapWalk
GetLocaleInfoW
SetStdHandle
IsDBCSLeadByteEx
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
ResumeThread
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
OutputDebugStringA
SetLastError
PeekNamedPipe
GetEnvironmentVariableA
GetModuleFileNameW
Beep
IsDebuggerPresent
HeapAlloc
ReadConsoleInputW
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
CreatePipe
SetUnhandledExceptionFilter
UnlockFile
ExitThread
SetEnvironmentVariableA
ReadConsoleA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
ReadConsoleW
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
ReadConsoleInputA
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
SetLocalTime
GetStartupInfoA
GetDateFormatA
CreateDirectoryA
DeleteFileA
CreateDirectoryW
GetFullPathNameA
GetProcAddress
GetProcessHeap
CompareStringW
RemoveDirectoryW
GetFileInformationByHandle
FindNextFileW
GetDiskFreeSpaceA
HeapValidate
GetTimeFormatA
DeleteFileW
FindFirstFileW
IsValidLocale
DuplicateHandle
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetNumberOfConsoleInputEvents
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
SetConsoleMode
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
LockFile
RemoveDirectoryA
CreateProcessW
HeapCompact
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
GetModuleHandleA
ReadFile
SetEndOfFile
FindFirstFileA
PeekConsoleInputA
GetACP
GetLongPathNameW
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
CompareStringA
_getdrives
PE exports
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
225280

ImageVersion
0.0

ProductName
Microsoft Visual Studio 2005

FileVersionNumber
8.0.50727.762

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileTypeExtension
dll

OriginalFileName
MSVCR80.DLL

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
8.00.50727.762

TimeStamp
2006:12:02 07:50:32+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
MSVCR80.DLL

ProductVersion
8.00.50727.762

FileDescription
Microsoft C Runtime Library

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
405504

FileSubtype
0

ProductVersionNumber
8.0.50727.762

EntryPoint
0x232b

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 e4fece18310e23b1d8fee993e35e7a6f
SHA1 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
SHA256 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
ssdeep
12288:6Fqi2VC1J7Zs7a5zchr46CIfsyZmGyYCqeC:6Ui2C1JdoiEdmGyYu

authentihash 5dc5048b8d32ba457ef4deb14afff58676bfd479228a00ce5dba044842ea4e38
imphash 7fecbc4a16a5dc85a5394a1df6217680
File size 612.0 KB ( 626688 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
nsrl pedll trusted

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with msvcr80.dll as its name.
VirusTotal metadata
First submission 2009-02-11 13:02:58 UTC ( 6 years, 3 months ago )
Last submission 2015-05-22 21:45:15 UTC ( 8 hours, 1 minute ago )
File names vskd1gv0.h55
ef5e3985ce93d001210000003438e40e_msvcr80.dll
vs861hqd.9a0
vs8317rq.9uc
vs88061h.8sj
vs26hnlh.gan
192828710193d00111000000d00da816_msvcr80.dll
7a659663d293d0010c0000002016701f_msvcr80.dll
febfc2523a93d001040000002c08b406_msvcr80.dll
vsl61nf1.814
1e7fc4043492d00104000000d410e011_msvcr80.dll
msvcr80.dll.inupdate
27fc3.tmpscan
vs88061h.aj2
9eb9c5d0f492d0014b0000003018040a_msvcr80.dll
vs88061h.a1n
282b2bb02493d00104000000340fe408_msvcr80.dll
d667fff32293d001b20200001412bc0b_msvcr80.dll
vsa8g4hq.00i
c3df2935b994d001210000003840dc3f_msvcr80.dll
bcbdabf08357d0010400000048234819_msvcr80.dll
vsaqh73n.o13
_622_e4fece18310e23b1d8fee993e35e7a6f
vsukh7s4.hsn
vso61l3q.o4s
National Software Reference Library (NIST)
The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a reference data set of information. This file was found in the NSRL dataset, in the following products and with the following file names.
Products Streets and Trips 2008 (Microsoft)
FileMaker Pro 9 (FileMaker Inc.)
MSDN Disc 2426.26 (Microsoft)
Quicken Personal Finances Starter Edition 2008 (Intuit Inc.)
Quicken Personal Finances Home and Business 2008 (Intuit Inc.)
Nero 8 Ultra Edition (Nero)
Adobe Photoshop Elements 6 (Adobe Systems Incorporated)
Trend Micro Internet Security 2008 (Trend Micro Inc.)
Symantec Endpoint Protection 11.0 (Symantec)
Quicken Premier 2008 (Intuit Inc.)
Quicken Deluxe 2008 (Intuit Inc.)
Corel PaintShop Pro Photo X2 (Corel Corporation)
MSDN Disc 2426.27 (Microsoft)
MSDN Disc 2436.31 (Microsoft)
Quicken Home Inventory Manager (Intuit Inc.)
Gears of War (Microsoft)
Scrapbook Factory Deluxe Version 4.0 (Nova Development Corporation)
TurboTax for Federal Returns Basic (Intuit Inc.)
TurboTax Federal and State Home and Business (Intuit Inc.)
TurboTax Federal and State Deluxe (Intuit Inc.)
File names 37hpravq.lm8, h2rg91xw.1p4, k2rg91xw.1p4
Web_Publishing_INSTALLDIR.Extensions.Web_Support.msvcr80.dll, msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll.8.0.50727.762.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, nosxs_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E, ul_msvcr80.dll.98CB24AD_52FB_DB5F_FF1F_C8B3B9A1E18E
msvcr80.dll
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!