× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c9d4e421c55f7ef4e455e75b58a6639428ccd75c76e5717f448afe4c21c52bc
File name: vccorlib120.dll
Detection ratio: 0 / 62
Analysis date: 2019-02-19 08:47:17 UTC ( 4 days, 12 hours ago )
Trusted source! This file belongs to the Microsoft Corporation software catalogue.
Antivirus Result Update
ALYac 20190219
AVG 20190219
Acronis 20190213
Ad-Aware 20190219
AegisLab 20190219
AhnLab-V3 20190219
Alibaba 20180921
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190218
Avira (no cloud) 20190219
Babable 20180918
Baidu 20190215
BitDefender 20190219
CAT-QuickHeal 20190218
CMC 20190218
ClamAV 20190218
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cylance 20190219
Cyren 20190219
DrWeb 20190219
ESET-NOD32 20190219
Emsisoft 20190219
Endgame 20190215
F-Secure 20190219
Fortinet 20190219
GData 20190219
Ikarus 20190218
Sophos ML 20181128
Jiangmin 20190219
K7AntiVirus 20190219
K7GW 20190219
Kaspersky 20190219
Kingsoft 20190219
Malwarebytes 20190219
McAfee 20190219
McAfee-GW-Edition 20190219
eScan 20190219
Microsoft 20190219
NANO-Antivirus 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190218
Qihoo-360 20190219
Rising 20190219
SUPERAntiSpyware 20190213
SentinelOne (Static ML) 20190203
Sophos AV 20190219
Symantec 20190219
TACHYON 20190219
Tencent 20190219
TheHacker 20190217
TotalDefense 20190219
Trapmine 20190123
Trustlook 20190219
VBA32 20190219
ViRobot 20190219
Webroot 20190219
Yandex 20190219
ZoneAlarm by Check Point 20190219
Zoner 20190219
eGambit 20190219
Cybereason 20190109
MAX 20190219
Symantec Mobile Insight 20190207
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Visual Studio® 2013
Original name vccorlib120.DLL
Internal name vccorlib120.DLL
File version 12.0.21005.1 built by: REL
Description Microsoft ® VC WinRT core library
Signature verification Signed file, verified signature
Signing date 10:04 AM 10/5/2013
Signers
[+] Microsoft Corporation
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Code Signing PCA
Valid from 10:33 PM 01/24/2013
Valid to 09:33 PM 04/24/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 108E2BA23632620C427C570B6D9DB51AC31387FE
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
[+] Microsoft Code Signing PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 09:19 PM 08/31/2010
Valid to 09:29 PM 08/31/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 3CAF9BA2DB5570CAF76942FF99101B993888E257
Serial number 61 33 26 1A 00 00 00 00 00 31
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbprint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Counter signers
[+] Microsoft Time-Stamp Service
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Microsoft Time-Stamp PCA
Valid from 08:08 PM 03/27/2013
Valid to 07:08 PM 06/27/2014
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint C0E245417E93FD38D7BC427709996746C40B9878
Serial number 33 00 00 00 33 E5 27 86 A3 0E 4A 2A 80 00 00 00 00 00 33
[+] Microsoft Time-Stamp PCA
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 11:53 AM 04/03/2007
Valid to 12:03 PM 04/03/2021
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 375FCB825C3DC3752A02E34EB70993B4997191EF
Serial number 61 16 68 34 00 00 00 00 00 1C
[+] Microsoft Root Certificate Authority
Status Valid
Issuer Microsoft Root Certificate Authority
Valid from 10:19 PM 05/09/2001
Valid to 10:28 PM 05/09/2021
Valid usage All
Algorithm sha1RSA
Thumbrint CDD4EEAE6000AC7F40C3802C171E30148030C072
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-05 05:55:27
Entry Point 0x000234BB
Number of sections 6
PE sections
Overlays
MD5 f51ba7b9146c9621fa15cd0dc58369c2
File type data
Offset 231936
Size 16048
Entropy 7.43
PE imports
GetLastError
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
DisableThreadLibraryCalls
InitializeCriticalSectionEx
LoadLibraryA
DeleteCriticalSection
AcquireSRWLockExclusive
GetProcAddress
EncodePointer
GetProcessHeap
RaiseException
WaitForMultipleObjectsEx
CloseHandle
GetSystemTimeAsFileTime
ReleaseSRWLockExclusive
DecodePointer
CreateEventExW
ReleaseSRWLockShared
FormatMessageW
OutputDebugStringW
AcquireSRWLockShared
GetCurrentThreadId
GetCurrentProcessId
LeaveCriticalSection
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAPBDH@Z
_FInf
?_Syserror_map@std@@YAPBDH@Z
_Inf
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
_malloc_crt
__wgetmainargs
??1type_info@@UAE@XZ
__crtTerminateProcess
??_U@YAPAXI@Z
__dllonexit
memset
_SetWinRTOutOfMemoryExceptionCallback
wcscpy_s
_invoke_watson
__clean_type_info_names_internal
_amsg_exit
?terminate@@YAXXZ
??2@YAPAXI@Z
_lock
_onexit
??_V@YAXPAX@Z
_initterm_e
printf
vswprintf_s
_CxxThrowException
_unlock
??3@YAXPAX@Z
_crt_debugger_hook
__GetPlatformExceptionInfo
free
_aligned_free
__CxxFrameHandler3
_except_handler4_common
_aligned_offset_malloc
_purecall
memcpy
__crtUnhandledException
memmove
_calloc_crt
__CppXcptFilter
_initterm
SysFreeString
SysStringLen
SysAllocStringLen
SetRestrictedErrorInfo
RoTransformError
RoOriginateErrorW
RoOriginateError
GetRestrictedErrorInfo
RoUnregisterForApartmentShutdown
RoGetApartmentIdentifier
RoGetActivationFactory
RoRegisterForApartmentShutdown
RoInitialize
RoUninitialize
RoRegisterActivationFactories
RoRevokeActivationFactories
WindowsDuplicateString
WindowsGetStringLen
WindowsDeleteString
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsCreateString
WindowsIsStringEmpty
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoGetContextToken
CoGetApartmentType
CoMarshalInterThreadInterfaceInStream
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemFree
CoGetObjectContext
CoCreateFreeThreadedMarshaler
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
10.0

FileSubtype
0

FileVersionNumber
12.0.21005.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Microsoft VC WinRT core library

ImageFileCharacteristics
Executable, Large address aware, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
55808

EntryPoint
0x234bb

OriginalFileName
vccorlib120.DLL

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
12.0.21005.1 built by: REL

TimeStamp
2013:10:05 07:55:27+02:00

FileType
Win32 DLL

PEType
PE32

InternalName
vccorlib120.DLL

ProductVersion
12.0.21005.1

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
176128

ProductName
Microsoft Visual Studio 2013

ProductVersionNumber
12.0.21005.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 69837e50c50561a083a72a5f8ea1f6a2
SHA1 1a4b4c6c3cb6a5164cc1018ac72d0300455b3d8f
SHA256 9c9d4e421c55f7ef4e455e75b58a6639428ccd75c76e5717f448afe4c21c52bc
ssdeep
6144:+SsS5fv6EATwqlGwyfDyodYI3ZubfW5nb2PQuW0x:+I5fv6EATwqlGwyfDyodYI3Zv1C

authentihash 5cb4dd441593899cfce09c5b5539388ff35d62ebe4ba124a0f7d02a5591c5b7b
imphash 9fc5caa45dc840cfefd11b8e12af14d6
File size 242.2 KB ( 247984 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
pedll signed trusted overlay

Trusted verdicts
This file belongs to the Microsoft Corporation software catalogue. The file is often found with BXXE4AOO.DLL as its name.
VirusTotal metadata
First submission 2013-10-28 04:35:31 UTC ( 5 years, 3 months ago )
Last submission 2019-02-19 08:47:17 UTC ( 4 days, 12 hours ago )
File names vccorlib120.dll
vccorlib120.dll
vccorlib120.dll
vccorlib120.dll.80CBCEEF_01C0_4FE9_A838_77F120DFF775
vccorlib120
ISSetupFile.SetupFile5
vccorlib120.dll
filevccorlib120
EXWA_vccorlib120.dll
ECX_vccorlib120.dll
vccorlib120.dll
vccorlib120.dll
vccorlib120.dll
vccorlib120.dll
_86
fil9BB514C853CEBC24ED8363F17458FD13
vccorlib120_dll_32
vccorlib120.dll
_57B3AD9D_5E1F_47B8_BFC2_5D0EE569DEA0
F_CENTRAL_vccorlib120_x86
_37165D74F7FC4EA2A5042D92BCA4129F
fil956A1BCD4CB0E3EAD076D72A296D30E3
filDDDD9B3B13731A52A31FE8460A2E4113.F2F5D55D_E383_4B18_B40C_C99417372938
vccorlib120.dll.x86
vccorlib12032.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!