Reason Labs

msvcrt.dll

Windows NT CRT DLL

Microsoft Corporation

It is installed with Windows 7 as a General Distribution Release (GDR) as part of a Hotfix. The file has been seen being downloaded from 172.16.7.125.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows NT CRT DLL

 
Part of the Windows 7 (with Service Pack 1) Operating System

Version:
7.0.7601.17744 (win7sp1_gdr.111215-1535)

MD5:
9dc80a8aaaaac397bdab3c67165a824e

SHA-1:
df2756c114ca2d3b2b16d459a93f285924a55202

SHA-256:
051636bfdff7ab0e4191354e846bd0dacca1a01fcc13c1afed91d8dbfe17127a

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2019 9:29:12 AM UTC  (today)

File size:
674.5 KB (690,688 bytes)

Product version:
7.0.7601.17744

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
msvcrt.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\syswow64\msvcrt.dll

File PE Metadata
Compilation timestamp:
12/16/2011 2:45:38 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:yh1wtmDyLuDTFn3nLjTwDFbT82hs8mVY/P3WaNi6nS4zAEgMWPznF9SHan:c1wtmDyLghn3nLjYFbIv8d/fs6S4zA/t

Entry address:
0xA472

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 0F, 84, 68, 81, 00, 00, FF, 75, 10, 8B, 45, 0C, E8, 09, 00, 00, 00, 5D, C2, 0C, 00, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 56, 57, 83, F8, 01, 0F, 84, 9D, 75, 00, 00, 33, FF, 3B, C7, 0F, 84, 6D, 90, 00, 00, 83, F8, 02, 0F, 85, DC, 04, 00, 00, E8, A7, 09, 00, 00, FF, 35, 28, 06, FF, 6F, FF, 15, 7C, 10, F5, 6F, 85, C0, 75, 36, 68, 14, 02, 00, 00, 6A, 01, E8, 54, 09, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 84, CF, 92, 00, 00, 56, FF, 35, 28, 06, FF, 6F, FF, 15, 80, 10, F5, 6F...
 
[+]

Entropy:
6.8092

Code size:
633.5 KB (648,704 bytes)

44 ActiveX Installs
Name:
{39FC0CF9-86F3-4502-B773-D16706EDEC83}

Name:
{3F932FFA-F092-4FDB-92C5-1285978614D2}

Name:
{99C709C7-4F58-46C1-855B-90213C760395}

Name:
{85887165-031A-4297-BC4E-6B246C120B9C}

Name:
{F50B3F13-19C4-11CF-AA9A-02608C9BABA2}

Name:
{E4CF4E86-D0DC-4864-8F0E-4F6EA2526334}


Session Manager Known Dll
Name:
MSVCRT


The file msvcrt.dll has been seen being distributed by the following URL.

ftp://172.16.7.125/msvcrt.dll

Clean
kernel32.dll  (f9ac70c562ba70dd7917e99b00ed6878531de66f)

Clean
kernelbase.dll  (90b069cbc93c701394b47d4e830cdd7d384f5d5c)

Clean
ntdll.dll  (3a2bae6036ff2d23309a7b93ab562494c50df236)

Clean
shlwapi.dll  (0ba38e91bf0e9d554e8dfea0ed6ea1214f9952a3)

Clean
gdi32.dll  (6a20fe18619dc46e379c42f12ed761749053cbf9)

Clean
user32.dll  (8b997b38e179cd03c0a2e87bddbc1ebca39a8630)

Clean
advapi32.dll  (453d4c3bf4a489433b593420a37bbffb7749875a)

Clean
sechost.dll  (2ae4ea1e2f2248a86f0dd25a1cbf828b5496fa79)

Clean
rpcrt4.dll  (0a2886a248c8d157ba89f4d5296a0b30f1a6424c)

Clean
sspicli.dll  (fda5de62a80510b1e02dae814cd6caa0a8fa035f)

Clean
cryptbase.dll  (d5fefb6b6ab0591f28d878b2d05e301ddc7957ab)

Clean
lpk.dll  (769bd7c18f82272b110f3bad913b28b0f7401d09)

Clean
userenv.dll  (83d1722a35eb16b010d8c9f72c627e97d4642101)

Clean
PROFAPI.DLL  (263e8fbf77c0ceead0c9bca56394bffa4a664361)

Clean
VERSION.DLL  (a4f845318e095d841b05e1400747ee4c28e1f28e)

Clean
winmm.dll  (c53e005cd04d99331ce3114ac119256133202313)

Download Reason Core Security - Powerful anti-malware software