vcruntime140.dll
First submission 2023-06-25 09:15:01
Last sumbission 2023-09-25 17:42:02
File details
| File type: | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 78.25 KB (80128 bytes) |
| Compile time: | 2018-10-13 01:04:53 |
| MD5: | 1b171f9a428c44acf85f89989007c328 |
| SHA1: | 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae |
| SHA256: | 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c |
| Import Hash : | 6a84b7445ccacd5d29ac27de2745f356 |
| Sections 5 | .text��� .data��� .idata�� .rsrc��� .reloc�� |
| Directories 6 | import export resource debug relocation security |
| Virus Total: | 0/70 VT report date: 2023-06-24 22:01:26 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://65.109.2.42/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll  |
65.109.2.42 |
2023-09-25 17:42:03 |
PE Sections 0 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0xdcf4 | 56832 | 3da089e38b693defcdc48a5bc9de6c752fa5cd46 | 28f8accc52cc26fb1cd342e0b86da949 | |
| .data��� | 0xf000 | 0x5f4 | 512 | 8f20f51d3120a29f73f5eac966c2c3d707e745a2 | 44f568c10e74e073142f81fd4e04d7e6 | |
| .idata�� | 0x10000 | 0x584 | 1536 | 105faec2dc8fcd60857288724616c55d1b26093e | 815d869d862ccfa9c90b3f4063cd90eb | |
| .rsrc��� | 0x11000 | 0x400 | 1024 | 145f6c89caf270e4bcebe93b986c04955d74be72 | 235918684f09b52b872f0a25b7267fe6 | |
| .reloc�� | 0x12000 | 0xa10 | 3072 | 35afbc8e084e566a5b966b515fe5cd58e837b1c0 | 8d6967b67a7b3932ec34879053146032 |
PE Resources 1
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x11060 | 928 |
Meta infos 9
| LegalCopyright: | \xa9 Microsoft Corporation. All rights reserved. |
| InternalName: | vcruntime140.dll |
| FileVersion: | 14.16.27012.6 built by: vcwrkspc |
| CompanyName: | Microsoft Corporation |
| ProductVersion: | 14.16.27012.6 |
| FileDescription: | Microsoft\xae C Runtime Library |
| Translation: | 0x0409 0x04b0 |
| OriginalFilename: | vcruntime140.dll |
| ProductName: | Microsoft\xae Visual Studio\xae 2017 |
Packers detected 1
| Borland Delphi 3.0 (???) |
Anti debug functions 5
| GetLastError |
| IsProcessorFeaturePresent |
| RaiseException |
| TerminateProcess |
| UnhandledExceptionFilter |
File signature
| MD5 | SHA1 | Block size | Virtual Address |
|---|---|---|---|
| cee32daf41a8cac84c026df54e3efc54 | b56477419af673365dacb941eb2583f80aa17fdb | 16128 | 64000 |
Strings analysis - File found
| Library |
| vcruntime140.dll |
| api-ms-win-crt-string-l1-1-0.dll |
| api-ms-win-crt-heap-l1-1-0.dll |
| api-ms-win-crt-runtime-l1-1-0.dll |
| KERNEL32.dll |
| api-ms-win-crt-stdio-l1-1-0.dll |
| api-ms-win-crt-convert-l1-1-0.dll |
Strings analysis - Possible URLs found 17
| http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 |
| http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z |
| http://www.microsoft.com/pkiops/docs/primarycps.htm0@ |
| http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X |
| http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 |
| http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 |
| http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z |
| http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T |
| http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 |
| http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0 |
| http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 |
| http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0 |
| http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z |
| http://www.microsoft.com/PKI/docs/CPS/default.htm0@ |
| http://www.microsoft.com0 |
| http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 |
| http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a |
Import functions
PE Exports 81 suspicious
| Function | Address |
|---|---|
| _CreateFrameInfo | 0x1000d7a0 |
| _CxxThrowException | 0x10007680 |
| _EH_prolog | 0x1000df30 |
| _FindAndUnlinkFrame | 0x1000d7d0 |
| _IsExceptionObjectToBeDestroyed | 0x10005af0 |
| _NLG_Dispatch2 | 0x10003f63 |
| _NLG_Return | 0x10002707 |
| _NLG_Return2 | 0x10003f6d |
| _SetWinRTOutOfMemoryExceptionCallback | 0x10005b20 |
| __AdjustPointer | 0x10005b30 |
| __BuildCatchObject | 0x10006a60 |
| __BuildCatchObjectHelper | 0x10006a70 |
| __CxxDetectRethrow | 0x10006a90 |
| __CxxExceptionFilter | 0x10006ae0 |
| __CxxFrameHandler | 0x1000d8b0 |
| __CxxFrameHandler2 | 0x1000d8b0 |
| __CxxFrameHandler3 | 0x1000d8b0 |
| __CxxLongjmpUnwind | 0x1000d8f0 |
| __CxxQueryExceptionSize | 0x10006c20 |
| __CxxRegisterExceptionObject | 0x10006c30 |
| __CxxUnregisterExceptionObject | 0x10006ce0 |
| __DestructExceptionObject | 0x10005a40 |
| __FrameUnwindFilter | 0x10005b60 |
| __GetPlatformExceptionInfo | 0x10005bb0 |
| __RTCastToVoid | 0x10007250 |
| __RTDynamicCast | 0x100072d0 |
| __RTtypeid | 0x100073d0 |
| __TypeMatch | 0x10006a80 |
| __current_exception | 0x10005c00 |
| __current_exception_context | 0x10005c10 |
| __intrinsic_setjmp | 0x10003d60 |
| __processing_throw | 0x10005c20 |
| __report_gsfailure | 0x1000df80 |
| __std_exception_copy | 0x10007460 |
| __std_exception_destroy | 0x100074d0 |
| __std_terminate | 0x10005c30 |
| __std_type_info_compare | 0x10007510 |
| __std_type_info_destroy_list | 0x10007550 |
| __std_type_info_hash | 0x10007580 |
| __std_type_info_name | 0x100075b0 |
| __telemetry_main_invoke_trigger | 0x10003f70 |
| __telemetry_main_return_trigger | 0x10003f70 |
| __unDName | 0x1000d3e0 |
| __unDNameEx | 0x1000d410 |
| __uncaught_exception | 0x100076f0 |
| __uncaught_exceptions | 0x10007710 |
| __vcrt_GetModuleFileNameW | 0x10007d10 |
| __vcrt_GetModuleHandleW | 0x10007d30 |
| __vcrt_InitializeCriticalSectionEx | 0x10007c60 |
| __vcrt_LoadLibraryExW | 0x10007d40 |
| _chkesp | 0x100045e0 |
| _except_handler2 | 0x10003928 |
| _except_handler3 | 0x100039f8 |
| _except_handler4_common | 0x10004480 |
| _get_purecall_handler | 0x10007d60 |
| _get_unexpected | 0x10007720 |
| _global_unwind2 | 0x10003e30 |
| _is_exception_typeof | 0x10005c40 |
| _local_unwind2 | 0x10003e96 |
| _local_unwind4 | 0x10003b30 |
| _longjmpex | 0x10003e20 |
| _purecall | 0x10007d80 |
| _seh_longjmp_unwind | 0x10003b04 |
| _seh_longjmp_unwind4 | 0x10003c08 |
| _set_purecall_handler | 0x10007da0 |
| _set_se_translator | 0x10007780 |
| _setjmp3 | 0x10003da0 |
| longjmp | 0x10003fd0 |
| memchr | 0x10002730 |
| memcmp | 0x10004a90 |
| memcpy | 0x100027e0 |
| memmove | 0x10002d60 |
| memset | 0x100032e0 |
| set_unexpected | 0x10007740 |
| strchr | 0x10003440 |
| strrchr | 0x10003570 |
| strstr | 0x100036b0 |
| unexpected | 0x10007760 |
| wcschr | 0x10003ff0 |
| wcsrchr | 0x100040c0 |
| wcsstr | 0x10004170 |
| Name | Latest seen | MD5 |
|---|---|---|
| vcruntime140.dll | 2023-09-30 19:25:01 | a37ee36b536409056a86f50e67777dd7 |