home

msvcp100.dll

Microsoft Visual Studio 2010

LionSea Software co., ltd

msvcp100.dll is the runtime components of Visual C++ Libraries required to run applications developed with Visual C++ and is recompiled by LionSea Software co., ltd. While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module msvcp100.dll, “Microsoft® C Runtime Library” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Microsoft Corporation  (signed by LionSea Software co., ltd)

Product:
Microsoft® Visual Studio® 2010

Description:
Microsoft® C Runtime Library

Version:
10.00.30319.460

MD5:
f72266630137e02e57b9814a01c2d8ae

SHA-1:
88cf0d0412c434616618d68858cc7c7d016d82f1

SHA-256:
69c2a27d9a632ec6cc0fb98bb383031fea70d806d83bcbfb8b2c086e26d12105

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the runtime components of Visual C++ Libraries required to run applications developed with Visual C++. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/23/2024 3:00:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LionSea (M)
16.8.5.20

File size:
487.9 KB (499,583 bytes)

Product version:
10.00.30319.460

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
msvcp100.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\drivertuner\msvcp100.dll

Digital Signature
Signed by:
LionSea Software co., ltd

Authority:
Symantec Corporation

Valid from:
5/17/2016 5:00:00 PM

Valid to:
7/17/2019 4:59:59 PM

Subject:
CN="LionSea Software co., ltd", O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59ACFBA6E3C65985E3C197DEF1765A78

File PE Metadata
Compilation timestamp:
4/22/2011 1:00:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:N4VzUPHHJ7WmWOefM7p+wJnqkb70hUgiW6QR7t5qv3Ooc8UHkC2eHWABjvrEH7v:N9PHp7WnOmM7p+wJnqU7dv3Ooc8UHkCu

Entry address:
0x33CD4

Entry point:
E9, 09, 60, FD, FF, 83, 7D, 0C, 01, 75, 05, E8, 36, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, C7, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, FF, 25, B0, 11, 05, 78, CC, CC, CC, CC, CC, CC, FF, 25, C0, 11, 05, 78, CC, CC, CC, CC, CC, 6A, 0A, FF, 15, 24, 10, 05, 78, A3, 14, 1A, 0B, 78, 33, C0, C3, CC, CC, CC, CC, CC, FF, 25, C4, 11, 05, 78, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 68, 9E, 3D, 08, 78, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10...
 
[+]

Entropy:
6.9660

Packer / compiler:
Xtreme-Protector v1.05

Code size:
371.5 KB (380,416 bytes)

Remove msvcp100.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.