MSVCR71.DLL

Microsoft Visual Studio .NET

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. MSVCR71.DLL is the runtime components of Visual C++ Libraries required to run applications developed with Visual C++ and is recompiled by TMRG, Inc.. While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module MSVCR71.DLL, “Microsoft® C Runtime Library” by TMRG has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.
Publisher:
Microsoft Corporation  (signed by TMRG, Inc.)

Product:
Microsoft® Visual Studio .NET

Description:
Microsoft® C Runtime Library

Version:
7.10.3052.4

MD5:
96a58a4af06cdfb1f82423583485f013

SHA-1:
f8b7d6266ca342694b4739e9f862e75407a56754

SHA-256:
9be8fba494c80622999ee4f3a0466d0b9bde5fe97cc0e6129460e47524da6017

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the runtime components of Visual C++ Libraries required to run applications developed with Visual C++. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/26/2024 2:21:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG (M)
16.11.6.17

File size:
344.6 KB (352,896 bytes)

Product version:
7.10.3052.4

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
MSVCR71.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\temp\{random}.tmp\msvcr71.dll

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/2/2009 8:00:00 AM

Valid to:
9/28/2011 7:59:59 AM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
2/21/2003 8:42:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:bcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlEz:boz83OtIEzW+/m/AyF7bCrO/Ez

Entry address:
0x229F

Entry point:
55, 8B, EC, 8B, 45, 0C, 83, F8, 01, 56, 57, 0F, 84, 50, FB, FF, FF, 33, FF, 3B, C7, 0F, 84, 6A, 54, 00, 00, 83, F8, 02, 75, D2, 68, 8C, 00, 00, 00, 6A, 01, E8, 8C, 00, 00, 00, 8B, F0, 3B, F7, 59, 59, 74, 34, 56, FF, 35, 30, B4, 38, 7C, FF, 15, 14, C9, 38, 7C, 85, C0, 56, 0F, 84, 77, 54, 00, 00, E8, D8, 00, 00, 00, 59, FF, 15, 24, A0, 37, 7C, 83, 4E, 04, FF, 89, 06, 33, C0, 40, 8D, 65, F8, 5F, 5E, 5D, C2, 0C, 00, 33, C0, EB, F3, 68, 0D, 24, 34, 7C, 64, A1, 00, 00, 00, 00, 50, 8B, 44, 24, 10, 89, 6C, 24, 10...
 
[+]

Entropy:
6.5681

Developed / compiled with:
Microsoft Visual C++

Code size:
228 KB (233,472 bytes)

Remove MSVCR71.DLL - Powered by Reason Core Security