» MFC100.DLL
Overview
Analysis
File Details

MFC100.DLL

Microsoft Visual Studio 10

Nanjing Tongxiang Network Technology Co.,LTD

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library MFC100.DLL, “MFCDLL Shared Library - Retail Version” has been detected as malware by 3 anti-virus scanners.

File name:

MFC100.DLL

Publisher:

Microsoft Corporation (signed by Nanjing Tongxiang Network Technology Co.,LTD)

Product:

Microsoft® Visual Studio® 10

Description:

MFCDLL Shared Library - Retail Version

Version:

10.00.40219.01

MD5:

d0f2193476d2f8aec886e327e07c1d39

SHA-1:

cbd76df193e918db3968ae02f01e5eca3ef6e3e1

SHA-256:

c05dccbc7ac22ed5596554220496b52721ad9dfd7a36d79ada4053efd3b74b06

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

4/25/2024 5:54:42 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.16.24

File size:

4.3 MB (4,476,207 bytes)

Product version:

10.00.40219.01

Original file name:

MFC100.DLL

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\wi-fi\mfc100.dll

Digital Signature

Signed by:

Nanjing Tongxiang Network Technology Co.,LTD

Authority:

VeriSign, Inc.

Valid from:

3/17/2014 4:00:00 PM

Valid to:

3/17/2017 3:59:59 PM

Subject:

CN="Nanjing Tongxiang Network Technology Co.,LTD", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Nanjing Tongxiang Network Technology Co.,LTD", L=Nanjing, S=Jiangsu, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6AC8AF24C602CB90FE71875F1C4CEC80

File PE Metadata

Compilation timestamp:

2/18/2011 6:23:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

Entry address:

0x25DAA9

Entry point:

E9, D4, 16, 02, 00, 83, 7D, 0C, 01, 75, 05, E8, C8, 03, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, C7, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 98, A9, E1, 78, 89, 0D, 94, A9, E1, 78, 89, 15, 90, A9, E1, 78, 89, 1D, 8C, A9, E1, 78, 89, 35, 88, A9, E1, 78, 89, 3D, 84, A9, E1, 78, 66, 8C, 15, B0, A9, E1, 78, 66, 8C, 0D, A4, A9, E1, 78, 66, 8C, 1D, 80, A9, E1, 78, 66, 8C, 05, 7C, A9, E1, 78, 66, 8C, 25, 78, A9, E1, 78, 66, 8C, 2D, 74, A9, E1, 78... 
[+]

Entropy:

7.0738

Packer / compiler:

Xtreme-Protector v1.05

Code size:

2.7 MB (2,813,952 bytes)

Remove MFC100.DLL - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.