» MFC80U.DLL
Overview
Analysis
File Details

MFC80U.DLL

Microsoft Visual Studio 2005

LionSea Software co., ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module MFC80U.DLL, “MFCDLL Shared Library - Retail Version” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

MFC80U.DLL

Publisher:

Microsoft Corporation (signed by LionSea Software co., ltd)

Product:

Microsoft® Visual Studio® 2005

Description:

MFCDLL Shared Library - Retail Version

Version:

8.00.50727.42

MD5:

622303d133bf3783910453c83315ba7f

SHA-1:

f5289c86fb45507d6ad1ed4321ab4e88df8906c2

SHA-256:

d06e2167317d11918f7f7df66147982abcb84527da5b0c575157502b2074a06f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 12:29:28 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.LionSea (M)

16.11.19.5

File size:

1 MB (1,085,784 bytes)

Product version:

8.00.50727.42

Original file name:

MFC80U.DLL

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\lionsea\lionsea video converter\mfc80u.dll

Digital Signature

Signed by:

LionSea Software co., ltd

Authority:

VeriSign, Inc.

Valid from:

2/8/2012 4:00:00 AM

Valid to:

2/8/2013 3:59:59 AM

Subject:

CN="LionSea Software co., ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5C82730AFCB40651922D0DB016CEEFF7

File PE Metadata

Compilation timestamp:

9/23/2005 11:57:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:7cjuAvWpleIONBS94y3ixrBxRFwY0uv8DQ7r:7cjuAQCBmixrBxRFV68n

Entry address:

0xC3362

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, 08, 03, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, CD, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E8, 98, 3C, 78, 89, 0D, E4, 98, 3C, 78, 89, 15, E0, 98, 3C, 78, 89, 1D, DC, 98, 3C, 78, 89, 35, D8, 98, 3C, 78, 89, 3D, D4, 98, 3C, 78, 66, 8C, 15, 00, 99, 3C, 78, 66, 8C, 0D, F4, 98, 3C, 78, 66, 8C, 1D, D0, 98, 3C, 78, 66, 8C, 05, CC, 98, 3C, 78, 66, 8C, 25, C8, 98, 3C, 78, 66, 8C, 2D, C4, 98, 3C, 78, 9C, 8F, 05, F8, 98, 3C, 78, 8B, 45... 
[+]

Entropy:

6.5302

Code size:

912 KB (933,888 bytes)

Remove MFC80U.DLL - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.