home

MSVCP71.DLL

Microsoft Visual Studio .NET

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. MSVCP71.DLL is the runtime components of Visual C++ Libraries required to run applications developed with Visual C++ and is recompiled by TMRG, Inc.. While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module MSVCP71.DLL, “Microsoft® C++ Runtime Library” by TMRG has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.
Publisher:
Microsoft Corporation  (signed by TMRG, Inc.)

Product:
Microsoft® Visual Studio .NET

Description:
Microsoft® C++ Runtime Library

Version:
7.10.3077.0

MD5:
9d60a0798b44bc4485a0f33dc88ec079

SHA-1:
566a3c45f3d5ac95633cfc9f25a96842826d7539

SHA-256:
289d1253c1ec2147e39117d9e8508545480653197c4bb93aee3771ee3cd28ad4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the runtime components of Visual C++ Libraries required to run applications developed with Visual C++. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
4/25/2024 9:47:17 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG (M)
16.11.6.10

File size:
492.6 KB (504,448 bytes)

Product version:
7.10.3077.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
MSVCP71.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\temp\{random}.tmp\msvcp71.dll

Digital Signature
Signed by:
TMRG, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
9/2/2009 8:00:00 AM

Valid to:
9/28/2011 7:59:59 AM

Subject:
CN="TMRG, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="TMRG, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
0C22D897C820001A2C4C01D3AEBB98E8

File PE Metadata
Compilation timestamp:
3/19/2003 12:14:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:jJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eqk:jZxvBnxOJ7ki3Ooc8iHkC2ex

Entry address:
0x2DB0

Entry point:
6A, 0C, 68, E8, 1C, 3D, 7C, E8, EB, EA, FF, FF, 33, C0, 40, 89, 45, E4, 33, FF, 89, 7D, FC, 8B, 75, 0C, 3B, F7, 75, 0C, 39, 3D, 10, 33, 41, 7C, 0F, 84, AC, 00, 00, 00, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 60, 51, 41, 7C, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, FB, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, A6, AB, 02, 00, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Entropy:
6.4356

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
188 KB (192,512 bytes)

Remove MSVCP71.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.