home

7o5a1c2k.exe

Virtual Additions Tray

Oracle Corporation

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘7o5A1C2K’.
Publisher:
Oracle Corporation  (signed and verified)

Product:
Virtual Additions Tray

Version:
2.1.6.5214

MD5:
45be43e6901fc0bb037e5f493b8732cb

SHA-1:
d96152d4b43569211681105c5d0c4d88fa9c5c14

SHA-256:
796bc5feff08025335e41b238dcb9b6c6469fbbb1ba21d289a874d156fa01449

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 11:53:50 PM UTC  (a few moments ago)

File size:
10.9 MB (11,417,800 bytes)

Product version:
2.1.6.5214

Copyright:
Copyright (C) 2009-2015, Oracle Corporation

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\3g1m2f5w2i0l0y0g\7o5a1c2k.exe

Digital Signature
Signed by:
Oracle Corporation

Authority:
Oracle Corporation

Valid from:
12/9/2015 10:22:48 AM

Valid to:
12/31/2039 8:59:59 PM

Subject:
CN=Oracle Corporation

Issuer:
CN=Oracle Corporation

Serial number:
62E3BF52C62B829249B518F70822215D

File PE Metadata
Compilation timestamp:
12/14/2015 4:26:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:p2qg2+dtD++sPej9hb5xxoaKSu4eoJCYyJHEKqEtFL:podj/j9TxxoaKqbJCYy+Kztx

Entry address:
0xABD09C

Entry point:
EB, 08, C0, A7, 97, 00, 00, 00, 00, 00, E9, EE, 47, EF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
10.6 MB (11,156,992 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
7o5A1C2K

Command:
C:\users\{user}\appdata\roaming\3g1m2f5w2i0l0y0g\7o5a1c2k.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.