home

directx_9.0c.exe

OOO Soft-Media

The application directx_9.0c.exe by OOO Soft-Media has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 14load.rloadload.com.
Publisher:
OOO Soft-Media  (signed and verified)

MD5:
6aa425ed4ee3ac1b62f8f88ba90640cc

SHA-1:
b52b6a8979e869b0eec27be533405deee8436526

SHA-256:
919b2152e3e42b14f0ae86a3cfdb3d43a4a5731d8d48af32bdaa4daf1e4420b7

Scanner detections:
29 / 68

Status:
Adware

Analysis date:
11/27/2024 6:38:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OZU
6710445

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.Webalta
2015.03.03

Avira AntiVirus
Adware/Webalta.qoys
7.11.213.58

avast!
Win32:Webalta-M [PUP]
150129-1

AVG
Adware Generic5.BTVT
2014.0.4253

Bitdefender
Adware.Agent.OZU
1.0.20.310

Comodo Security
Application.Win32.Webalta.GU
21273

Dr.Web
Adware.Downware.5907
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OZU
9.0.0.4799

ESET NOD32
Win32/AdWare.Toolbar.Webalta.GW application
7.0.302.0

F-Prot
W32/A-00d1dcea
v6.4.7.1.166

F-Secure
Adware.Agent.OZU
11.2015-03-03_3

G Data
Adware.Agent.OZU
15.3.25

IKARUS anti.virus
AdWare.Adload
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.200.15139

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
15.0.0.543

McAfee
Program.PUP-FPY
16.8.708.2

MicroWorld eScan
Adware.Agent.OZU
16.0.0.186

NANO AntiVirus
Trojan.Win32.LMN.dfjlfo
0.30.0.296

Norman
Adware.Agent.OZU
03.12.2014 13:20:04

nProtect
Adware.Agent.OZU
15.03.03.01

Quick Heal
Downloader.LMN.A8
3.15.14.00

Reason Heuristics
PUP.OOOSoftMedia
15.3.3.5

Sophos
PUA 'WebAlta Toolbar' (of type Adware)
5.11

SUPERAntiSpyware
Adware.Downware
10021

Vba32 AntiVirus
Downware.iDatix.gen
3.12.26.3

VIPRE Antivirus
Threat.4150696
37788

Zillya! Antivirus
Trojan.Black.Win32.19215
2.0.0.2088

File size:
1.1 MB (1,120,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\directx_9.0c.exe

Digital Signature
Signed by:
OOO Soft-Media

Authority:
COMODO CA Limited

Valid from:
10/16/2013 9:00:00 AM

Valid to:
10/17/2014 8:59:59 AM

Subject:
CN=OOO Soft-Media, O=OOO Soft-Media, STREET="Sovetskaya Ulitsa, 142", L=Irkutsk Gorod, S=Moscow, PostalCode=664009, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF2A3EF42C4224E0B9C35ACC1217B079

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:HrqKp9iBH1ad9JyJbuao4hLGskYSBT+gLnN5fBC6+6FuPN:HkBH1Y9Jy5GILDbGDZC2I

Entry address:
0x7D81C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 94, D5, 47, 00, E8, A0, 90, F8, FF, A1, C4, FA, 47, 00, 8B, 00, E8, E4, 04, FE, FF, 8B, 0D, C8, FA, 47, 00, A1, C4, FA, 47, 00, 8B, 00, 8B, 15, 18, 32, 47, 00, E8, E4, 04, FE, FF, 8B, 0D, E4, F8, 47, 00, A1, C4, FA, 47, 00, 8B, 00, 8B, 15, 7C, 30, 47, 00, E8, CC, 04, FE, FF, 8B, 0D, 40, FB, 47, 00, A1, C4, FA, 47, 00, 8B, 00, 8B, 15, 70, D3, 47, 00, E8, B4, 04, FE, FF, A1, C4, FA, 47, 00, 8B, 00, E8, 28, 05, FE, FF, E8, 2B, 6B, F8, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
498.5 KB (510,464 bytes)

The file directx_9.0c.exe has been seen being distributed by the following URL.

http://14load.rloadload.com/mload.php?param3=1&ic=1&param2=MjQ3OTY0NF85M181OTI=&d=MjQ3OTY0NA==&name=RGlyZWN0WF85LjBjXzI0Nzk2NDRfNTky

Remove directx_9.0c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.