home

oracle 11g odbc driver in_10924_i71704867_il345.exe

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

LLC BUDІMEKS

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application oracle 11g odbc driver in_10924_i71704867_il345.exe by LLC BUDІMEKS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Microsoft Corporation  (signed by LLC BUDІMEKS)

Product:
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501

Version:
12.0.30501.0

MD5:
37c1ff947c3640f5bba0d584a4fec9ef

SHA-1:
624acd0932b737fe87d9443476440d1f59918629

SHA-256:
db307bd7ffd13d7b53d3555dd273fb4e0cfb6527dfd4bf51fa2ea1b579e4f6e5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 7:34:45 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.Bundler (M)
17.3.13.11

File size:
880 KB (901,136 bytes)

Product version:
12.0.30501.0

Copyright:
Copyright (c) Microsoft Corporation. All rights reserved.

Original file name:
vcredist_x64.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
LLC BUDІMEKS

Authority:
COMODO CA Limited

Valid from:
8/27/2015 5:30:00 AM

Valid to:
8/27/2016 5:29:59 AM

Subject:
CN=LLC BUDІMEKS, O=LLC BUDІMEKS, STREET=Cvitna 34, L=Gorodockey area Galichani vilage, S=Lvovskaja, PostalCode=81523, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E9F1B23ADDECC133378F48EBB20F9E3D

File PE Metadata
Compilation timestamp:
10/17/2015 11:32:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1544FC

Entry point:
68, 70, 66, 97, DC, E8, 6D, D8, FE, FF, 20, FD, 97, 81, CB, 75, 65, 57, 7E, B6, AB, FE, 69, 7E, 9F, AD, E9, A8, 81, 15, EF, B3, 57, 7E, DA, 06, 3B, 57, 7E, DA, 09, 36, 68, 7E, DF, 6A, BD, A8, 81, 71, 5F, 73, 57, 7E, 10, 95, 45, 7C, CE, 25, FC, 81, B9, 86, DF, 83, 8D, 44, 5F, 7E, 5C, 00, 0C, 60, 7E, B7, E7, 38, 60, 7E, 30, 19, 60, 7E, 87, F2, E7, 60, 7E, F5, 99, A0, 81, A2, D2, C4, 7B, DC, 96, A0, 81, 5C, 96, 00, 9F, 81, 97, F0, B3, 83, E8, 9B, CA, 81, B5, 5C, 6E, 84, AF, FD, 0B, 7E, BA, 42, 06, 35, 7E, 11...
 
[+]

Entropy:
7.9106  (probably packed)

Code size:
861 KB (881,664 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.