home

viva.exe

It runs as a separate (within the context of its own process) windows Service named “COM+ Live Service”. The file has been seen being downloaded from sdlc-esd.oracle.com and multiple other hosts.
MD5:
a6efa59caac7e6ef7262c5e4681893d8

SHA-1:
c0d9557948732305878912f265d292e11dad7ee6

SHA-256:
ecbe1b314ea5c0912ac213842a68774514e4f267433aa3cd13f900ff0ca9edee

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/23/2024 1:28:15 AM UTC  (today)

File size:
17.6 KB (18,033 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\viva\viva.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
384:pb3E3rGKtQhWkP9p2VprE3HRL0lNODwrz6QQ:p7hW6h0ODwiQQ

Entry point:
EF, BB, BF, 3C, 21, 44, 4F, 43, 54, 59, 50, 45, 20, 68, 74, 6D, 6C, 20, 50, 55, 42, 4C, 49, 43, 20, 22, 2D, 2F, 2F, 57, 33, 43, 2F, 2F, 44, 54, 44, 20, 58, 48, 54, 4D, 4C, 20, 31, 2E, 30, 20, 54, 72, 61, 6E, 73, 69, 74, 69, 6F, 6E, 61, 6C, 2F, 2F, 45, 4E, 22, 20, 22, 68, 74, 74, 70, 3A, 2F, 2F, 77, 77, 77, 2E, 77, 33, 2E, 6F, 72, 67, 2F, 54, 52, 2F, 78, 68, 74, 6D, 6C, 31, 2F, 44, 54, 44, 2F, 78, 68, 74, 6D, 6C, 31, 2D, 74, 72, 61, 6E, 73, 69, 74, 69, 6F, 6E, 61, 6C, 2E, 64, 74, 64, 22, 3E, 0D, 0A, 3C, 68...
 
[+]

Entropy:
4.0463

Service
Display name:
COM+ Live Service

Service name:
COMLiveService

Type:
Win32OwnProcess


The file viva.exe has been seen being distributed by the following 2 URLs.

http://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/.../jxpiinstall.exe

http://192.168.1.1/.../index.html?url=www.filessigncycle.com

Scan viva.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.