home

WindowsCodec.exe

Windows Essentials Codec Pack

OR Interactive Ltd

The application WindowsCodec.exe, “Windows Essentials Codec Pack is the only codec pack you'll ever need to play all the movies, music and flash files that you download off the internet” by OR Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.windows-codec.com.
Publisher:
Open Source Developer  (signed by OR Interactive Ltd)

Product:
Windows Essentials Codec Pack

Description:
Windows Essentials Codec Pack is the only codec pack you'll ever need to play all the movies, music and flash files that you download off the internet

Version:
1.0.0.1

MD5:
d3b82801e7a88deeacb29f28f972ae56

SHA-1:
6a3cdac81ee93ca86092ab7f8f500a602f2c946e

SHA-256:
5efd66b0e057a63c5bba032a4d8018cfffdc7bb4c08ae3f6c9755ab9839c07f6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2024 10:34:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ORInteractive.M
14.6.23.14

File size:
1 MB (1,077,312 bytes)

Product version:
1.0.0.1

Copyright:
© 2013 Open Source Developer

Original file name:
WindowsCodec.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\windowscodec.exe

Digital Signature
Signed by:
OR Interactive Ltd

Authority:
Symantec Corporation

Valid from:
9/24/2013 2:00:00 AM

Valid to:
10/10/2015 1:59:59 AM

Subject:
CN=OR Interactive Ltd, O=OR Interactive Ltd, L=Tel Aviv, S=Tel Aviv, C=IL, SERIALNUMBER=513532689, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3357D3B663AC98667EAF8311A14D9441

File PE Metadata
Compilation timestamp:
6/16/2014 8:01:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:PWrB83F37+g+OhBlw3LdHUoMEnqayNuC/28:8B83F3ig+WUdHUSnqjNuC7

Entry address:
0x282C5

Entry point:
E8, B2, 4E, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 60, 4D, 45, 00, 75, 02, F3, C3, E9, 34, 4F, 00, 00, 8B, FF, 51, C7, 01, 90, 5D, 44, 00, E8, 2C, 50, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 2A, 19, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 6C, 50, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, 5C, 1B, 00, 00, 53...
 
[+]

Code size:
262.5 KB (268,800 bytes)

The file WindowsCodec.exe has been seen being distributed by the following URL.

http://dl.windows-codec.com/WindowsCodec.exe

Remove WindowsCodec.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.