home

defender-installer.exe

OSHI Defender

OSHI LIMITED

The application defender-installer.exe by OSHI LIMITED has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.oshidefender.com and multiple other hosts.
Publisher:
OSHI LIMITED  (signed and verified)

Product:
OSHI Defender

Version:
1.8.8

MD5:
c51b3138fc7668ea76ab06197c8ddc34

SHA-1:
d7c72d510ad8a3ef7d8a485e1df2c70caec13a13

SHA-256:
6b7a9b68e270741aa359f0dfaafdd07bf2ff6f8fbafc3e43b085a6b15738e15f

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2025 3:35:58 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OSHI.A potentially unwanted (variant)
10.14500

Malwarebytes
PUP.Optional.OSHIDefender
v2016.11.25.10

McAfee
Artemis!C51B3138FC76
5600.6205

Rising Antivirus
Malware.Generic!ktKg0VDDBo@5 (thunder)
23.00.65.161123

File size:
2.2 MB (2,333,320 bytes)

Product version:
1.8.8.5ea878494da8

Copyright:
Copyright (c) 2015 OSHI Limited. All rights reserved.

Original file name:
WebInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\defender-installer.exe

Digital Signature
Signed by:
OSHI LIMITED

Authority:
DigiCert Inc

Valid from:
4/20/2016 5:30:00 AM

Valid to:
7/21/2017 5:30:00 PM

Subject:
CN=OSHI LIMITED, O=OSHI LIMITED, L=Hong Kong, C=HK

Issuer:
CN=DigiCert SHA2 High Assurance Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02D840CE73077C6DE36EFAFB8A8DCF7B

File PE Metadata
Compilation timestamp:
11/22/2016 11:35:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:9V843iw/HBors6NkVXaYnfOT7PT0ZNdgdArZoe:9zz/hk/qVXZCSdK9e

Entry address:
0x2E7A50

Entry point:
60, BE, 00, B0, 4B, 00, 8D, BE, 00, 60, F4, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 2D, 55, 2E, 00, 57, 83, C3, 04, 53, 68, 47, CA, 22, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9948  (probably packed)

Code size:
2.2 MB (2,285,568 bytes)

The file defender-installer.exe has been seen being distributed by the following 2 URLs.

https://www.oshidefender.com/software/.../Defender-Installer.exe

http://www.oshidefender.com/software/download/.../Defender-Installer.exe

Remove defender-installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.