loader.exe

Updater

SOFTWARE AGILITY LIMITED

The application loader.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program Oxy updater by SOFTWARE AGILITY LIMITED which is a potentially unwanted software program. While running, it connects to the Internet address dmpro-ca-01.fooservers.com on port 80 using the HTTP protocol.
Publisher:
SOFTWARE AGILITY LIMITED

Product:
Updater

Version:
1,0,0,22

MD5:
97747a1c63b74b84c4b56f8f50dbe52b

SHA-1:
0c48bc63459ab0c45a21abc86354e3858a592980

SHA-256:
7a4df881d02ad1ac12d9be3bb57c0e415567b8d5adec87e19363e80ef0f002f4

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
8/19/2018 4:22:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.98733
923

AhnLab V3 Security
PUP/Win32.Graftor
2014.07.25

Baidu Antivirus
Adware.Win32.OxyPumper
4.0.3.14726

Bitdefender
Gen:Variant.Adware.Zusy.98733
1.0.20.1035

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.98733
8.14.07.26.03

ESET NOD32
Win32/AdWare.OxyPumper (variant)
8.10151

F-Secure
Gen:Variant.Adware.Zusy.98733
11.2014-26-07_7

G Data
Gen:Variant.Adware.Zusy.98733
14.7.24

IKARUS anti.virus
AdWare.OxyPumper
t3scan.1.6.1.0

MicroWorld eScan
Gen:Variant.Adware.Zusy.98733
15.0.0.621

File size:
454 KB (464,896 bytes)

Product version:
1,0,0,22

Copyright:
SOFTWARE AGILITY LIMITED

Original file name:
Updater

File type:
Executable application (Win32 EXE)

Language:
Ryska (Ryssland)

Common path:
C:\users\{user}\appdata\roaming\oxy\loader.exe

File PE Metadata
Compilation timestamp:
7/25/2014 9:40:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:TMQURytU4L0jmonmy/ARCFDX91KjQiJ8cZzmMTNcFVFzdhR0ZcMF4HmA:d6KXJ8cVmMTN4rR0ZcMF4H

Entry address:
0x371D1

Entry point:
E8, B3, 8D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 60, 11, 00, 00, 3B, 0D, 68, D3, 46, 00, 75, 02, F3, C3, E9, 2F, 8E, 00, 00, 8B, C1, 83, 60, 04, 00, C7, 00, F0, 0C, 46, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, F0, 0C, 46, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, F8, 0C, 46, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, 49, 8F, 00, 00, 8D, 70, 01, 56, E8, 62, 10, 00, 00, 59...
 
[+]

Code size:
361.5 KB (370,176 bytes)

Scheduled Task
Task name:
Oxy Updater

Trigger:
Daily (Runs daily at 22:06)


The file loader.exe has been discovered within the following program.

Oxy updater  by SOFTWARE AGILITY LIMITED
The Oxy updater adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/popunder ads.
76% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dmpro-ca-01.fooservers.com  (167.114.156.214:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.90:80)

TCP (HTTP):
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:80)

Remove loader.exe - Powered by Reason Core Security