home

oi_details.exe

Installer

OI Software, Inc.

The application oi_details.exe by OI Software has been detected as adware by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
OpenInstall  (signed by OI Software, Inc.)

Product:
Installer

Version:
1, 0, 0, 1

MD5:
3184ddbd5a8a39282f4a5a99025ec41d

SHA-1:
2a757a88cd9bc63456051be88bb643965c5bdb44

SHA-256:
62295c8180aafc4b8fa2b289999e374a49883e3d5637fc500d7db1cd0bb9666f

Scanner detections:
12 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
4/18/2024 3:26:57 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Adware
7.1.1

Avira AntiVirus
Adware/OpenInstall.A.119
7.11.193.42

avast!
Win32:OpenInstall-H [PUP]
2014.9-141216

Comodo Security
Application.Win32.AdWare.OpenInstall.A
20288

Dr.Web
Adware.OpenInstall.1
9.0.1.0350

ESET NOD32
Win32/OpenInstall potentially unwanted application
8.7.0.302.0

IKARUS anti.virus
Win32.Malware
t3scan.1.8.5.0

Malwarebytes
PUP.BundleInstaller.OI
v2014.12.16.03

Reason Heuristics
PUP.Installer.OISoftware.K
14.9.2.18

Sophos
PUA 'Open Install'
58

Trend Micro House Call
HV_ZYX_CA22681B.TOMC
7.2.350

Vba32 AntiVirus
Signed-Adware.Hotbar
3.12.26.3

File size:
212.6 KB (217,664 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright © 2010

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\oi_details.exe

Digital Signature
Signed by:
OI Software, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/29/2010 7:00:00 PM

Valid to:
11/30/2011 6:59:59 PM

Subject:
CN="OI Software, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="OI Software, Inc.", L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47E25BFB5C4E24A51FE4414067EF5CA5

File PE Metadata
Compilation timestamp:
6/15/2011 10:32:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:MEJ09tVR7b1O6nZgROkzqxTsa+K+tLTyPWq:MAIVd1VaRITYKO3YWq

Entry address:
0x730B0

Entry point:
60, BE, 00, 50, 44, 00, 8D, BE, 00, C0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7278

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
188 KB (192,512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove oi_details.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.