home

oi_visualbcd_0.exe

Installer

OI Software, Inc.

The application oi_visualbcd_0.exe by OI Software has been detected as adware by 12 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
VisualBcd_0  (signed by OI Software, Inc.)

Product:
Installer

Version:
1, 0, 0, 1

MD5:
2e8a991755ede91fa335b346e3c0bff5

SHA-1:
dbb99e2fa421f4daa795d86529a9cbd6bcbe57ef

SHA-256:
4f7241f6174b761b71c5ef21fabc5bd3dae52d9863311441bf759997b640dc03

Scanner detections:
12 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Analysis date:
4/25/2024 9:38:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Adware
7.1.1

Avira AntiVirus
Adware/OpenInstall.A.119
7.11.193.42

avast!
Win32:OpenInstall-H [PUP]
2014.9-141216

Comodo Security
Application.Win32.AdWare.OpenInstall.A
20288

Dr.Web
Adware.OpenInstall.1
9.0.1.0350

ESET NOD32
Win32/OpenInstall potentially unwanted application
8.7.0.302.0

IKARUS anti.virus
Win32.Malware
t3scan.1.8.5.0

Malwarebytes
PUP.BundleInstaller.OI
v2014.12.16.03

Reason Heuristics
PUP.Installer.OISoftware.O
14.9.2.18

Sophos
PUA 'Open Install'
58

Trend Micro House Call
HV_ZYX_CA22681B.TOMC
7.2.350

Vba32 AntiVirus
Signed-Adware.Hotbar
3.12.26.3

File size:
213.1 KB (218,184 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright © 2010

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\oi_visualbcd_0.exe

Digital Signature
Signed by:
OI Software, Inc.

Authority:
VeriSign, Inc.

Valid from:
11/30/2010 2:00:00 AM

Valid to:
12/1/2011 1:59:59 AM

Subject:
CN="OI Software, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="OI Software, Inc.", L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
47E25BFB5C4E24A51FE4414067EF5CA5

File PE Metadata
Compilation timestamp:
6/20/2011 4:00:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:AQwwjHs48fKeJxEnuZSXc3A+sboT8mau7W8da:AzwjBeJxGutfPT8mhKIa

Entry address:
0x733A0

Entry point:
60, BE, 00, 50, 44, 00, 8D, BE, 00, C0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
188 KB (192,512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove oi_visualbcd_0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.