home

oxy.exe

Oxy

FINEDREAM INVEST LTD

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application oxy.exe by FINEDREAM INVEST has been detected as adware by 7 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler. This file is typically installed with the program Oxy version 1.0 by Escolade Solutions LTD which is a potentially unwanted software program. While running, it connects to the Internet address l2.login.vip.bf1.yahoo.com on port 80 using the HTTP protocol. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Escolade Solutions LTD  (signed by FINEDREAM INVEST LTD)

Product:
Oxy

Version:
24.0.1302.0

MD5:
7f6836a68de19748d50aadf8c9fba13d

SHA-1:
5b426f875b03b7de51edd110d7b53f144ffa0a7e

SHA-256:
38f703f9f1cb51b19f32174e94dedfc7c996d82ce3332554b9feae53d31cffca

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/26/2024 6:20:57 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/iPumper.AR.3
7.11.122.188

avast!
Win32:Adware-BGS [PUP]
2014.9-140102

AVG
Skodna.Bundle
2014.0.3637

Bkav FE
W32.Clod932.Trojan
1.3.0.4613

IKARUS anti.virus
AdWare.iPumper
t3scan.2.2.29

Reason Heuristics
PUP.Task.FINEDREAMINVEST.D
14.8.7.22

Trend Micro House Call
TROJ_GEN.F47V1029
7.2.336

File size:
1.1 MB (1,183,616 bytes)

Product version:
24.0.1302.0

Copyright:
Copyright 2013 Escolade Solutions LTD. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\oxy\application\oxy.exe

Digital Signature
Signed by:
FINEDREAM INVEST LTD

Subject:
CN=FINEDREAM INVEST LTD, O=FINEDREAM INVEST LTD, STREET=11 ROSEMONT ROAD HAMPSTEAD, L=LONDON, S=HAMPSTEAD, PostalCode=NW3 6NG, C=GB

Serial number:
00C5ED3DAB73641CD0D161EE50202FB462

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24576:OMajZBO11N6ho22dU4VzYD74D2pu5YkejrWG/gfCDO:1ajajR22zSDQWIhe2r0O

Entry point:
E8, E0, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 4C, 12, 4B, 00, 57, FF, 35, 74, 5B, 51, 00, FF, D6, FF, 35, 70, 5B, 51, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 36, AC, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 1E, 66, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Entropy:
6.3784

Scheduled Task
Task name:
RunAsStdUser Task

Trigger:
Registration (Runs on registration)

Action:
oxy.exe --app=chrome-extensioC:\cgeglcjaapbfihfpfmamaoipn


The file oxy.exe has been discovered within the following program.

Oxy version 1.0  by Escolade Solutions LTD
Distributed by FINEDREAM INVEST LTD, this is a bundled adware program.
www.product-placements.com
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to par10s12-in-f5.1e100.net  (173.194.40.197:80)

TCP (HTTP SSL):
Connects to channelproxy-shv-13-prn1.facebook.com  (69.171.235.16:443)

TCP (HTTP SSL):
Connects to www-4a.v.dropbox.com  (108.160.166.148:443)

TCP (HTTP):
Connects to wg-in-f95.1e100.net  (173.194.78.95:80)

TCP (HTTP):
Connects to wg-in-f141.1e100.net  (173.194.78.141:80)

TCP (HTTP SSL):
Connects to server-54-240-172-143.cdg50.r.cloudfront.net  (54.240.172.143:443)

TCP (HTTP SSL):
Connects to server-54-230-78-247.cdg50.r.cloudfront.net  (54.230.78.247:443)

TCP (HTTP):
Connects to sea09s01-in-f15.1e100.net  (173.194.33.15:80)

TCP (HTTP SSL):
Connects to par10s12-in-f8.1e100.net  (173.194.40.200:443)

TCP (HTTP):
Connects to par10s12-in-f30.1e100.net  (173.194.40.222:80)

TCP (HTTP):
Connects to par10s12-in-f26.1e100.net  (173.194.40.218:80)

TCP (HTTP):
Connects to par10s12-in-f2.1e100.net  (173.194.40.194:80)

TCP (HTTP SSL):
Connects to par10s12-in-f15.1e100.net  (173.194.40.207:443)

TCP (HTTP SSL):
Connects to par10s12-in-f10.1e100.net  (173.194.40.202:443)

TCP (HTTP SSL):
Connects to par10s12-in-f1.1e100.net  (173.194.40.193:443)

TCP (HTTP):
Connects to par10s12-in-f0.1e100.net  (173.194.40.192:80)

TCP (HTTP SSL):
Connects to par10s11-in-f12.1e100.net  (173.194.40.172:443)

TCP (HTTP):
Connects to par10s11-in-f1.1e100.net  (173.194.40.161:80)

TCP (HTTP SSL):
Connects to par10s10-in-f4.1e100.net  (173.194.40.132:443)

TCP (HTTP SSL):
Connects to par10s10-in-f11.1e100.net  (173.194.40.139:443)

Remove oxy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.