home

oxyinst.exe

PileFile downloader

LADY'S WOOD 2013 LIMITED

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application oxyinst.exe by LADY'S WOOD 2013 LIMITED has been detected as adware by 26 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
LADY'S WOOD 2013 LIMITED  (signed and verified)

Product:
PileFile downloader

Version:
1,0,1,2104

MD5:
c3e48b5052d3780ed6f9370c6f3d284e

SHA-1:
013cf05702ce9a6453e21e384915b1b4d25e6556

SHA-256:
2edb183f5598c295f4e9527b8b89572e50fadb9c82bcb4cb7de5f23d7491069a

Scanner detections:
26 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup. Distributed through the Brightcircle investments brand.

Analysis date:
4/27/2024 3:01:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.132989
366

Agnitum Outpost
PUA.Bundle
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.167.130

avast!
Win32:PUP-gen [PUP]
2014.9-160203

AVG
Trojan horse Downloader.Generic13
2017.0.2844

Bitdefender
Gen:Variant.Adware.Kazy.132989
1.0.20.170

Clam AntiVirus
Win.Adware.Agent-6883
0.98/19284

Comodo Security
TrojWare.Win32.Agent.KGOP
20999

Dr.Web
Adware.Downware.1659
9.0.1.034

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.132989
8.16.02.03.06

ESET NOD32
Win32/BundleInstaller.D potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
W32/Agent.PFR!tr
2/3/2016

F-Prot
W32/A-e2f942af
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy.132989
11.2016-03-02_4

G Data
Gen:Variant.Adware.Kazy.132989
16.2.24

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.193.14895

McAfee
Program.PileFile
5600.6500

Microsoft Security Essentials
Threat.Undefined
1.179.2954.0

MicroWorld eScan
Gen:Variant.Adware.Kazy.132989
17.0.0.102

Norman
Gen:Variant.Adware.Kazy.132989
11.20160203

Panda Antivirus
Trj/Genetic.gen
16.02.03.06

Quick Heal
SoftwareBundler.OxyPumper.B5
2.16.14.00

Reason Heuristics
PUP.Brightcircle.LADYSWOOD2013 (M)
16.2.3.18

Rising Antivirus
PE:PUF.FilePile!1.9E19
23.00.65.16201

VIPRE Antivirus
Threat.4847483
32210

File size:
4.9 MB (5,173,688 bytes)

Product version:
1,0,1,2104

Copyright:
Copyright 2013

Original file name:
Oxy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\oxyinst.exe

Digital Signature
Signed by:
LADY'S WOOD 2013 LIMITED

Authority:
COMODO CA Limited

Valid from:
1/28/2014 7:00:00 AM

Valid to:
1/29/2015 6:59:59 AM

Subject:
CN=LADY'S WOOD 2013 LIMITED, O=LADY'S WOOD 2013 LIMITED, STREET=COMMUNICATIONS HOUSE, STREET=DEAN ROAD YATE, L=BRISTOL, S=SOUTH GLOUCESTERSHIRE, PostalCode=BS37 5NR, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F93831D83C5CE9CF3BB3658BA83359DB

File PE Metadata
Compilation timestamp:
2/12/2014 3:03:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:whX4wBfIm1AtVgllwQKwzqeVfhU2t1Y4DdhDBEoYSeF197Bxrf2HtRy3f37e6KPq:4XFIJI9KwmsGGAeeFr1xruN8v3C6XvKm

Entry address:
0xA9E1A

Entry point:
E8, 20, 71, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, D2, 06, 00, 00, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A4, 54, 4E, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 66, 71, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, A0, 9F, 4A, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04...
 
[+]

Entropy:
5.7611

Code size:
760.5 KB (778,752 bytes)

Remove oxyinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.