» oxyinst.exe
Overview
Analysis
File Details

oxyinst.exe

PileFile downloader

LADY'S WOOD 2013 LIMITED

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application oxyinst.exe by LADY'S WOOD 2013 LIMITED has been detected as adware by 26 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

oxyinst.exe

Publisher:

LADY'S WOOD 2013 LIMITED (signed and verified)

Product:

PileFile downloader

Version:

1,0,1,2270

MD5:

d09c014daa8d2c00513bf1ce84e9efcd

SHA-1:

343b3fedd40c17107605961af8186c0906529507

SHA-256:

ffeb8280db1bdde6b044408eb319c299315044047ed7d1355353b7463d6224fe

Scanner detections:

26 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup. Distributed through the Brightcircle investments brand.

Analysis date:

4/25/2024 9:24:38 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.132989

389

Agnitum Outpost

PUA.Bundle

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.167.130

avast!

Win32:PUP-gen [PUP]

2014.9-160111

AVG

Trojan horse Downloader.Generic13

2017.0.2867

Bitdefender

Gen:Variant.Adware.Kazy.132989

1.0.20.55

Clam AntiVirus

Win.Adware.Agent-6883

0.98/19284

Comodo Security

TrojWare.Win32.Agent.KGOP

20999

Dr.Web

Adware.Downware.1659

9.0.1.011

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.132989

8.16.01.11.05

ESET NOD32

Win32/BundleInstaller.D potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

W32/Agent.PFR!tr

1/11/2016

F-Prot

W32/A-e2f942af

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy.132989

11.2016-11-01_2

G Data

Gen:Variant.Adware.Kazy.132989

16.1.24

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.193.14895

McAfee

Program.PileFile

5600.6523

Microsoft Security Essentials

Threat.Undefined

1.179.2954.0

MicroWorld eScan

Gen:Variant.Adware.Kazy.132989

17.0.0.33

Norman

Gen:Variant.Adware.Kazy.132989

11.20160111

Panda Antivirus

Trj/Genetic.gen

16.01.11.05

Quick Heal

SoftwareBundler.OxyPumper.B5

1.16.14.00

Reason Heuristics

PUP.Brightcircle.LADYSWOOD2013 (M)

16.1.11.17

Rising Antivirus

PE:PUF.FilePile!1.9E19

23.00.65.16109

VIPRE Antivirus

Threat.4847483

32210

File size:

4.9 MB (5,175,736 bytes)

Product version:

1,0,1,2270

Original file name:

Oxy.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\oxyinst.exe

Digital Signature

Signed by:

LADY'S WOOD 2013 LIMITED

Authority:

COMODO CA Limited

Valid from:

1/27/2014 7:00:00 PM

Valid to:

1/28/2015 6:59:59 PM

Subject:

CN=LADY'S WOOD 2013 LIMITED, O=LADY'S WOOD 2013 LIMITED, STREET=COMMUNICATIONS HOUSE, STREET=DEAN ROAD YATE, L=BRISTOL, S=SOUTH GLOUCESTERSHIRE, PostalCode=BS37 5NR, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F93831D83C5CE9CF3BB3658BA83359DB

File PE Metadata

Compilation timestamp:

2/26/2014 9:44:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:Wo7br9KwmsGGrHc8Dg+gld9tn7W7g+wMbgKp:WopesnNUd9wM+wMMKp

Entry address:

0xAA340

Entry point:

E8, 2A, 71, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, DC, 06, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, C4, 54, 4E, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 66, 71, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, D0, A4, 4A, 00... 
[+]

Entropy:

6.8663

Code size:

762 KB (780,288 bytes)

Remove oxyinst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.