home

oxyinst.exe

PileFile downloader

LADY'S WOOD 2013 LIMITED

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application oxyinst.exe by LADY'S WOOD 2013 LIMITED has been detected as adware by 26 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
LADY'S WOOD 2013 LIMITED  (signed and verified)

Product:
PileFile downloader

Version:
1,0,1,1913

MD5:
92310b42ee97e86dceec8426287affff

SHA-1:
6aa5c4f7cf4f2b191cbb5c6195891013fd3848ba

SHA-256:
758080f41bb5ae40415058b8fd4d8aadfe199e7cd7a6578038bce253846186d2

Scanner detections:
26 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup. Distributed through the Brightcircle investments brand.

Analysis date:
4/20/2024 1:10:09 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.132989
355

Agnitum Outpost
PUA.Bundle
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.167.130

avast!
Win32:PUP-gen [PUP]
2014.9-160215

AVG
Trojan horse Downloader.Generic13
2017.0.2833

Bitdefender
Gen:Variant.Adware.Kazy.132989
1.0.20.230

Clam AntiVirus
Win.Adware.Agent-6883
0.98/19284

Comodo Security
TrojWare.Win32.Agent.KGOP
20999

Dr.Web
Adware.Downware.1659
9.0.1.046

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.132989
8.16.02.15.03

ESET NOD32
Win32/BundleInstaller.D potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
W32/Agent.PFR!tr
2/15/2016

F-Prot
W32/A-e2f942af
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy.132989
11.2016-15-02_2

G Data
Gen:Variant.Adware.Kazy.132989
16.2.24

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.193.14895

McAfee
Program.PileFile
5600.6489

Microsoft Security Essentials
Threat.Undefined
1.179.2954.0

MicroWorld eScan
Gen:Variant.Adware.Kazy.132989
17.0.0.138

Norman
Gen:Variant.Adware.Kazy.132989
11.20160215

Panda Antivirus
Trj/Genetic.gen
16.02.15.03

Quick Heal
SoftwareBundler.OxyPumper.B5
2.16.14.00

Reason Heuristics
PUP.Brightcircle.LADYSWOOD2013 (M)
16.2.15.3

Rising Antivirus
PE:PUF.FilePile!1.9E19
23.00.65.16213

VIPRE Antivirus
Threat.4847483
32210

File size:
4.9 MB (5,172,152 bytes)

Product version:
1,0,1,1913

Copyright:
Copyright 2013

Original file name:
Oxy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\oxyinst.exe

Digital Signature
Signed by:
LADY'S WOOD 2013 LIMITED

Authority:
COMODO CA Limited

Valid from:
1/28/2014 12:00:00 AM

Valid to:
1/28/2015 11:59:59 PM

Subject:
CN=LADY'S WOOD 2013 LIMITED, O=LADY'S WOOD 2013 LIMITED, STREET=COMMUNICATIONS HOUSE, STREET=DEAN ROAD YATE, L=BRISTOL, S=SOUTH GLOUCESTERSHIRE, PostalCode=BS37 5NR, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F93831D83C5CE9CF3BB3658BA83359DB

File PE Metadata
Compilation timestamp:
2/1/2014 11:20:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:nMeHlWOI9smmEgjUllwQKwdgiVPy5lcOmrd3McihWCeboshKOxSlgHrFKzj:nxMLZmk9KwdgikcO43McOWCe0QdxKv

Entry address:
0xA99B6

Entry point:
E8, 54, 71, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, D6, 06, 00, 00, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 34, 4E, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 96, 71, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 9B, 4A, 00, 8B, C7, BA, 03, 00, 00...
 
[+]

Entropy:
5.3028

Code size:
759.5 KB (777,728 bytes)

Remove oxyinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.