» oxyinst.exe
Overview
Analysis
File Details
Behaviors (1)

oxyinst.exe

Escolade Solutions LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application oxyinst.exe by Escolade Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Oxy Installer by Escolade Solutions LTD. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

oxyinst.exe

Publisher:

Escolade Solutions LTD. (signed and verified)

Description:

Oxy

Version:

1.0.0.2

MD5:

4c835842ee890a7207333b4f4211a326

SHA-1:

c1e08db3fa715faa55893a5f59f4249d068e443e

SHA-256:

353d2058d7072103ae749ec51e62c3dcacefa4656981cf489f42d915e303a5e4

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 5:08:16 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Brightcircle.EscoladeSolutions (M)

16.2.1.6

File size:

4.6 MB (4,775,880 bytes)

Product version:

0.0.0.0

Original file name:

xyz7IuSSq.lnk_p

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\oxy\oxyinst.exe

Digital Signature

Signed by:

Escolade Solutions LTD.

Authority:

COMODO CA Limited

Valid from:

9/24/2012 8:00:00 PM

Valid to:

9/25/2013 7:59:59 PM

Subject:

CN=Escolade Solutions LTD., O=Escolade Solutions LTD., STREET=Akademica Vernadskogo blvd. 36-507, L=Kiev, S=Kiev, PostalCode=03451, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0FB283CB6EEA8D0204BFA51C4BCE925C

File PE Metadata

Compilation timestamp:

9/2/2013 7:41:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:sTBX6GhyJwl7ryk12VTPUxeW5LgvEzl1pWyBUSATfKR:sgSaw8TVgMiLgvEzleyBUbKR

Entry address:

0x435B0

Entry point:

E8, C4, 9D, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Entropy:

6.3251

Code size:

402.5 KB (412,160 bytes)

Program Uninstaller

Program name:

Oxy Installer

Display publisher:

Escolade Solutions LTD

Uninstall string:

"C:\users\{user}\appdata\roaming\oxy\oxyinst.exe" --uninstall

Remove oxyinst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.