oi_{fb8612f8-e598-4ea2-95e5-bdecf0df99db}.exe

The executable oi_{fb8612f8-e598-4ea2-95e5-bdecf0df99db}.exe has been detected as malware by 1 anti-virus scanner. Additionally, the file is typically installed by a number of programs including Universal Media Server by universalmediaserver.com and myBabylon_English Toolbar by Babylon Ltd. The file has been seen being downloaded from r1---sn-j5u-c33e7.googlevideo.com and multiple other hosts.
MD5:
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA-1:
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA-256:
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 2:13:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.5.10

File size:
13 Bytes

File type:
Executable application (Win16 EXE)

Common path:
C:\users\{user}\appdata\local\temp\oi_{fb8612f8-e598-4ea2-95e5-bdecf0df99db}.exe

File PE Metadata
Compilation timestamp:
7/26/2010 12:24:24 PM

OS bitness:
Win16

Entry point:
3C, 48, 54, 4D, 4C, 3E, 3C, 2F, 48, 54, 4D, 4C, 3E...
 
[+]

Entropy:
2.7774

The file oi_{fb8612f8-e598-4ea2-95e5-bdecf0df99db}.exe has been discovered within the following programs.

myBabylon English Toolbar  by Conduit Ltd.
myBabylon English Toolbar is a 'Community Toolbar' from Conduit, which integrates with major web browsers including Google Chrome, Firefox and Internet Explorer.
myBabylonEnglish.OurToolbar.com
78% remove it
myBabylon_English Toolbar  by Babylon Ltd
Installs a Conduit toolbar in your Web browser that collects and stores information about your web browsing and sends this information to Conduit so they can suggest services or provide ads via the toolbar.
71% remove it
Universal Media Server  by universalmediaserver.com
Publisher's description - “Universal Media Server is a DLNA-compliant UPnP Media Server. It is based on PS3 Media Server by shagrath. It is actually an evolution of the "SubJunk Build" of PMS. The program streams or transcodes many different media formats with little or no configuration.”
www.universalmediaserver.com
About 6% of users remove it
 
Powered by Should I Remove It?

The file oi_{fb8612f8-e598-4ea2-95e5-bdecf0df99db}.exe has been seen being distributed by the following 20 URLs.

http://r1---sn-j5u-c33e7.googlevideo.com/.../mp4&ratebypass=yes&dur=567.658&sver=3&itag=22&cnr=14&signature=319A335CB9C7A93249F1377BED9AECA5952EF010.3C8E86A1210FCC842E85E34F79B13FFF6015FACF&key=cms1&expire=1469198371&id=o-AJCp8_AUwSe6T3i8XwmIQtvi1kueWS8PHOTD6y8tiKEy&gcr=kz&lmt=1458193823393422&ip=159.192.250.57&title=??????????????? - ????????? ???????OFFICIAL MV?&cms_redirect=yes&mm=31&mn=sn-j5u-c33e7&ms=au&mt=1469178657&mv=m

http://download.gigabyte.asia/FileList/.../motherboard_bios_ga-p35-s3g_f5.exe

http://180.76.3.196/redirectoros/.../BaiduBrowser_MiniDownloader.exe

http://dropzone.twowar.com/BlackShotEurope.exe

http://ftp.us.dell.com/.../R228749.exe

http://mirror.library.ucy.ac.cy/videolan/vlc/2.2.3/.../vlc-2.2.3-win32.exe

http://r2---sn-j5u-c33r.googlevideo.com/.../mp4&sparams=dur,id,ip,ipbits,itag,lmt,mime,mm,mn,ms,mv,pl,ratebypass,source,upn,expire&mt=1473380959&id=o-AKzKf1w2Q9EmT0VbYKuWpYiaMw54j6sDB7KB3LRJ7dsw&sver=3&ratebypass=yes&mn=sn-j5u-c33r&lmt=1472438651384408&ip=202.173.214.23&mm=31&itag=22&pl=24&ipbits=0&dur=311.542&signature=ACACB07DEB018DFA2631CF0FF65C0F51772978EC.5A828E6A713B70B2B0D7898B59027B7C643896DB&title=Karaoke A Thousand Years, Pt. 2 - Christina Perri

http://dl.softgozar.com/Files/.../Microsoft_.NET_Framework_4.5_Softgozar.com.exe

http://208.74.77.235/.../iTelPCDialer.exe

http://86.111.144.181/share/.../share_78suhh.exe

http://185.10.107.153/redirectoros/.../Spark_MiniDownloader.exe