oi_ie6setupoeexe.exe

Installer

OpenInstall, Inc.

The application oi_ie6setupoeexe.exe by OpenInstall has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
OpenInstall   (signed by OpenInstall, Inc.)

Product:
Installer

Version:
1,18,0,2771

MD5:
7f8c89ff2afced0807f3e83d60df688f

SHA-1:
eb7731f131ef40c8dbdff1ef8586213467d79239

SHA-256:
bf7edda9e64fadd3eb90bbd99f09d14d6415c5f71c3718d608cdc62af140689a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Includes Open Install, an installer which bundles legitimate programs with offers for additional 3rd-party applications that may be unwanted by the user.

Analysis date:
11/15/2024 11:22:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenInstall (M)
17.3.11.11

File size:
358.2 KB (366,808 bytes)

Product version:
1,18,0,2771

Copyright:
Copyright © 2012

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\oi_ie6setupoeexe.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
11/21/2011 1:00:00 AM

Valid to:
1/24/2013 1:00:00 PM

Subject:
CN="OpenInstall, Inc.", O="OpenInstall, Inc.", L=San Francisco, S=California, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07AE9941492080181D2477353500DE05

File PE Metadata
Compilation timestamp:
7/27/2012 2:32:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):

Remove oi_ie6setupoeexe.exe - Powered by Reason Core Security