home

oshidfui.exe

OSHI Defender

AVEAS, s.r.o.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OSHI Defender’.
Publisher:
Aveas Limited  (signed by AVEAS, s.r.o.)

Product:
OSHI Defender

Version:
1.2.135

MD5:
301c77fd0bf2870034099722ce974c07

SHA-1:
5360aebc47fbb8858881f88ed0a0c83f5ee1ddf1

SHA-256:
e1b5e520a3591572cf8553f9e18b6f98d8be9f95e1e69d1b792d87afeb85d857

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:39:40 PM UTC  (today)

File size:
4.8 MB (5,082,608 bytes)

Product version:
1.2.135.f9b73d1f7120

Copyright:
Copyright (c) 2013 Aveas Limited. All rights reserved.

Original file name:
Defender.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\oshi\defender\oshidfui.exe

Digital Signature
Signed by:
AVEAS, s.r.o.

Authority:
DigiCert Inc

Valid from:
9/3/2013 8:00:00 PM

Valid to:
10/22/2014 8:00:00 AM

Subject:
CN="AVEAS, s.r.o.", O="AVEAS, s.r.o.", L=Decin, C=CZ

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01C9196556B1505D46B0E21D71D4E140

File PE Metadata
Compilation timestamp:
2/21/2014 1:20:28 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:gOK86j2mDf29Dq4CPjmDhzNUVjnagPPcZEAFAx0VoBUpmYhQTA5qSP99kEyBPyO7:be+9awzyxSeTcqmM05kjzrghMN9KzkJ

Entry address:
0x1DEA58

Entry point:
48, 83, EC, 28, E8, 23, 1A, 02, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 20, B8, 01, 00, 00, 00, BA, 19, FC, FF, FF, 48, 8B, D9, 87, 81, C0, 00, 00, 00, E8, 2A, C9, FF, FF, 33, D2, 48, 8B, CB, 48, 83, C4, 20, 5B, E9, C7, C9, FF, FF, CC, CC, CC, 48, 83, EC, 48, 48, 8B, C1, 48, 8B, 49, 10, 48, 85, C9, 74, 3B, 48, 8D, 15, 49, 01, 00, 00, 48, 39, 50, 18, 75, 1E, 83, 79, 20, 00, 7E, 12, E8, 00, AE, FF, FF, E8, 1B, 8F, 00, 00, 84, C0, 75, 04, 32, D2, EB, 02, B2, 01, 84, D2, EB, 09, B2...
 
[+]

Entropy:
6.7656

Code size:
2.3 MB (2,429,440 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSHI Defender

Command:
"C:\Program Files\oshi\defender\oshidfui.exe" \autorun


Scan oshidfui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.