oshidfui.exe

OSHI Defender

AVEAS, s.r.o.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OSHI Defender’.
Publisher:
Aveas Limited  (signed by AVEAS, s.r.o.)

Product:
OSHI Defender

Version:
1.2.135

MD5:
301c77fd0bf2870034099722ce974c07

SHA-1:
5360aebc47fbb8858881f88ed0a0c83f5ee1ddf1

SHA-256:
e1b5e520a3591572cf8553f9e18b6f98d8be9f95e1e69d1b792d87afeb85d857

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 3:54:28 AM UTC  (today)

File size:
4.8 MB (5,082,608 bytes)

Product version:
1.2.135.f9b73d1f7120

Copyright:
Copyright (c) 2013 Aveas Limited. All rights reserved.

Original file name:
Defender.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\oshi\defender\oshidfui.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
9/3/2013 8:00:00 PM

Valid to:
10/22/2014 8:00:00 AM

Subject:
CN="AVEAS, s.r.o.", O="AVEAS, s.r.o.", L=Decin, C=CZ

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
01C9196556B1505D46B0E21D71D4E140

File PE Metadata
Compilation timestamp:
2/21/2014 1:20:28 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:gOK86j2mDf29Dq4CPjmDhzNUVjnagPPcZEAFAx0VoBUpmYhQTA5qSP99kEyBPyO7:be+9awzyxSeTcqmM05kjzrghMN9KzkJ

Entry address:
0x1DEA58

Entry point:
48, 83, EC, 28, E8, 23, 1A, 02, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 20, B8, 01, 00, 00, 00, BA, 19, FC, FF, FF, 48, 8B, D9, 87, 81, C0, 00, 00, 00, E8, 2A, C9, FF, FF, 33, D2, 48, 8B, CB, 48, 83, C4, 20, 5B, E9, C7, C9, FF, FF, CC, CC, CC, 48, 83, EC, 48, 48, 8B, C1, 48, 8B, 49, 10, 48, 85, C9, 74, 3B, 48, 8D, 15, 49, 01, 00, 00, 48, 39, 50, 18, 75, 1E, 83, 79, 20, 00, 7E, 12, E8, 00, AE, FF, FF, E8, 1B, 8F, 00, 00, 84, C0, 75, 04, 32, D2, EB, 02, B2, 01, 84, D2, EB, 09, B2...
 
[+]

Entropy:
6.7656

Code size:
2.3 MB (2,429,440 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSHI Defender

Command:
"C:\Program Files\oshi\defender\oshidfui.exe" \autorun


Scan oshidfui.exe - Powered by Reason Core Security