osdownloaderupdate.exe

OSDownloader

Opensubtitles.org

The application osdownloaderupdate.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OSDownloaderUpdate’. While running, it connects to the Internet address osdownloader.com on port 80 using the HTTP protocol.
Publisher:
Opensubtitles.org

Product:
OSDownloader

Version:
1.0.0.0

MD5:
bac4bd573a7a73cfc277834a2e742d09

SHA-1:
159cb16163276bbb1a32f0373610aa794e61c354

SHA-256:
2995f3ece8b5cb01db7d30871f19af5bb14fc862c0db4305c3a3d7d7de2d5442

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
8/16/2018 7:41:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Opensubtitles (M)
17.3.9.11

File size:
3.5 MB (3,663,360 bytes)

Product version:
1.0.0.0

Copyright:
Opensubtitles.org

Trademarks:
Opensubtitles.org

Original file name:
OSDownloaderUpdate

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\osdownloader\osdownloaderupdate.exe

File PE Metadata
Compilation timestamp:
12/3/2006 6:14:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x41F5D5

Entry point:
83, 3C, 24, FE, 89, ED, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 65, FF, FF, FF, 80, C5, 5C, 4B, 66, 4B, 8D, 84, D3, 05, 54, 76, 2F, 87, FA, 75, F3, 21, D8, B2, 94, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 73, E2, 87, FE, B6, 9D, 81, D9, E6, 13, 00, 00, 87, FE, B2, E9, B4, 21, 71, D0, 09, CA, 20, E8, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 8D, 07, 75, B7, 90, B1, DE, 90, 68, 30, 92, 4F, 3C, 01, DE, E8, 29, FF, FF, FF, 89, 74, 24, 44, E8, AE, FD, FF, FF, 89, 44, 24, 34, 8D, B4...
 
[+]

Entropy:
6.6220

Code size:
2.7 MB (2,808,320 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSDownloaderUpdate

Command:
"C:\Program Files\osdownloader\osdownloaderupdate.exe" "sleep"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to osdownloader.com  (178.32.200.205:80)

Remove osdownloaderupdate.exe - Powered by Reason Core Security