osdownloaderupdate.exe

OSDownloader

Opensubtitles.org

The application osdownloaderupdate.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OSDownloaderUpdate’. This file is typically installed with the program OSDownloader by OpenSubtitles.org. While running, it connects to the Internet address osdownloader.com on port 80 using the HTTP protocol.
Publisher:
Opensubtitles.org

Product:
OSDownloader

Version:
1.0.0.0

MD5:
5175485e4365ddf760a09f380a82f368

SHA-1:
3355a35085a1f29a4b0fcf20e8aee97ca42830df

SHA-256:
79ef22f8d5570841af59587dfc6251fd3eed157ffa2dc84b6115c933a1566256

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
8/15/2018 9:29:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OSDownloader (M)
16.8.18.23

File size:
3.5 MB (3,635,712 bytes)

Product version:
1.0.0.0

Copyright:
Opensubtitles.org

Trademarks:
Opensubtitles.org

Original file name:
OSDownloaderUpdate

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\osdownloader\osdownloaderupdate.exe

File PE Metadata
Compilation timestamp:
9/18/2015 5:59:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:vANHDNz9OYt5S7ysBlKitH0k+TKHY1qxQGj980W:vwhm/JlqZ

Entry address:
0x2AF2CC

Entry point:
55, 8B, EC, 83, C4, E8, 53, 56, 33, C0, 89, 45, EC, 89, 45, E8, B8, F0, 29, 6A, 00, E8, 56, F8, D5, FF, 8B, 35, 8C, B3, 6B, 00, 33, C0, 55, 68, 7E, F4, 6A, 00, 64, FF, 30, 64, 89, 20, 8B, 06, E8, 23, 8F, F2, FF, B1, 01, BA, 98, F4, 6A, 00, A1, 4C, CE, 56, 00, E8, CA, 65, ED, FF, 8B, 06, BA, D4, F4, 6A, 00, E8, 36, 89, F2, FF, 8B, 0D, B0, B3, 6B, 00, 8B, 06, 8B, 15, C0, D6, 65, 00, E8, 0B, 8F, F2, FF, 8D, 55, E8, B8, 01, 00, 00, 00, E8, BE, 7A, D5, FF, 8B, 45, E8, 8D, 55, EC, E8, 0F, 3B, D7, FF, 8B, 45, EC...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.7 MB (2,808,320 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSDownloaderUpdate

Command:
"C:\Program Files\osdownloader\osdownloaderupdate.exe" "sleep"


The file osdownloaderupdate.exe has been discovered within the following programs.

OSDownloader  by OpenSubtitles.org
www.OpenSubtitles.org
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to osdownloader.com  (178.32.200.205:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.82.75:80)

TCP (HTTP):
Connects to ec2-52-26-111-199.us-west-2.compute.amazonaws.com  (52.26.111.199:80)

TCP (HTTP SSL):
Connects to ec2-52-1-139-99.compute-1.amazonaws.com  (52.1.139.99:443)

TCP (HTTP SSL):
Connects to 94.31.29.54.IPYX-077437-ZYO.above.net  (94.31.29.54:443)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

Remove osdownloaderupdate.exe - Powered by Reason Core Security