home

otshotphotozoom.vtsafe.exe

BrowserOptimizer

KEYDOWNLOAD LTD

The application otshotphotozoom.vtsafe.exe by KEYDOWNLOAD has been detected as adware by 21 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from c5e1492b1a25a9f31b05-5d2b8e6ef6f36775cd67752271e3b0a3.r35.cf2.rackcdn.com.
Publisher:
KeyDownload  (signed by KEYDOWNLOAD LTD)

Product:
BrowserOptimizer

Description:
setup

Version:
1, 0, 0, 1

MD5:
1ec73a7526f6505fb2881127c614972a

SHA-1:
89ed1de771e6fbcbd307918a3468c1c6bc343086

SHA-256:
49a75a4f719525596188e496ef3ee807ac596c25b6ad38460a779b649b3d8933

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/18/2024 5:53:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.151872
712

Agnitum Outpost
PUA.Downloader
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-150223

AVG
Adware Skodna.Bundle_r.L
2016.0.3190

Bitdefender
Adware.Generic.1008728
1.0.20.270

Dr.Web
Adware.Downware.560
9.0.1.0107

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.151872
8.15.02.23.01

ESET NOD32
Win32/KeyDownload.A potentially unwanted application
9.7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor.151872
11.2015-23-02_2

G Data
Adware.Generic.1008728
15.2.24

IKARUS anti.virus
not-a-virus:Downloader.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.191.14703

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2445

Malwarebytes
PUP.Optional.KeyDownload.A
v2015.02.23.01

MicroWorld eScan
Adware.Generic.1008728
16.0.0.162

NANO AntiVirus
Riskware.Html.Babylon.cwhyhv
0.28.0.60577

Norman
Gen:Variant.Adware.Graftor.151872
11.20150223

Panda Antivirus
Trj/Genetic.gen
15.02.23.01

Reason Heuristics
PUP.Installer.KEYDOWNLOAD.V
14.8.7.19

VIPRE Antivirus
Adware.KeyDownload
22594

Zillya! Antivirus
Downloader.Agent.Win32.207182
2.0.0.2041

File size:
1.4 MB (1,442,136 bytes)

Product version:
1, 0, 0, 1

Copyright:
KeyDownload Copyright (C) 2013

Original file name:
setup.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\otshotphotozoom.vtsafe.exe

Digital Signature
Signed by:
KEYDOWNLOAD LTD

Authority:
Thawte, Inc.

Valid from:
10/13/2013 3:00:00 AM

Valid to:
10/24/2014 2:59:59 AM

Subject:
CN=KEYDOWNLOAD LTD, O=KEYDOWNLOAD LTD, L=Tel Aviv- Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
301A0B08CC22C86BC31C6BBC010D3E91

File PE Metadata
Compilation timestamp:
10/20/2013 4:46:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:cbC2uX37phBMPXp8pvNFJob21lSH4rkwXPqUWO9QhcVLSoe7CeteVKK55P2NMQ52:cbC2i37pzMPYx1QskwZWyAchBKJa

Entry address:
0x2D0E50

Entry point:
60, BE, 00, 50, 60, 00, 8D, BE, 00, C0, DF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8911

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
820 KB (839,680 bytes)

The file otshotphotozoom.vtsafe.exe has been seen being distributed by the following URL.

http://c5e1492b1a25a9f31b05-5d2b8e6ef6f36775cd67752271e3b0a3.r35.cf2.rackcdn.com/OtShotPhotoZoom.exe

Remove otshotphotozoom.vtsafe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.