OSDownloader.exe

OSDownloader

OpenSubtitles.org

The application OSDownloader.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OSDownloader’. This file is typically installed with the program OSDownloader by OpenSubtitles.org. While running, it connects to the Internet address osdownloader.com on port 80 using the HTTP protocol.
Publisher:
OpenSubtitles.org

Product:
OSDownloader

Version:
1.1.0.0

MD5:
479e5231f4bc05a2121be883f4c40276

SHA-1:
0b14aaaca6914d5a9a4c0f44596f8ead85684662

SHA-256:
f04592371c3407cf78abbdb85c6759917879267d11a6d5510d96676026149b6f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 5:27:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OSDownloader (M)
16.8.18.23

File size:
4.9 MB (5,118,464 bytes)

Product version:
1.1.0.0

Copyright:
OpenSubtitles.org

Original file name:
OSDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\osdownloader\osdownloader.exe

File PE Metadata
Compilation timestamp:
4/20/2016 4:11:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:PgnDugBunXpneZgSdjcdNnplLIIe0UwHhcMuzORxOTURTG/iXb2NM980WJzqqwZB:IDcZn6MNplPe0UU42xVEUbar6

Entry address:
0x3D8854

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 7C, 80, 7C, 00, E8, CB, 66, C3, FF, 8B, 1D, F4, 98, 7E, 00, A1, 8C, 91, 7E, 00, 80, 38, 00, 0F, 85, 87, 00, 00, 00, 8B, 03, E8, F8, 65, DB, FF, 8B, 03, B2, 01, E8, 37, 83, DB, FF, B1, 01, BA, 14, 89, 7D, 00, A1, 08, 4D, 5D, 00, E8, BE, 4F, E1, FF, 8B, 0D, A8, 92, 7E, 00, 8B, 03, 8B, 15, CC, AB, 7A, 00, E8, E3, 65, DB, FF, 8B, 0D, 98, 8F, 7E, 00, 8B, 03, 8B, 15, C0, E2, 74, 00, E8, D0, 65, DB, FF, 8B, 0D, F8, 9A, 7E, 00, 8B, 03, 8B, 15, 98, 94, 75, 00, E8, BD, 65, DB, FF, 8B...
 
[+]

Entropy:
6.7059

Developed / compiled with:
Microsoft Visual C++

Code size:
3.8 MB (4,026,368 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSDownloader

Command:
"C:\Program Files\osdownloader\osdownloader.exe" autostart


The file OSDownloader.exe has been discovered within the following program.

OSDownloader  by OpenSubtitles.org
www.OpenSubtitles.org
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to osdownloader.com  (178.32.200.205:80)

TCP (HTTP):
Connects to multimedia-redir.interia.pl  (217.74.65.145:80)

Remove OSDownloader.exe - Powered by Reason Core Security