home

OSDownloader.exe

OSDownloader

OpenSubtitles.org

The application OSDownloader.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OSDownloader’. This file is typically installed with the program OSDownloader by OpenSubtitles.org. While running, it connects to the Internet address osdownloader.com on port 80 using the HTTP protocol.
Publisher:
OpenSubtitles.org

Product:
OSDownloader

Version:
1.3.0.0

MD5:
63e3e0763ee40260a3037e6298b99aef

SHA-1:
12af15ff20b6e0d737123372351049d819e96663

SHA-256:
7384a27d34e223d310013ccc04c129f2b7510e24ca619eacbc1135791fbe1f8e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 11:34:02 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenSubtitles (M)
16.10.1.14

File size:
5.3 MB (5,537,792 bytes)

Product version:
1.3.0.0

Copyright:
OpenSubtitles.org

Original file name:
OSDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\osdownloader\osdownloader.exe

File PE Metadata
Compilation timestamp:
9/30/2016 11:29:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:IwCVNh9MxMeywlKSfLASCvlQ8OjZfHM+H4tkIpEqtKT3TwVGuxal5VG4980WOzOv:ITbyhAS+lQ8OjC+YdbtFAll5Vf3E

Entry address:
0x41B31C

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 54, 98, 80, 00, E8, CB, 59, BF, FF, 8B, 1D, AC, D1, 82, 00, A1, FC, C8, 82, 00, 80, 38, 00, 0F, 85, 87, 00, 00, 00, 8B, 03, E8, 58, 92, D7, FF, 8B, 03, B2, 01, E8, 87, AF, D7, FF, B1, 01, BA, DC, B3, 81, 00, A1, 00, A9, 5D, 00, E8, 22, 81, DD, FF, 8B, 0D, 60, CA, 82, 00, 8B, 03, 8B, 15, 94, C5, 7E, 00, E8, 43, 92, D7, FF, 8B, 0D, A4, C6, 82, 00, 8B, 03, 8B, 15, DC, 1E, 78, 00, E8, 30, 92, D7, FF, 8B, 0D, 24, D4, 82, 00, 8B, 03, 8B, 15, 84, D6, 78, 00, E8, 1D, 92, D7, FF, 8B...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
4.1 MB (4,298,752 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSDownloader

Command:
"C:\Program Files\osdownloader\osdownloader.exe" autostart


The file OSDownloader.exe has been discovered within the following program.

OSDownloader  by OpenSubtitles.org
www.OpenSubtitles.org
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to osdownloader.com  (178.32.200.205:80)

TCP (HTTP SSL):
Connects to server-54-230-9-68.lhr3.r.cloudfront.net  (54.230.9.68:443)

TCP (HTTP):
Connects to ec2-54-255-173-132.ap-southeast-1.compute.amazonaws.com  (54.255.173.132:80)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP SSL):
Connects to yandex.com.tr  (87.250.255.11:443)

TCP (HTTP SSL):
Connects to msnbot-157-55-109-224.search.msn.com  (157.55.109.224:443)

TCP (HTTP):
Connects to ec2-54-215-245-197.us-west-1.compute.amazonaws.com  (54.215.245.197:80)

TCP (HTTP):
Connects to ec2-52-58-57-251.eu-central-1.compute.amazonaws.com  (52.58.57.251:80)

TCP (HTTP):
Connects to ec2-52-49-158-52.eu-west-1.compute.amazonaws.com  (52.49.158.52:80)

Remove OSDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.