home

OSDownloader.exe

OSDownloader

OpenSubtitles.org

The application OSDownloader.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘OSDownloader’. This file is typically installed with the program OSDownloader by OpenSubtitles.org. While running, it connects to the Internet address osdownloader.com on port 80 using the HTTP protocol.
Publisher:
OpenSubtitles.org

Product:
OSDownloader

Version:
1.0.0.0

MD5:
093996552881684af078ec4e014fc467

SHA-1:
7499539a04d60befc4c61e6389aa88529ea758db

SHA-256:
256f16ebf862ba18992cb904e08ca774797830a6846aa115dda4641a464a4d39

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 11:40:51 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OSDownloader (M)
16.8.18.23

File size:
4.8 MB (5,040,128 bytes)

Product version:
1.0.0.0

Copyright:
OpenSubtitles.org

Original file name:
OSDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\osdownloader\osdownloader.exe

File PE Metadata
Compilation timestamp:
10/3/2015 1:16:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:WAdksEh89vQOse9eSbKFbRaAIsDUH4JjwXUsCnTETupZWj4FlS980W6zKqwZN3:X4hxAKBRaAIsDjjwEsIpZWUEL6

Entry address:
0x3C645C

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 34, 88, 7B, 00, E8, 33, 8A, C4, FF, 8B, 1D, 08, 7C, 7D, 00, A1, 9C, 74, 7D, 00, 80, 38, 00, 0F, 85, 87, 00, 00, 00, 8B, 03, E8, 40, A9, DC, FF, 8B, 03, B2, 01, E8, 7F, C6, DC, FF, B1, 01, BA, 1C, 65, 7C, 00, A1, 40, 64, 5D, 00, E8, 3E, 8A, E2, FF, 8B, 0D, BC, 75, 7D, 00, 8B, 03, 8B, 15, 28, B3, 79, 00, E8, 2B, A9, DC, FF, 8B, 0D, A8, 72, 7D, 00, 8B, 03, 8B, 15, B8, 07, 74, 00, E8, 18, A9, DC, FF, 8B, 0D, 10, 7E, 7D, 00, 8B, 03, 8B, 15, 64, 9D, 74, 00, E8, 05, A9, DC, FF, 8B...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.8 MB (3,954,176 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OSDownloader

Command:
"C:\Program Files\osdownloader\osdownloader.exe" autostart


The file OSDownloader.exe has been discovered within the following program.

OSDownloader  by OpenSubtitles.org
www.OpenSubtitles.org
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to osdownloader.com  (178.32.200.205:80)

Remove OSDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.