osdownloader.exe

OSDownloader

OpenSubtitles.org

The executable osdownloader.exe, “OSDownloader Setup ” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from static.opensubtitles.org.
Publisher:
OpenSubtitles.org

Product:
OSDownloader

Description:
OSDownloader Setup

Version:
1.0

MD5:
269a71503465f90f9483513d78dec47f

SHA-1:
eaa8508591b3f4aef1459e433e77ac7d34d71f75

SHA-256:
eabecdf9700b059d6dfec2e8758c60a87ddffaae0b9c0695345c17e0716e8124

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/28/2024 12:10:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kukacka
160215-2

AVG
Win32/Sality
2015.0.4530

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7132.0

VIPRE Antivirus
Threat.4721115
47240

File size:
3.3 MB (3,498,068 bytes)

Product version:
1.0

Copyright:
OpenSubtitles.org

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\osdownloader.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:7MquISLxb+yj2gJm5J22cEPl903YKpKXA:bSbjFJm5EO63YKpKXA

Entry address:
0xA5F8

Entry point:
60, 11, C9, C7, C7, D5, 98, 83, 66, 33, D8, F3, B6, CC, 84, C7, 0F, AF, F5, 0F, BF, C2, 1A, FF, E8, 00, 00, 00, 00, C7, C6, BB, CB, 01, B4, B3, 63, C6, C7, 82, 8D, 3D, 19, FC, A6, 29, 3B, CA, 58, 87, FB, 8D, 3D, 25, 73, 8B, FA, 88, FD, C6, C5, 8E, 8D, 2D, D5, F4, 54, 95, C7, C3, 02, EE, 3F, 1E, 86, C9, 45, 38, DE, 69, D0, 99, 15, 5D, B8, 31, DD, F7, C1, 58, 89, 44, 66, F6, C5, 46, 08, CA, F7, C0, FF, BA, 8A, AE, 88, E7, B9, 09, A6, 00, 00, B2, 0A, 81, F1, D6, AD, 00, 00, 19, F2, 81, F1, A5, 05, 00, 00, 4D...
 
[+]

Entropy:
7.9761  (probably packed)

Code size:
39.5 KB (40,448 bytes)

The file osdownloader.exe has been seen being distributed by the following URL.

Remove osdownloader.exe - Powered by Reason Core Security