» osdownloader.exe
Overview
Analysis
File Details
Downloads (1)

osdownloader.exe

OSDownloader

OpenSubtitles.org

The executable osdownloader.exe, “OSDownloader Setup ” has been detected as malware by 11 anti-virus scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from static.opensubtitles.org.

File name:

osdownloader.exe

Publisher:

OpenSubtitles.org

Product:

OSDownloader

Description:

OSDownloader Setup

Version:

1.0

MD5:

269a71503465f90f9483513d78dec47f

SHA-1:

eaa8508591b3f4aef1459e433e77ac7d34d71f75

SHA-256:

eabecdf9700b059d6dfec2e8758c60a87ddffaae0b9c0695345c17e0716e8124

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/25/2024 12:19:26 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160215-2

AVG

Win32/Sality

2015.0.4530

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.7132.0

VIPRE Antivirus

Threat.4721115

47240

File size:

3.3 MB (3,498,068 bytes)

Product version:

1.0

OpenSubtitles.org

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\osdownloader.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:7MquISLxb+yj2gJm5J22cEPl903YKpKXA:bSbjFJm5EO63YKpKXA

Entry address:

0xA5F8

Entry point:

60, 11, C9, C7, C7, D5, 98, 83, 66, 33, D8, F3, B6, CC, 84, C7, 0F, AF, F5, 0F, BF, C2, 1A, FF, E8, 00, 00, 00, 00, C7, C6, BB, CB, 01, B4, B3, 63, C6, C7, 82, 8D, 3D, 19, FC, A6, 29, 3B, CA, 58, 87, FB, 8D, 3D, 25, 73, 8B, FA, 88, FD, C6, C5, 8E, 8D, 2D, D5, F4, 54, 95, C7, C3, 02, EE, 3F, 1E, 86, C9, 45, 38, DE, 69, D0, 99, 15, 5D, B8, 31, DD, F7, C1, 58, 89, 44, 66, F6, C5, 46, 08, CA, F7, C0, FF, BA, 8A, AE, 88, E7, B9, 09, A6, 00, 00, B2, 0A, 81, F1, D6, AD, 00, 00, 19, F2, 81, F1, A5, 05, 00, 00, 4D... 
[+]

Entropy:

7.9761 (probably packed)

Code size:

39.5 KB (40,448 bytes)

The file osdownloader.exe has been seen being distributed by the following URL.

http://static.opensubtitles.org/addons/.../OSDownloader.exe

Remove osdownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.