home

otshotinstaller7.exe

Otshot

KEYDOWNLOAD LTD

The application otshotinstaller7.exe by KEYDOWNLOAD has been detected as adware by 6 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.airdlr9.com and multiple other hosts.
Publisher:
KEYDOWNLOAD LTD  (signed and verified)

Product:
Otshot

Version:
1, 0, 0, 1

MD5:
cdf9077311b6b364395baa22ad48c7d3

SHA-1:
fd28f4625e873e6689c746432b3c067c4f8ec045

SHA-256:
ef569828e4b9bf03c211bcc08213383193dfc423715518f0df0d278696af41d3

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/23/2024 8:12:50 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod256.Trojan
1.3.0.4613

Boost by Reason
Adware.KEYDOWNLOAD.Q
2013.8.14.2

Dr.Web
Adware.Downware.1244
9.0.1.0226

Malwarebytes
PUP.Optional.Otshot.A
v2013.11.26.11

Reason Heuristics
PUP.KEYDOWNLOAD.Q
14.8.7.19

VIPRE Antivirus
Adware.KeyDownload
24834

File size:
1.9 MB (2,002,264 bytes)

Product version:
1, 0, 0, 1

Copyright:
KeyDownload Copyright (C) 2013

Original file name:
Otshot.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\otshotinstaller7.exe

Digital Signature
Signed by:
KEYDOWNLOAD LTD

Authority:
Thawte, Inc.

Valid from:
10/22/2012 5:00:00 PM

Valid to:
10/23/2013 4:59:59 PM

Subject:
CN=KEYDOWNLOAD LTD, O=KEYDOWNLOAD LTD, L=Tel Aviv- Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
44DCCD0B7D3CB651EC98DC55DCEEBDA0

File PE Metadata
Compilation timestamp:
2/22/2013 7:13:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:5ip3zwHwRWZfcEm00XqlPTdbWGQhd8RCMCAmyqV/bkJrv8ALTEJhCE:5kzWZfcEMqlPTdbWGQhd8t5A5IrzLTEb

Entry address:
0x12478C

Entry point:
E8, 7E, CA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 18, 01, 00, 00, A1, E0, 4B, 5A, 00, 33, C5, 89, 45, FC, 8B, 45, 08, 83, A5, E8, FE, FF, FF, 00, 83, 8D, EC, FE, FF, FF, FF, 56, 8D, B5, F4, FE, FF, FF, 85, C0, 75, 20, E8, 05, 0C, 00, 00, 83, 20, 00, E8, EA, 0B, 00, 00, C7, 00, 16, 00, 00, 00, E8, E8, 50, 00, 00, 83, C8, FF, E9, CB, 00, 00, 00, 53, 57, 50, FF, 15, 24, F3, 54, 00, 85, C0, 0F, 84, 95, 00, 00, 00, 8D, 85, F4, FE, FF, FF, 50, 68, 05, 01, 00, 00, FF, 15, 64, F3, 54, 00, 8B, F8...
 
[+]

Entropy:
6.4106

Code size:
1.3 MB (1,367,552 bytes)

The file otshotinstaller7.exe has been seen being distributed by the following 9 URLs.

http://cdn.airdlr9.com/downloads/offers/.../OtshotInstaller7.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../OtshotInstaller7_Otshot_5293.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../OtShotInstaller7.exe

http://d1uc4fr8hoy8ts.cloudfront.net/bundles/.../OtshotInstaller7.exe

http://i1.stylezip.info/.../OtshotInstaller7.exe

http://d3emsmln8xfj03.cloudfront.net/bundles/.../OtshotInstaller7.exe

http://i1.stylefun.info/.../OtshotInstaller7.exe

http://d1t653m828c3x8.cloudfront.net/bundles/.../OtShotInstaller7.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../OtshotInstaller7.exe

Remove otshotinstaller7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.