otshotsetup.exe

BrowserOptimizer

KEYDOWNLOAD LTD

The application otshotsetup.exe by KEYDOWNLOAD has been detected as adware by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.otshot.net.
Publisher:
KeyDownload  (signed by KEYDOWNLOAD LTD)

Product:
BrowserOptimizer

Description:
setup

Version:
1, 0, 0, 1

MD5:
6630307df15becbf2358bee9e1712ac6

SHA-1:
a6753cc494c7f4b8219719525d3190d36dee4c7c

SHA-256:
46b70905cba65a84a7fd25a7d440f2f680982231167b7da9b7bb120af586f263

Scanner detections:
6 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/24/2024 8:20:21 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.11995513
7.11.185.228

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/KeyDownload.A potentially unwanted application
7.0.302.0

NANO AntiVirus
Riskware.Html.Babylon.cwhyhv
0.28.2.61861

Reason Heuristics
PUP.Installer.KEYDOWNLOAD.L
14.8.26.16

VIPRE Antivirus
Threat.4782000
32210

File size:
1.5 MB (1,543,040 bytes)

Product version:
1, 0, 0, 1

Copyright:
KeyDownload Copyright (C) 2013

Original file name:
setup.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\otshotsetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/22/2012 8:00:00 PM

Valid to:
10/23/2013 7:59:59 PM

Subject:
CN=KEYDOWNLOAD LTD, O=KEYDOWNLOAD LTD, L=Tel Aviv- Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
44DCCD0B7D3CB651EC98DC55DCEEBDA0

File PE Metadata
Compilation timestamp:
5/23/2013 7:35:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:MRWbUuCY1NKnY/ZatB5rOQ7G/57HaQOtcGqNProlofaY1dqYA5GwVE3pOFyS+oOY:MRWJNK6atTTGh76nJqNPrIgaY1YbE3pK

Entry address:
0x2BF080

Entry point:
60, BE, 00, B0, 54, 00, 8D, BE, 00, 60, EB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8794

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
1.5 MB (1,527,808 bytes)

The file otshotsetup.exe has been seen being distributed by the following URL.

Remove otshotsetup.exe - Powered by Reason Core Security