update1410tk.exe

RouletteBotPlus Update

O.T.S.D WEB SERVICES LTD

The application update1410tk.exe by O.T.S.D WEB SERVICES has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from updates.roulettebotplus.com.
Publisher:
O.T.S.D WEB SERVICES LTD  (signed and verified)

Product:
RouletteBotPlus Update

Version:
1.0.19

MD5:
2bf39459346d86ff84e19cf6bfe8ea48

SHA-1:
dcd6dd43b0c149e54773f55f9d4004bdab26fe47

SHA-256:
20050c7c3148efb443879df5bdd08ddb7b321331aea0fdabcb0edfbfc4ed2ae4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 5:43:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OTSDWEBSERVICES.M
14.8.7.22

File size:
2.1 MB (2,185,344 bytes)

Product version:
1.0.19

Copyright:
Copyright © 2010-2013 O.T.S.D WEB SERVICES LTD

Original file name:
RBPUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\update1410tk.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/19/2012 6:00:00 PM

Valid to:
8/14/2014 5:59:59 PM

Subject:
CN=O.T.S.D WEB SERVICES LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=O.T.S.D WEB SERVICES LTD, L=Tel aviv -Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
162EEF0F1749CA2D8EFA6D3006F8847A

File PE Metadata
Compilation timestamp:
12/30/2012 1:49:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:gpzPfgUVZnq+BqEvuGPpSy9ge3gYxIzNVmB:gxPDjzuGP2e3gYqy

Entry address:
0x12DCF

Entry point:
55, 8B, EC, 6A, FF, 68, 50, 5E, 41, 00, 68, 60, 2F, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, DC, 41, 41, 00, 59, 83, 0D, 84, A9, 41, 00, FF, 83, 0D, 88, A9, 41, 00, FF, FF, 15, E0, 41, 41, 00, 8B, 0D, 7C, 89, 41, 00, 89, 08, FF, 15, E4, 41, 41, 00, 8B, 0D, 78, 89, 41, 00, 89, 08, A1, E8, 41, 41, 00, 8B, 00, A3, 80, A9, 41, 00, E8, 1D, 01, 00, 00, 39, 1D, 50, 87, 41, 00, 75, 0C, 68, 58, 2F, 41, 00, FF, 15, EC, 41...
 
[+]

Entropy:
7.9868

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
74 KB (75,776 bytes)

The file update1410tk.exe has been seen being distributed by the following URL.

Remove update1410tk.exe - Powered by Reason Core Security