» 5374d9b9_stp.exe
Overview
Analysis
File Details
Downloads (1)

5374d9b9_stp.exe

Free YouTube Downloader

Bonjoy Software

The application 5374d9b9_stp.exe, “Free YouTube Downloader Setup Program” by Bonjoy Software has been detected as adware by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from getyoutubedownloader.com.

File name:

5374d9b9_stp.exe

Publisher:

How, Inc (signed by Bonjoy Software)

Product:

Free YouTube Downloader

Description:

Free YouTube Downloader Setup Program

Version:

4.0

MD5:

3f4ba27cc715f49b445dbc5898b4a944

SHA-1:

fb49cc97879edf77dbddb01f4db2bdadbdef8a91

SHA-256:

5ef63b497fd7676050028c1469258b3cf6e9ef0cc1e973376e77f303fdbf420c

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/6/2024 8:14:23 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.15814

Bkav FE

W32.HfsAdware

1.3.0.7062

Dr.Web

Adware.OpenCandy.163

9.0.1.0226

ESET NOD32

Win32/OpenCandy.E potentially unsafe (variant)

9.12092

Fortinet FortiGate

Riskware/OpenCandy

8/14/2015

K7 AntiVirus

Unwanted-Program

13.208.16887

McAfee

Artemis!3F4BA27CC715

5600.6673

Reason Heuristics

PUP.BonjoySoftware.Installer (M)

15.8.14.19

VIPRE Antivirus

Opencandy

42868

File size:

1.1 MB (1,180,160 bytes)

Product version:

4.0

How Inc.

Original file name:

Free YouTube DownloaderSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\5374d9b9_stp.exe

Digital Signature

Signed by:

Bonjoy Software

Authority:

COMODO CA Limited

Valid from:

10/12/2014 5:00:00 PM

Valid to:

10/13/2015 4:59:59 PM

Subject:

CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DA993C13A7FD02A727397544A565C108

File PE Metadata

Compilation timestamp:

6/30/2015 6:29:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:mAO3pHNRCEl4EDgDTxENnK0Q7FPoGm8OWVssS:mH54YATxEEfiGQW1S

Entry address:

0x57424

Entry point:

E8, 75, 98, 00, 00, E9, 79, FE, FF, FF, CC, CC, 68, 00, 70, 45, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, B8, A2, 49, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 6A, 0C, 68, F8, 19, 49, 00, E8, 9B, FF, FF, FF, 6A, 0E, E8, BC, 22, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08... 
[+]

Entropy:

7.2867

Code size:

499.5 KB (511,488 bytes)

The file 5374d9b9_stp.exe has been seen being distributed by the following URL.

http://getyoutubedownloader.com/FreeYouTubeDownloaderOC.exe

Remove 5374d9b9_stp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.