home

bestvideodownloadersetup.exe

Best Video Downloader

Alactro LLC

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application bestvideodownloadersetup.exe by Alactro has been detected as adware by 11 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from download.bestvideodownloader.com. While running, it connects to the Internet address api.yontoo.com on port 80 using the HTTP protocol.
Publisher:
Alactro LLC  (signed and verified)

Product:
Best Video Downloader

Description:
Installer

Version:
2011.11.18.1756

MD5:
356096bddeef82baa4189e73aede05d9

SHA-1:
6bbc33e7526c403ee51150ba1584f53663a534f7

SHA-256:
eb33aac35f000518c9afae305341ca5550354dd4693ae3a320f0a75d0ae97e7e

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/19/2024 6:05:56 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
ADWARE/Yontoo.Gen2
7.11.98.178

Baidu Antivirus
Adware.Win32.Yontoo
4.0.3.14123

Comodo Security
UnclassifiedMalware
16843

Dr.Web
Adware.Plugin.11
9.0.1.0337

ESET NOD32
Win32/Adware.Yontoo
8.8739

NANO AntiVirus
Trojan.Win32.Plugin.bgyvbt
0.26.0.54268

Reason Heuristics
PUP.Installer.Alactro.Y
14.12.3.17

Trend Micro House Call
TROJ_GEN.R11H1F4
7.2.337

VIPRE Antivirus
Yontoo
20976

ViRobot
Backdoor.Win32.A.Hupigon.1413152
2011.4.7.4223

File size:
1.1 MB (1,129,984 bytes)

Product version:
1.00

Copyright:
Copyright (c) 2011 Alactro LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bestvideodownloadersetup.exe

Digital Signature
Signed by:
Alactro LLC

Authority:
GoDaddy.com, Inc.

Valid from:
5/26/2011 5:13:23 PM

Valid to:
5/26/2012 5:13:23 PM

Subject:
CN=Alactro LLC, O=Alactro LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27E40C73BA04BA

File PE Metadata
Compilation timestamp:
3/10/2011 9:55:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:xbfU+6YHiSQ8QSD7ixh9IhXTI6HoYISi5g+HwOphYC:+hYCSQ6G9I5HoLf5g+QOphYC

Entry address:
0x15B4

Entry point:
55, 8B, EC, 81, EC, CC, 05, 00, 00, 53, 56, 33, DB, 57, C6, 85, 34, FA, FF, FF, 00, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, 3C, FE, FF, FF, 50, C7, 85, 3C, FE, FF, FF, 94, 00, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, A8, 32, 40, 00, E8, 36, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, 20, 02, 00, 00, 8B, 35, 68, 30, 40, 00, 68, 94, 32, 40, 00, 68, 84, 32, 40, 00, FF, D6, 50, FF, 15, 64, 30, 40...
 
[+]

Entropy:
7.9965

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file bestvideodownloadersetup.exe has been seen being distributed by the following URL.

http://download.bestvideodownloader.com/BestVideoDownloaderSetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wac.edgecastcdn.net  (72.21.81.13:80)

TCP (HTTP):
Connects to service.yontoo.com  (8.25.35.148:80)

TCP (HTTP):
Connects to api.yontoo.com  (8.25.35.15:80)

Remove bestvideodownloadersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.