home

dcytdkietut_tutdk_setup.exe

Goobzo Ltd

The application dcytdkietut_tutdk_setup.exe by Goobzo has been detected as adware by 20 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address server-205-251-251-25.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Goobzo Ltd  (signed and verified)

Version:
2.8.0.999

MD5:
061770c47a6b3602999694402aa37c63

SHA-1:
4ad7ad5fb50b8be722edc8b91f1a48aab5ae9d2b

SHA-256:
09ff507c9b441dfd37446626f0f6ef4da3071f757a9130793c09f5e2921c8560

Scanner detections:
20 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/26/2024 6:11:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.171097
570

AhnLab V3 Security
PUP/Win32.CrossRider
2015.07.15

Avira AntiVirus
ADWARE/CrossRider.Gen
8.3.1.6

Arcabit
Trojan.Adware.Graftor.D29C59
1.0.0.425

avast!
Win32:GenMaliciousA-IJF [PUP]
2014.9-150715

AVG
Crossrider
2016.0.3048

Bitdefender
Gen:Variant.Adware.Graftor.171097
1.0.20.980

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Win32.HLLW.Unjap.325
9.0.1.0196

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.171097
8.15.07.15.11

ESET NOD32
Win32/SpeedBit.F potentially unwanted (variant)
9.11938

F-Secure
Gen:Variant.Adware.Graftor
11.2015-15-07_4

G Data
Gen:Variant.Adware.Graftor.171097
15.7.25

IKARUS anti.virus
PUA.SpeedBit
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.206.16559

Malwarebytes
PUP.Optional.SpeedBit
v2015.07.15.11

MicroWorld eScan
Gen:Variant.Adware.Graftor.171097
16.0.0.588

Panda Antivirus
Adware/Goobzo
15.07.15.11

Reason Heuristics
PUP.Goobzo.Installer (M)
15.7.15.11

SUPERAntiSpyware
Adware.SpeedBit/Variant
9752

File size:
1.2 MB (1,214,952 bytes)

Product version:
2.8.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dcytdkietut_tutdk_setup.exe

Digital Signature
Signed by:
Goobzo Ltd

Authority:
Symantec Corporation

Valid from:
2/3/2015 7:00:00 PM

Valid to:
5/5/2016 7:59:59 PM

Subject:
CN=Goobzo Ltd, O=Goobzo Ltd, L=Haifa, S=HAIFA, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3C3E526E4FC7FCA9432F2BC6F34C86A5

File PE Metadata
Compilation timestamp:
7/14/2015 3:00:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:EQz7RehIGIuqJhKfsmjWwpa+09CH9PewYAAXfq0DMnBjTtLXa3TQ6lQXg:RqIGI9JhKfsmDU+AI5FYAAC0DMBPtLXM

Entry address:
0x5DDFF

Entry point:
E8, 43, E0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 78, 2B, 4E, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 80, F7, 4D, 00, 01, 0F, 82, 7B, E1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2...
 
[+]

Code size:
654 KB (669,696 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server-205-251-251-25.jfk5.r.cloudfront.net  (205.251.251.25:80)

Remove dcytdkietut_tutdk_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.