home

downloadapi.dll

DownloadAPI

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The module downloadapi.dll by Goobzo has been detected as adware by 10 anti-malware scanners.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
DownloadAPI

Version:
3.3.7.5

MD5:
cc8a176c0010347d7fed2fca349c223c

SHA-1:
1af36a98d713b21be03e9336400ff9b2124f6064

SHA-256:
0ba65b5ce157e574c19cd6004b433f51600b60862ce081d7458481755a09fc9f

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
4/26/2024 11:37:47 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2014.12.18

AVG
Skodna
2015.0.3257

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.141217

ESET NOD32
Win32/SBWatchman (variant)
8.10890

K7 AntiVirus
Unwanted-Program
13.188.14354

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2782

Panda Antivirus
Adware/Goobzo
14.12.17.03

Reason Heuristics
PUP.Goobzo.L
14.12.17.15

Sophos
Goobzo
4.98

VIPRE Antivirus
Goobzo
35804

File size:
2.2 MB (2,340,712 bytes)

Product version:
3.3.7.5

Copyright:
Copyright © 1999-2013 SPEEDbit Ltd.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\downloadapi.dll

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 3:30:00 AM

Valid to:
5/3/2015 3:29:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
12/17/2014 2:23:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:SyFxsdh1gpNTQvlKLFoTm5RyXIAibvvrnaa+dVk9qy+yP7mx75sPwscnS1qZu:fxsX1wTsMNAfCvP7i75s4XS1iu

Entry address:
0x159D2F

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C4, F7, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 56, E8, A6, 3A, 00, 00, 59, 83, F8, 05, 72, 69, 8A, 06, 3C, 5C, 74, 04, 3C, 2F, 75, 5F, 8A, 46, 01, 3C, 5C, 74, 04, 3C, 2F, 75, 54, 8A, 46, 02, 3C, 5C, 74, 4D, 3C, 2F, 74, 49, 8D, 46, 03, 8A, 08, 32, D2, 3A, CA, 74, 3E, 80, F9, 5C, 74, 0C, 80, F9, 2F, 74, 07, 40, 8A, 08, 3A, CA, 75, EF, 38, 10, 74, 29, 40, 38, 10, 74, 24, 8A, 08, 3A, CA, 74, 1A, 80, F9, 5C, 74...
 
[+]

Entropy:
6.7124

Code size:
1.6 MB (1,694,720 bytes)

Remove downloadapi.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.