» downloadhelper.exe
Overview
Analysis
File Details
Programs (1)

downloadhelper.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application downloadhelper.exe, “YTDownloader helper” by Goobzo has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program YTDownloader by Goobzo Ltd. which is a potentially unwanted software program.

File name:

downloadhelper.exe

Publisher:

YTDownloader (signed by Goobzo LTD)

Product:

YTDownloader

Description:

YTDownloader helper

Version:

1.0.1.4

MD5:

716613a0009a999d33383e18292d46cf

SHA-1:

38859b26acddc5e9c646bf79ebbd83500c55ecf5

SHA-256:

fd0baf0b05739702d09e9d2c9764e7cb29f2f6fae790183673e4f2736ea94429

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/26/2024 8:02:52 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-CDO [PUP]

150319-1

AVG

MalSign.Skodna

2015.0.3499

Dr.Web

Adware.Searcher.2795

9.0.1.05190

Kaspersky

not-a-virus:AdWare.Win32.Shopper

15.0.0.543

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.Goobzo.O

14.8.8.2

Sophos

PUA 'Goobzo' (of type Adware)

5.13

VIPRE Antivirus

Goobzo

28260

File size:

371.4 KB (380,264 bytes)

Product version:

1.0.1.4

Original file name:

Download.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ytdownloader\downloadhelper.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 4:00:00 AM

Valid to:

5/3/2015 3:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

12/16/2013 6:58:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:GxZChr9CKAIrT5hJRuW0fdUXiIcalcjzx3ndAgm2y4+53FINehNkxTVxPdJ6JSgQ:GxkJc2bHuW0fd63HujtXdAP23I3FINeA

Entry address:

0x2B507

Entry point:

E8, 52, 91, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 80, 26, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 84, 21, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63... 
[+]

Entropy:

6.4398

Code size:

258.5 KB (264,704 bytes)

The file downloadhelper.exe has been discovered within the following program.

YTDownloader by Goobzo Ltd.

YTDownloader is a web browser extension that will integrate itself into Chrome, Firefox and Internet Explorer.

www.ytdownloader.com

85% remove it

Remove downloadhelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.