home

downloadhelper.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application downloadhelper.exe, “YTDownloader helper” by Goobzo has been detected as adware by 14 anti-malware scanners.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Description:
YTDownloader helper

Version:
1.0.1.5

MD5:
9e92bfd35606d28288c6e44ed10ad34d

SHA-1:
c6023da8797105c088c52fd6d27d98b4b4b44fbf

SHA-256:
618864c6a097d8dbcdd4b5bc1775df52f42a469c3235d082f2012932e721acc3

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/27/2024 2:40:12 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2014.12.18

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.196.106

AVG
Skodna
2015.0.3257

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.141217

ESET NOD32
Win32/SBWatchman (variant)
8.10890

G Data
Win32.Application.GoobZo
14.12.24

K7 AntiVirus
Unwanted-Program
13.188.14354

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2782

NANO AntiVirus
Riskware.Win32.Shopper.djijic
0.28.6.64267

Panda Antivirus
Adware/Goobzo
14.12.17.03

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Goobzo.O
14.12.17.15

Sophos
Goobzo
4.98

VIPRE Antivirus
Goobzo
35804

File size:
376.9 KB (385,896 bytes)

Product version:
1.0.1.5

Copyright:
Copyright (C) 2013

Original file name:
Download.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\downloadhelper.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 3:30:00 AM

Valid to:
5/3/2015 3:29:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
12/17/2014 2:25:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:EV3Ycafg72OAwicRjxtrKz7+9AFatgeoqe2bNIEb/tqVbBDJqUcPgl:EV3YcaelTRdFSi9YkgepeOIU/wbBDG4l

Entry address:
0x2C3C7

Entry point:
E8, 22, 92, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C0, 36, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 9C, 31, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.4394

Code size:
262.5 KB (268,800 bytes)

Remove downloadhelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.