home

downloadhelper.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application downloadhelper.exe, “YTDownloader helper” by Goobzo has been detected as adware by 24 anti-malware scanners.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Description:
YTDownloader helper

Version:
1.0.1.5

MD5:
2393eff2dd7edd1dd9cbd0971735ab58

SHA-1:
f7cab3fb0d33e9935b5d78280aaad06be6121259

SHA-256:
bf258ee3ee9ffc58221935d563974c5607b4fa9765baf7893372a8f4f3d90298

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
5/10/2024 10:32:22 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.01.31

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.205.246

avast!
Win32:Adware-CDO [PUP]
2014.9-150131

AVG
Skodna
2016.0.3213

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.15131

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Shopper-74
0.98/21511

Comodo Security
ApplicUnwnt
20677

ESET NOD32
Win32/SBWatchman (variant)
9.11097

Fortinet FortiGate
Adware/Shopper
1/31/2015

G Data
Win32.Application.GoobZo
15.1.25

IKARUS anti.virus
not-a-virus:AdWare.Shopper
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14811

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2558

McAfee
Artemis!0BBC181FB6BF
5600.6869

NANO AntiVirus
Riskware.Win32.Shopper.djijic
0.30.0.65070

Panda Antivirus
Adware/Goobzo
15.01.31.07

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo
15.1.31.7

Sophos
Goobzo
4.98

Trend Micro House Call
Suspicious_GEN.F47V0116
7.2.31

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
37100

Zillya! Antivirus
Adware.Shopper.Win32.403
2.0.0.2049

File size:
376.9 KB (385,896 bytes)

Product version:
1.0.1.5

Copyright:
Copyright (C) 2013

Original file name:
Download.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\downloadhelper.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 1:00:00 AM

Valid to:
5/3/2015 12:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
1/30/2015 10:55:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:WV3Ycafg72OAwicRjxtrKz7+9AFatgeoqe2bNIEb/tqVYBTJqUcPgG:WV3YcaelTRdFSi9YkgepeOIU/wYBTG4G

Entry address:
0x2C3C7

Entry point:
E8, 22, 92, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C0, 36, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 9C, 31, 44, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63...
 
[+]

Entropy:
6.4393

Code size:
262.5 KB (268,800 bytes)

Remove downloadhelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.