home

free-youtube-download-manager.exe

One Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application free-youtube-download-manager.exe by One Installer has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. While running, it connects to the Internet address oneinstaller.com on port 80 using the HTTP protocol.
Publisher:
One Installer LLC  (signed and verified)

MD5:
ff2b570e97b67231a2ee8da07d8483ce

SHA-1:
6a10af9c45621ed4d5378f95d174736e3f78d259

SHA-256:
3835ef97222eed4b00d7dc56561a60f17dbce4d89ba5b99f3cd87cd417cdcc37

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 12:47:34 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Lollipop
2015.04.01

Avira AntiVirus
ADWARE/OneInstall.D.4
3.6.1.96

avast!
NSIS:Adware-LV [Adw]
2014.9-151107

AVG
OneInstaller
2016.0.2933

Baidu Antivirus
PUA.Win32.OneInstaller
4.0.3.15117

Dr.Web
Adware.Downware.1265
9.0.1.0311

ESET NOD32
Win32/OneInstaller.D potentially unwanted
9.11407

G Data
NSIS.Adware.OneInstaller
15.11.25

IKARUS anti.virus
PUA.Lollipop
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.202.15443

McAfee
Artemis!FF2B570E97B6
5600.6589

NANO AntiVirus
Riskware.Nsis.Downloader.cuognw
0.30.8.659

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Vittalia.OneInstaller (M)
15.11.7.8

Rising Antivirus
NORMAL:Trojan.DL.Script.Agent.am!1595604
23.00.65.151105

Sophos
Generic PUA GK
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Vittalia Installer
38944

File size:
425 KB (435,184 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\youtube downloader 2014 - free\free-youtube-download-manager.exe

Digital Signature
Signed by:
One Installer LLC

Authority:
GoDaddy.com, Inc.

Valid from:
6/13/2013 5:51:12 AM

Valid to:
1/31/2014 2:35:46 PM

Subject:
CN=One Installer LLC, O=One Installer LLC, L=Wilmington, S=DE, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
280B63CF38934E

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ye34sApqnm1WzFGtudUpHkWfPlaPKbfBUcVwG:QfPlPbfjVV

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
6.0815

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to oneinstaller.com  (93.189.35.51:80)

Remove free-youtube-download-manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.