home

SBMNTR.sys

YTDownloader Driver

ytdownloader (Goobzo Ltd)

The file SBMNTR.sys by ytdownloader (Goobzo) has been detected as adware by 26 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “sbmntr”.
Publisher:
YTDownloader  (signed by ytdownloader (Goobzo Ltd))

Product:
YTDownloader Driver

Version:
1.00.00.0002 built by: WinDDK

MD5:
2e3b61e4355d47c56f633e3dac38bf0c

SHA-1:
7d601cc16cc5ac6fa86ab14aa38c8534741193bf

SHA-256:
56521f25d695d8306cc07bbac94214ed33e2d4e221116a461447586c869785db

Scanner detections:
26 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/24/2024 4:38:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PAP
551

AhnLab V3 Security
PUP/Win32.CrossRider
2015.08.03

Avira AntiVirus
ADWARE/Agent.49824.17
3.6.1.96

AVG
Generic
2016.0.3029

Bitdefender
Adware.Agent.PAP
1.0.20.1075

Bkav FE
W64.HfsAdware
1.3.0.6979

Clam AntiVirus
Win.Adware.Agent-36757
0.98/20242

Dr.Web
Adware.Searcher.2796
9.0.1.0215

Emsisoft Anti-Malware
Adware.Agent.PAP
8.15.08.03.06

F-Secure
Adware.Agent.PAP
11.2015-03-08_2

G Data
Adware.Agent.PAP
15.8.25

IKARUS anti.virus
not-a-virus:AdWare.Shopper
t3scan.1.8.6.0

McAfee
Artemis!CF1607749575
5600.6685

MicroWorld eScan
Adware.Agent.PAP
16.0.0.645

NANO AntiVirus
Riskware.Win32.Shopper.dpqted
0.30.8.659

Norman
Adware.Agent.PAP
11.20150803

nProtect
Adware.Agent.PAP
15.03.06.01

Panda Antivirus
Adware/Goobzo
15.08.03.06

Qihoo 360 Security
Win32/Virus.Adware.80c
1.0.0.1015

Reason Heuristics
PUP.Goobzo.YTDownloader (M)
15.8.3.6

SUPERAntiSpyware
Adware.Goobzo/Variant
9714

Trend Micro House Call
Suspicious_GEN.F47V0309
7.2.215

Trend Micro
TROJ_GEN.R047C0OD715
10.465.03

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
42554

Zillya! Antivirus
Adware.Shopper.Win64.12
2.0.0.2324

File size:
57.2 KB (58,528 bytes)

Product version:
1.00.00.0002

Copyright:
Copyright (C) 2013

Original file name:
SBMNTR.sys

File type:
Driver (Win64 SYS)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\sbmntr.sys

Digital Signature
Signed by:
ytdownloader (Goobzo Ltd)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 7:00:00 PM

Valid to:
12/31/2015 6:59:59 PM

Subject:
CN=ytdownloader (Goobzo Ltd), O=ytdownloader (Goobzo Ltd), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FA8C21187784C5EB79D76D027461B9CD

File PE Metadata
Compilation timestamp:
8/1/2015 5:57:10 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Native (none required)

Linker version:
9.0

CTPH (ssdeep):
768:RIS2bH4AzybtJ/8lMVjvwLYCQqUeBN35oP4cToBB3DXN2U8pQUaQMEN0THm:SHWHCqDwBTUe/3ZX+QUUEmrm

Entry address:
0xF064

Entry point:
48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, 6E, 20, FF, FF, CC, CC, 40, F1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, F4, 00, 00, 80, A0, 00, 00, C0, F0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 26, F8, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F8, F7, 00, 00, 00, 00, 00, 00, E6, F7, 00, 00, 00, 00, 00, 00, CE, F7, 00, 00, 00, 00, 00, 00, BC, F7, 00, 00, 00, 00, 00, 00, A6, F7, 00, 00...
 
[+]

Entropy:
6.0820

Code size:
42 KB (43,008 bytes)

Driver
Display name:
sbmntr

Type:
Kernel device driver (KernelDriver)

Depends on:
BFE


Remove SBMNTR.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.