» tubedownloader.exe
Overview
Analysis
File Details

tubedownloader.exe

SoGe Interactive LLC

This is part of the Babylon web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application tubedownloader.exe by SoGe Interactive has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.

File name:

tubedownloader.exe

Publisher:

SoGe Interactive LLC (signed and verified)

MD5:

4eec063fbfb44848a4e75f04383706c6

SHA-1:

ff312f28008fdd49a8eeb07e94d251aa60f4c7ef

SHA-256:

cfc1937dd91cb28c1624fe752ecdf88a93382722fdc86ec58bb1b0690ce0e7ca

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/29/2024 2:11:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Babylon.SoGeInte.Installer (M)

16.6.5.22

File size:

1.5 MB (1,522,144 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\tubedownloader.exe

Digital Signature

Signed by:

SoGe Interactive LLC

Authority:

Thawte, Inc.

Valid from:

6/30/2011 9:00:00 PM

Valid to:

6/30/2012 8:59:59 PM

Subject:

CN=SoGe Interactive LLC, O=SoGe Interactive LLC, L=Las Vegas, S=Nevada, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

548F19D6A2797A8A68319B84FB3F537D

File PE Metadata

Compilation timestamp:

12/5/2009 8:50:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:1KPn9hEOi4X9f1I00p60pWcIHyVTRJmTfVuHtfAruSynvyn978dVrBhgP:dOXPI00USlHmbVuy0naa8

Entry address:

0x30DE

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 27, 7A, 00, E8, F1, 2B, 00, 00, A3, A4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 68, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, A0, 1E, 7A, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove tubedownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.