home

unelevate.exe

ytdownloader (Goobzo Ltd)

The application unelevate.exe by ytdownloader (Goobzo) has been detected as adware by 6 anti-malware scanners.
Publisher:
ytdownloader (Goobzo Ltd)  (signed and verified)

MD5:
486f55d9e2fc662ca60d721413a12f11

SHA-1:
6e85cf12845d501ff989130336288716df8857d6

SHA-256:
8687768bf68690011dbb1be219df3546d48254804d494b529f87a849637abd3c

Scanner detections:
6 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/19/2024 3:54:10 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.27

AVG
Generic
2016.0.3096

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Searcher.2794
9.0.1.0147

Panda Antivirus
Adware/Goobzo
15.05.27.12

Reason Heuristics
PUP.Goobzo
15.5.27.8

File size:
92.9 KB (95,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ytdownloader\unelevate.exe

Digital Signature
Signed by:
ytdownloader (Goobzo Ltd)

Authority:
COMODO CA Limited

Valid from:
2/11/2015 2:00:00 AM

Valid to:
1/1/2016 1:59:59 AM

Subject:
CN=ytdownloader (Goobzo Ltd), O=ytdownloader (Goobzo Ltd), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FA8C21187784C5EB79D76D027461B9CD

File PE Metadata
Compilation timestamp:
11/26/2008 11:57:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
1536:xo3DKOI1oFWmIFOLpao4Cnz7sAk5UPzyioKvRb8/KDr5VmHxZf:xo3DKOIz8LpaQspKBveyH5VC

Entry address:
0x28F4

Entry point:
E8, C7, 33, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, 54, 41, 00, 89, 0D, 44, 54, 41, 00, 89, 15, 40, 54, 41, 00, 89, 1D, 3C, 54, 41, 00, 89, 35, 38, 54, 41, 00, 89, 3D, 34, 54, 41, 00, 66, 8C, 15, 60, 54, 41, 00, 66, 8C, 0D, 54, 54, 41, 00, 66, 8C, 1D, 30, 54, 41, 00, 66, 8C, 05, 2C, 54, 41, 00, 66, 8C, 25, 28, 54, 41, 00, 66, 8C, 2D, 24, 54, 41, 00, 9C, 8F, 05, 58, 54, 41, 00, 8B, 45, 00, A3, 4C, 54, 41, 00, 8B, 45, 04, A3, 50, 54, 41, 00, 8D, 45, 08, A3, 5C, 54, 41...
 
[+]

Code size:
60 KB (61,440 bytes)

Remove unelevate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.