yct.exe

aTube Catcher

DsNET

The application yct.exe, “aTube Catcher to download and convert videos.” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address adf4d195.setaptr.net on port 80 using the HTTP protocol.
Publisher:
DsNET

Product:
aTube Catcher

Description:
aTube Catcher to download and convert videos.

Version:
3.08.7971

MD5:
2ec1ffd6a97809d6c2f1cb3c631cce6c

SHA-1:
43cf172660bd8df599d2a50f750a7a86566c1344

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/19/2017 4:35:50 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ATubeCatcher.Installer.Meta (M)
16.4.23.9

File size:
6.4 MB (6,696,960 bytes)

Product version:
3.08.7971

Copyright:
Diego Uscanga

Original file name:
yct.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\dsnet corp\atube catcher 2.0\yct.exe

File PE Metadata
Compilation timestamp:
6/9/2014 8:52:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:ufzZ0mQUyG6/PbK9vFvOTj2UHm5CrF0RH1uUnA2MACQR9:yd0mQUyG6/PbK9v1OTj2UHm5CrF0RH1u

Entry address:
0x29428

Entry point:
68, D4, A0, 42, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, F3, 23, 66, 38, 4C, 0B, 97, 4D, 81, EA, 18, B9, B4, 2A, A8, FA, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 61, 54, 75, 62, 65, 43, 61, 74, 63, 68, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 17, 00, 00, 00, 83, 86, 05, 83, CB, 38, 15, 4E, BE, 27, 71, 70, 2C, 5D, 26, 7C, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Entropy:
6.0971

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
6.3 MB (6,598,656 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cache.google.com  (189.90.45.204:80)

TCP (HTTP):
Connects to adf4d195.setaptr.net  (173.244.209.149:80)

TCP (HTTP):
Connects to vip170.ssl.hwcdn.net  (205.185.208.170:80)

Remove yct.exe - Powered by Reason Core Security