» yct.exe
Overview
Analysis
File Details
Network (1)

yct.exe

aTube Catcher

No Organization Affiliation

The application yct.exe, “aTube Catcher to download and convert videos.” by No Organization Affiliation has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address adf4d195.setaptr.net on port 80 using the HTTP protocol.

File name:

yct.exe

Publisher:

DsNET (signed by No Organization Affiliation)

Product:

aTube Catcher

Description:

aTube Catcher to download and convert videos.

Version:

3.08.7918

MD5:

91403f0e8f76e7d5df1e297543ba0676

SHA-1:

6a5a246d54ec8fcdd6d896b207a08aee3791fd78

SHA-256:

575e8e330ffdbf29b37905f9bdd0e0125e710915c213ac7c3395bb9934a818c7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/20/2024 5:21:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ATubeCatcher.Installer.Meta (M)

16.4.23.9

File size:

6.4 MB (6,677,344 bytes)

Product version:

3.08.7918

Diego Uscanga

Original file name:

yct.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\dsnet corp\atube catcher 2.0\yct.exe

Digital Signature

Signed by:

No Organization Affiliation

Authority:

VeriSign, Inc.

Valid from:

2/27/2014 1:00:00 AM

Valid to:

2/27/2017 12:59:59 AM

Subject:

CN=Diego Uscanga, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=Huixquilucan, S=Mexico, C=MX

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3891D1349D41A2C39A519812D8C15FAC

File PE Metadata

Compilation timestamp:

3/20/2014 8:31:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:eLAHYJYoZLAyY+SpZvrMA3Qah9poYNGQp8KYWJx2HK1:mmYJYoZLA3+SpZvrMA3Qi9po2

Entry address:

0x28F00

Entry point:

68, 58, 9B, 42, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 1A, 11, 50, 69, 5A, 29, 59, 44, 98, 05, 87, 65, B3, EB, 08, D3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 61, 54, 75, 62, 65, 43, 61, 74, 63, 68, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 17, 00, 00, 00, 2E, FD, 53, DD, 5E, 8A, 21, 4D, A8, DC, 3C, 88, 3B, B2, 41, DF, 01, 00, 00, 00, A0, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

6.3 MB (6,574,080 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to adf4d195.setaptr.net (173.244.209.149:80)

Remove yct.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.