home

youtube_downloader_guru_setup.exe

Music Downloader Guru

Suzhou MorningSun Information Technology LLC.

The application youtube_downloader_guru_setup.exe, “Music Downloader Guru Setup ” by Suzhou MorningSun Information Technology has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
YoutubeDownloader.guru LLC.   (signed by Suzhou MorningSun Information Technology LLC.)

Product:
Music Downloader Guru

Description:
Music Downloader Guru Setup

Version:
8.6.0.1

MD5:
59373dc88020e3070be129976652b2af

SHA-1:
d4c6c66eb1a88d9b0af41ec733b18dcf74bf2926

SHA-256:
3d1279627fee8aec630491b783292ed574a057225a240e27efcb581878a16bd4

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/20/2024 1:16:43 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Threat.Undefined
9.0.1.032

ESET NOD32
Win32/OpenCandy.A potentially unsafe application
10.7.0.302.0

Reason Heuristics
PUP.YoutubeDownloader.SuzhouMorningSunInformationTechnology.Installer.Meta (L)
16.2.1.17

Sophos
PUA 'OpenCandy'
5.22

VIPRE Antivirus
Threat.4792085
46456

File size:
1004.1 KB (1,028,152 bytes)

Product version:
8.6

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\youtube_downloader_guru_setup.exe

Digital Signature
Signed by:
Suzhou MorningSun Information Technology LLC.

Authority:
COMODO CA Limited

Valid from:
3/2/2015 4:00:00 PM

Valid to:
3/2/2020 3:59:59 PM

Subject:
CN=Suzhou MorningSun Information Technology LLC., O=Suzhou MorningSun Information Technology LLC., STREET=A305 International Science and Technology Park 5, STREET=328 Xin Hu Road (Suzhou Industrial Park), L=Suzhou, S=Jiangsu, PostalCode=215000, C=CN

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009EEBD6AE7916429B591B6FE474638578

File PE Metadata
Compilation timestamp:
7/9/2014 12:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:uSxG05888888888888W88888888888WCL8+iDNdR7IbGte0dlv372CgjkJGGw17v:txGZi8Ddxekv3kt1Ak0G6BzzwNMWPPr

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9088

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

Remove youtube_downloader_guru_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.