home

youtube_music_downloader_setup.exe

Youtube Music Downloader

Anhui Green Xin Information Technology Co. Ltd

The application youtube_music_downloader_setup.exe, “Youtube Music Downloader Setup ” by Anhui Green Xin Information Technology Co has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
YoutubeMusicDownloader.us Inc.   (signed by Anhui Green Xin Information Technology Co. Ltd)

Product:
Youtube Music Downloader

Description:
Youtube Music Downloader Setup

Version:
7.2.0.1

MD5:
bf42638c8c30233bf730925400c572de

SHA-1:
a970e3afcfb7207c85034057ceef38ee769b69e4

SHA-256:
9e90d9757f60fca59734c6ab42dad2ac9cd5a409195d168659d40de3998f2b13

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/19/2024 10:18:48 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Adware.Agent-6810
0.98/21411

Comodo Security
UnclassifiedMalware
16603

ESET NOD32
Win32/OpenCandy
9.9808

Reason Heuristics
PUP.OpenCandy.Installer (L)
15.12.18.22

Trend Micro House Call
Suspicious_GEN.F47V0716
7.2.352

File size:
12.7 MB (13,268,096 bytes)

Product version:
7.2

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\localstate\livecomm\c9984d6819a5df31\120712-0049\att\20000130\youtube_music_downloader_setup.exe

Digital Signature
Signed by:
Anhui Green Xin Information Technology Co. Ltd

Authority:
GlobalSign nv-sa

Valid from:
1/30/2012 3:05:47 AM

Valid to:
1/30/2015 3:05:47 AM

Subject:
CN=Anhui Green Xin Information Technology Co. Ltd, O=Anhui Green Xin Information Technology Co. Ltd, L=Hefei, S=Anhui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112175FB21D0536ABE7D4BEB6F013BFEC52D

File PE Metadata
Compilation timestamp:
10/13/2013 4:19:32 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:xQtq3ogvAqX0cgTiDUw+jsjCNnL+0Q3keQB1hb8k9ToE5GUfm8Hh6HCOdbQvqx:xQtuvAqEcgWDCZL5HEk9TT5/m8BZw6C

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9988

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

Remove youtube_music_downloader_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.