home

youtube_setup.exe

BrowserOptimizer

KEYDOWNLOAD LTD

The application youtube_setup.exe by KEYDOWNLOAD has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
KeyDownload  (signed by KEYDOWNLOAD LTD)

Product:
BrowserOptimizer

Description:
setup

Version:
1, 0, 0, 1

MD5:
36c129fa1531f98eae596fc104dddada

SHA-1:
708c1c3d769fc4bc1f8350c3be7462e63a51f055

SHA-256:
e2dd7f7a0580c4da85e65fde0973c610945782153fcdd01b91fe55468a6e7396

Scanner detections:
6 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/26/2024 9:27:44 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.11995513
7.11.185.228

Dr.Web
Threat.Undefined
9.0.1.0360

ESET NOD32
Win32/KeyDownload.A potentially unwanted application
9.7.0.302.0

NANO AntiVirus
Riskware.Html.Babylon.cwhyhv
0.28.2.60990

Reason Heuristics
PUP.KeyDownload.Installer (M)
15.12.26.18

VIPRE Antivirus
Threat.4782000
31208

File size:
1.3 MB (1,331,584 bytes)

Product version:
1, 0, 0, 1

Copyright:
KeyDownload Copyright (C) 2013

Original file name:
setup.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\youtube_setup.exe

Digital Signature
Signed by:
KEYDOWNLOAD LTD

Authority:
Thawte, Inc.

Valid from:
10/22/2012 7:00:00 PM

Valid to:
10/23/2013 6:59:59 PM

Subject:
CN=KEYDOWNLOAD LTD, O=KEYDOWNLOAD LTD, L=Tel Aviv- Jaffa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
44DCCD0B7D3CB651EC98DC55DCEEBDA0

File PE Metadata
Compilation timestamp:
9/3/2013 7:46:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:4B25VqzJ6zbHjcJpyUdEzJn6Bf7wXrUWO9QhcVLSoe1CeUsVKK55P2NMQ5U2sX5O:4B2lPKdE16BsoWyAchBNS4

Entry address:
0x2938B0

Entry point:
60, BE, 00, B0, 5D, 00, 8D, BE, 00, 60, E2, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8830

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
740 KB (757,760 bytes)

Remove youtube_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.