home

youtubeaccelerator2-7.exe

YouTubeAccelerator

youtubeaccelerator.com

The application youtubeaccelerator2-7.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from cdn.file2desktop.com.
Publisher:
youtubeaccelerator.com

Product:
YouTubeAccelerator

Version:
1.0

MD5:
9b73316776cc645fe2d8e9b64b4061d1

SHA-1:
65a346eedaab6614ce627f0c40c472c915199c14

SHA-256:
31d65a5dc568cddfab9ede1fc23ff1d033f8a71e0196ed6760c8f6064fe9440e

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/26/2024 10:28:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Baidu Antivirus
Adware.Win32.OutBrowse
4.0.3.14105

Kaspersky
not-a-virus:AdWare.Win32.OutBrowse
14.0.0.3149

NANO AntiVirus
Trojan.Win32.Generic.dbxkzp
0.28.0.60577

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Trend Micro House Call
ADW_TUBACC
7.2.185

Trend Micro
ADW_TUBACC
10.465.04

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
625 KB (639,982 bytes)

Copyright:
© YouTubeAccelerator

Trademarks:
youtubeaccelerator.com

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\youtubeaccelerator2-7.exe

File PE Metadata
Compilation timestamp:
12/6/2009 6:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:LHi/UlFKdwgFTzFZfBV53WUiSe6EhVn4VWp8DA6G:LFlFKigFHFiSeAFu

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9251

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file youtubeaccelerator2-7.exe has been seen being distributed by the following URL.

http://cdn.file2desktop.com/.../YouTubeAccelerator2-7.exe

Remove youtubeaccelerator2-7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.