home

youtv.exe

eDownload Module

Banyan Tree Technology Limited

The application youtv.exe by Banyan Tree Technology Limited has been detected as adware by 22 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).The file has been seen being downloaded from dl.elex.soft365.com.
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Product:
eDownload Module

Version:
5.1.8.2534

MD5:
646835d06ca8f6bae69ed4ad77300206

SHA-1:
b79990684bd3d3b1358b7f77b126fcc7f78c7882

SHA-256:
720538c31037c7a29d9d71a631eeb9a7f7447b82d5e3939ab8bec6bad85eaf9f

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/25/2024 12:35:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.31573
918

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.137.222

avast!
Win32:Adware-BEM [Adw]
2014.9-140731

AVG
MalSign.Generic
2015.0.3396

Baidu Antivirus
Adware.Win32.ElexInstall
4.0.3.14731

Bitdefender
Gen:Variant.Symmi.31573
1.0.20.1060

Bkav FE
HW32.CDB
1.3.0.4246

Dr.Web
Adware.Mutabaha.23
9.0.1.0212

Emsisoft Anti-Malware
Gen:Variant.Symmi.31573
8.14.07.31.07

ESET NOD32
Win32/ELEX (variant)
8.9559

Fortinet FortiGate
W32/ELEX.L
7/31/2014

F-Secure
Gen:Variant.Symmi.31573
11.2014-31-07_5

G Data
Gen:Variant.Symmi.31573
14.7.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

Malwarebytes
PUP.Optional.Elex
v2014.07.31.07

McAfee
Artemis!8064799E791A
5600.7052

MicroWorld eScan
Gen:Variant.Symmi.31573
15.0.0.636

NANO AntiVirus
Trojan.Win32.Mutabaha.cvdhhd
0.28.0.59492

Qihoo 360 Security
HEUR/Malware.QVM01.Gen
1.0.0.1015

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.F
14.7.31.18

Trend Micro House Call
TROJ_GEN.F47V0710
7.2.212

VIPRE Antivirus
Elex Installer
27520

File size:
407.6 KB (417,376 bytes)

Product version:
5.1.8.2534

Copyright:
Copyright 2013

Original file name:
eDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\youtv.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/9/2013 11:18:54 PM

Valid to:
1/10/2015 11:18:54 PM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
6/26/2013 2:19:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:k2rwek9HfZdaosdbov+nFspfeb7R9AWt0DBme:wT9Hx4TnAeD701

Entry address:
0xD9E90

Entry point:
60, BE, 00, 10, 49, 00, 8D, BE, 00, 00, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.1485

Packer / compiler:
UPX 2.90LZMA

Code size:
296 KB (303,104 bytes)

The file youtv.exe has been seen being distributed by the following URL.

http://dl.elex.soft365.com/.../generator?short=acs_3025_63f33008bb32973359241b81dd07c452

Remove youtv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.