home

youtv.exe

eDownload Module

Banyan Tree Technology Limited

The application youtv.exe by Banyan Tree Technology Limited has been detected as adware by 19 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).The file has been seen being downloaded from dl.elex.soft365.com and multiple other hosts.
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Product:
eDownload Module

Version:
5.1.8.2553

MD5:
b85d0fb797978a0f0e0ff6b84774cea7

SHA-1:
e8ba9f72c9cedd7a0dd5fae8be0e28adaae7da32

SHA-256:
18ea59d85543e8d42b46756f79c7fa9b37ea11635e975a8cc9f511bd7c41eca1

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/25/2024 7:44:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.31573
947

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.137.202

avast!
Win32:Adware-BEM [Adw]
2014.9-140703

AVG
MalSign.Generic
2015.0.3425

Baidu Antivirus
Adware.Win32.ElexInstall
4.0.3.1473

Bitdefender
Gen:Variant.Symmi.31573
1.0.20.920

Dr.Web
Adware.Mutabaha.23
9.0.1.0184

ESET NOD32
Win32/ELEX (variant)
8.8693

Fortinet FortiGate
W32/ELEX.L
7/3/2014

F-Secure
Gen:Variant.Symmi.31573
11.2014-03-07_5

G Data
Gen:Variant.Symmi.31573
14.7.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

Malwarebytes
PUP.Optional.Elex
v2014.07.03.01

McAfee
Artemis!B85D0FB79797
5600.7081

MicroWorld eScan
Gen:Variant.Symmi.31573
15.0.0.552

NANO AntiVirus
Trojan.Win32.Mutabaha.cvdhhd
0.28.0.59492

Reason Heuristics
PUP.BanyanTreeTechnologyLimited.F
14.7.3.1

Trend Micro House Call
TROJ_GEN.F47V0802
7.2.184

VIPRE Antivirus
Elex Installer
20548

File size:
436.6 KB (447,072 bytes)

Product version:
5.1.8.2553

Copyright:
Copyright 2013

Original file name:
eDownload.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\youtv.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 12:18:54 AM

Valid to:
1/11/2015 12:18:54 AM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
7/16/2013 4:23:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:jgVgjLHKXqmf4pcNiu4sVO10s2L1qfJHtDe8DqgfM:GgjGPf4pcNiu4sVOx3TDlOY

Entry address:
0xE02F0

Entry point:
60, BE, 00, 00, 49, 00, 8D, BE, 00, 10, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.2012

Packer / compiler:
UPX 2.90LZMA]

Code size:
324 KB (331,776 bytes)

The file youtv.exe has been seen being distributed by the following 2 URLs.

http://dl.elex.soft365.com/Public/dlexe/acs/.../YouTV.exe

http://dl.elex.soft365.com/.../generator?short=acs_3025_63f33008bb32973359241b81dd07c452

Remove youtv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.