home

ytd_sysmenu_setup.exe

Goobzo LTD

The application ytd_sysmenu_setup.exe by Goobzo has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.ytdownloader.com and multiple other hosts.
Publisher:
Goobzo LTD  (signed and verified)

MD5:
fa1ca316b64d4c99e9e70db42e2dbd52

SHA-1:
d6500b8c21d63f7a7ab15422089de1a456deffa6

SHA-256:
1f19b5cdc08de363019c5e78f788f5e95791768665fa4d71dd644f4f6e51ea01

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles various adware toolbars and browser extensions.

Analysis date:
4/24/2024 2:30:35 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/YtDown.A
7.11.123.168

AVG
Skodna.Bundle
2014.0.3615

Dr.Web
Adware.Searcher.2618
9.0.1.0359

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Installer.Goobzo.R
14.8.8.2

VIPRE Antivirus
Goobzo
25124

File size:
825.5 KB (845,296 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\ytd_sysmenu_setup.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 2:00:00 AM

Valid to:
5/3/2015 1:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:ORSNFaMYJ/+zVkqRveJLF1OiYvMicH9kBY:TNFaDs2qRveLF1mMnkC

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9648

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file ytd_sysmenu_setup.exe has been seen being distributed by the following 7 URLs.

http://download.ytdownloader.com/.../ytd_a94ea1a4c1_setup.exe

http://download.ytdownloader.com/.../ytd_d9eeb67dbb_setup.exe

http://download.ytdownloader.com/.../ytd_d8f2f849b7_setup.exe

http://download.ytdownloader.com/.../ytd_9f4f0a2fa6_setup.exe

http://download.ytdownloader.com/.../ytd_3014964c49_setup.exe

http://download.goobzo.com/.../ytd_d5614be25c_setup.exe

http://download.goobzo.com/.../ytd_ca7f6b424e_setup.exe

Remove ytd_sysmenu_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.