home

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named YTDownloader triggered to execute each time a user logs in.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
679b6230529507395ff3353c0bb9129c

SHA-1:
1499bc5935d7a95449d107b84de72cc28be4dadb

SHA-256:
b7229f085973ba2aad3b2264b127093c09fafd123ea7492f0300bc1735aae29f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 1:11:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo (M)
17.3.12.19

File size:
1.9 MB (1,988,456 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/1/2013 5:00:00 PM

Valid to:
5/2/2015 4:59:59 PM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
1/13/2015 2:55:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xC8C14

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
5.9392

Code size:
1.1 MB (1,157,632 bytes)

Scheduled Task
Task name:
YTDownloader

Trigger:
Logon (Runs on logon)


Remove YTDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.