home

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 28 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named YTDownloader triggered to execute each time a user logs in.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
ef98e12e3d6a1bfe576a29250ead6014

SHA-1:
578ffac499f9845d8a86019f1c4cfb9c7fdf21a8

SHA-256:
b6d005b9390c6d938bf62ed5a7d9ee3d35715386a0e11d1002bd7ed6b4ba6a15

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
4/25/2024 12:29:59 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.09

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.208.204

avast!
Win32:Adware-CDO [PUP]
2014.9-150827

AVG
Skodna
2016.0.3004

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.15827

Bitdefender
Adware.Generic.1147113
1.0.20.1195

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
20734

Dr.Web
Adware.Plugin.904
9.0.1.0239

ESET NOD32
Win32/SBWatchman.D potentially unwanted (variant)
9.11142

Fortinet FortiGate
Adware/Shopper
8/27/2015

G Data
Win32.Application.GoobZo
15.8.25

IKARUS anti.virus
not-a-virus:AdWare.Shopper
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.193.14899

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.1515

McAfee
Artemis!EF98E12E3D6A
5600.6660

NANO AntiVirus
Riskware.Win32.Shopper.dlfqly
0.30.0.65070

nProtect
Trojan-Clicker/W32.Shopper.1988456
15.03.16.01

Panda Antivirus
Adware/Goobzo
15.08.27.11

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo.YTDownloader (M)
15.8.27.23

Sophos
Goobzo
4.98

Trend Micro House Call
Suspicious_GEN.F47V0204
7.2.239

Trend Micro
TROJ_GEN.F0C2C00BD15
10.465.27

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
37370

Zillya! Antivirus
Adware.Shopper.Win32.509
2.0.0.2058

File size:
1.9 MB (1,988,968 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/1/2013 8:00:00 PM

Valid to:
5/2/2015 7:59:59 PM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
2/4/2015 5:56:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:cpKdBJJzqjIh9iSq01Gc7kFXGNyvf+LvBUBkofHTIvN6TrhoHalHgBeuTx:aK3YIySXzvG2LvikofHTnTrWHaFgB7Tx

Entry address:
0xC8C34

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
5.9382

Code size:
1.1 MB (1,158,144 bytes)

Scheduled Task
Task name:
YTDownloader

Trigger:
Logon (Runs on logon)


Remove YTDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.