YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named YTDownloader triggered to execute each time a user logs in.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
511e24eb9506e4740d71409f3fb13bc3

SHA-1:
651b02a0c9aec86a6bc9a7fd03de674c024ee83e

SHA-256:
b7229f085973ba2aad3b2264b127093c09fafd123ea7492f0300bc1735aae29f

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
4/26/2024 8:52:57 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.01.14

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.200.132

avast!
Win32:Adware-CDO [PUP]
2014.9-150114

AVG
Skodna
2016.0.3230

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.15114

Comodo Security
ApplicUnwnt
20673

ESET NOD32
Win32/SBWatchman (variant)
9.11005

Fortinet FortiGate
Adware/Shopper
1/14/2015

G Data
Win32.Application.GoobZo
15.1.24

IKARUS anti.virus
not-a-virus:AdWare.Shopper
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2643

McAfee
Artemis!BCAD92FFCE9F
5600.6886

NANO AntiVirus
Riskware.Win32.Shopper.dlfqly
0.30.0.64448

Panda Antivirus
Adware/Goobzo
15.01.14.09

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Task.Goobzo.M
15.1.14.9

Sophos
Goobzo
4.98

Trend Micro House Call
Suspicious_GEN.F47V0112
7.2.14

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
36614

Zillya! Antivirus
Adware.Shopper.Win32.404
2.0.0.2033

File size:
1.9 MB (1,988,456 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
5/2/2013 2:00:00 AM

Valid to:
5/3/2015 1:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
1/13/2015 11:55:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:GJs4rrl5KuoczgImLLwB5VgZDTnTU9BHax9gB7T1:osArTKuehLw7zaxM

Entry address:
0xC8C14

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
1.1 MB (1,157,632 bytes)

Scheduled Task
Task name:
YTDownloader

Trigger:
Logon (Runs on logon)


Remove YTDownloader.exe - Powered by Reason Core Security