home

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 15 anti-malware scanners.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
925b99753f1ce0039b9cde57383919b3

SHA-1:
6c4a0ec97b742ca3111344a133153a582e209f4f

SHA-256:
0cbfdd656dcf97052352c4c027f85651efa07e2f839ca8903728753e72ac6d0b

Scanner detections:
15 / 68

Status:
Adware

Analysis date:
4/18/2024 6:30:12 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2014.12.18

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.196.126

AVG
Skodna
2015.0.3255

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.141219

ESET NOD32
Win32/SBWatchman (variant)
8.10893

Fortinet FortiGate
Adware/Shopper
12/19/2014

G Data
Win32.Application.GoobZo
14.12.24

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2772

McAfee
Artemis!270BED0EB721
5600.6911

Panda Antivirus
Generic Malware
14.12.19.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo.M
14.12.19.13

Sophos
Goobzo
4.98

Trend Micro House Call
TROJ_GEN.F47V1130
7.2.353

VIPRE Antivirus
Goobzo
35814

File size:
1.9 MB (1,988,968 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 3:00:00 AM

Valid to:
5/3/2015 2:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
12/17/2014 3:48:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:hieTznbqsUfELX8/ODLlQT4TpVVHaTWAIti:bTDbqTp/ODTra6Y

Entry address:
0xC8D24

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
5.9394

Code size:
1.1 MB (1,158,144 bytes)

Remove YTDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.