» YTDownloader.exe
Overview
Analysis
File Details
Programs (1)

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program YTDownloader by Goobzo Ltd. which is a potentially unwanted software program.

File name:

YTDownloader.exe

Publisher:

YTDownloader (signed by Goobzo LTD)

Product:

YTDownloader

Version:

1.0.2.7

MD5:

6da77948985508d12eca3e78d08f4c88

SHA-1:

8e9bae5cb25bcfe0a9631ba779bae50bc05c0a37

SHA-256:

1f8a43c046eac325d88c95a5c6153ed9646aa004de26e7741774f3675895286b

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/25/2024 10:22:34 PM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Skodna

2015.0.3560

McAfee

Artemis!270BED0EB721

5600.7216

Reason Heuristics

PUP.Goobzo.M

14.8.8.2

Trend Micro House Call

TROJ_GEN.F47V1130

7.2.48

VIPRE Antivirus

Goobzo

24196

File size:

2 MB (2,049,896 bytes)

Product version:

1.0.2.7

Original file name:

YTDownloader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 3:00:00 AM

Valid to:

5/3/2015 2:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

11/13/2013 11:19:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:Rn4L3Y1dNDsAkioKtnfySI3TT+To5ENar6MU:p4L3YXNDsZKtfySY5UaG

Entry address:

0xC6844

Entry point:

E8, B3, 48, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 5B, 16, FF, FF, C7, 06, 5C, CE, 53, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 5C, CE, 53, 00, E9, 9F, 16, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 5C, CE, 53, 00, E8, 8C, 16, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 8F, 1E, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

5.8095

Code size:

1.1 MB (1,146,368 bytes)

The file YTDownloader.exe has been discovered within the following program.

YTDownloader by Goobzo Ltd.

YTDownloader is a web browser extension that will integrate itself into Chrome, Firefox and Internet Explorer.

www.ytdownloader.com

85% remove it

Remove YTDownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.