home

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 24 anti-malware scanners. While running, it connects to the Internet address proxy-cdn-A19-11.vty.dailymotion.com on port 80 using the HTTP protocol.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
c2bcbea30a649f6c2a38f807d444a2e5

SHA-1:
98ed6e6376b0dac7d2eed71254bbd02704f87fb2

SHA-256:
078f37f6028f1be80ccadb9c3e627b0086b73ffedfc4d0d6d8207db1f8cb973a

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/24/2024 11:19:34 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.01.30

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.205.246

avast!
Win32:Adware-CDO [PUP]
2014.9-150130

AVG
Skodna
2016.0.3213

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.15130

Bitdefender
Adware.Generic.1147113
1.0.20.150

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
20734

ESET NOD32
Win32/SBWatchman (variant)
9.11097

Fortinet FortiGate
Adware/Shopper
1/30/2015

G Data
Win32.Application.GoobZo
15.1.25

IKARUS anti.virus
not-a-virus:AdWare.Shopper
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.191.14667

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2562

McAfee
Artemis!C2BCBEA30A64
5600.6869

NANO AntiVirus
Riskware.Win32.Shopper.dlfqly
0.30.0.65070

Panda Antivirus
Adware/Goobzo
15.01.30.03

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo
15.1.30.15

Sophos
Goobzo
4.98

Trend Micro House Call
Suspicious_GEN.F47V0129
7.2.30

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
37098

Zillya! Antivirus
Adware.Shopper.Win32.404
2.0.0.2049

File size:
1.9 MB (1,988,456 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/1/2013 8:00:00 PM

Valid to:
5/2/2015 7:59:59 PM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
1/29/2015 5:55:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:aJs4rrl5KuoczgImLLwB5VOZDTnTUMBHau9gB7TY:0sArTKuehLwRoauF

Entry address:
0xC8C14

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
5.9392

Code size:
1.1 MB (1,157,632 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to proxy-cdn-A19-11.vty.dailymotion.com  (188.65.126.43:80)

Remove YTDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.