» YTDownloader.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named YTDownloader triggered to execute each time a user logs in. While running, it connects to the Internet address proxy-cdn-B07-07.vty.dailymotion.com on port 80 using the HTTP protocol.

File name:

YTDownloader.exe

Publisher:

YTDownloader (signed by Goobzo LTD)

Product:

YTDownloader

Version:

1.0.3.9

MD5:

a51662f2a85842c072a436e09c89c2bc

SHA-1:

b2eb301209487987fc98eaf3fc21a2e21dd0601d

SHA-256:

b25a487989d96d0f4ec3c7e7e9ba75bf28989740a188fcddaf76e4a64fab906d

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/25/2024 9:03:52 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2014.12.17

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.196.12

AVG

Skodna

2015.0.3257

Baidu Antivirus

Adware.Win32.Shopper

4.0.3.141218

ESET NOD32

Win32/SBWatchman.D potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Shopper

12/18/2014

G Data

Win32.Application.GoobZo

14.12.24

Kaspersky

not-a-virus:AdWare.Win32.Shopper

15.0.0.543

McAfee

Artemis!270BED0EB721

5600.6913

Panda Antivirus

Adware/Goobzo

14.12.18.07

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Task.Goobzo.M

14.12.18.7

Sophos

PUA 'Goobzo' (of type Adware)

5.09

Trend Micro House Call

TROJ_GEN.F47V1130

7.2.352

VIPRE Antivirus

Goobzo

35778

File size:

1.9 MB (1,988,456 bytes)

Product version:

1.0.3.9

Original file name:

YTDownloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

12/18/2014 10:55:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:IJs4rrl5KuoczgImLLwB5V/ZDTnTUoBHag9gB7Tr:SsArTKuehLwAEagC

Entry address:

0xC8C14

Entry point:

E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08... 
[+]

Entropy:

5.9392

Code size:

1.1 MB (1,157,632 bytes)

Scheduled Task

Task name:

YTDownloader

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to proxy-cdn-B07-07.vty.dailymotion.com (188.65.126.55:80)

Remove YTDownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.