home

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named YTDownloader triggered to execute each time a user logs in. This file is typically installed with the program YTDownloader by Goobzo Ltd. which is a potentially unwanted software program.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
408b91bc1b49c623acaf73bc84afd80a

SHA-1:
f506dd86ad2a3846a6262297f583608a9d57cb52

SHA-256:
fdc30068862bd423c3dbaafd7376477ad53d1e770da368ab4aa612a3b8f21117

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
4/26/2024 7:59:59 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2014.12.11

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.194.62

AVG
Skodna
2015.0.3371

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.14825

ESET NOD32
Win32/SBWatchman (variant)
8.10857

G Data
Win32.Application.Shopperpro
14.8.24

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.2813

McAfee
Artemis!270BED0EB721
5600.7027

Panda Antivirus
Adware/Goobzo
14.08.25.04

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo.M
14.8.25.16

Sophos
Goobzo
4.98

Trend Micro House Call
TROJ_GEN.F47V1130
7.2.237

VIPRE Antivirus
Goobzo
32530

File size:
1.9 MB (1,988,968 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/1/2013 7:00:00 PM

Valid to:
5/2/2015 6:59:59 PM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
8/25/2014 3:47:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:E23XM8JHruBqWPxps1pr9F/tCfbDTuyT1RwfSURezTyT2LdWHalheU:E23XMJjxGpvlqzwfbezTyT2gHaneU

Entry address:
0xC8CC4

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, 0C, 03, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 0C, 03, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 0C, 03, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
5.9391

Code size:
1.1 MB (1,158,144 bytes)

Scheduled Task
Task name:
YTDownloader

Trigger:
Logon (Runs on logon)


The file YTDownloader.exe has been discovered within the following program.

YTDownloader  by Goobzo Ltd.
YTDownloader is a web browser extension that will integrate itself into Chrome, Firefox and Internet Explorer.
www.ytdownloader.com
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip0x054.map2.ssl.hwcdn.net  (209.197.3.84:80)

TCP (HTTP):
Connects to 107.191.46.37.vultr.com  (107.191.46.37:80)

Remove YTDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.