home

YTDownloader.exe

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application YTDownloader.exe by Goobzo has been detected as adware by 28 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘YTDownloader’.
Publisher:
YTDownloader  (signed by Goobzo LTD)

Product:
YTDownloader

Version:
1.0.3.9

MD5:
6a04005f6d0041b9d6c39d291f4fd4ac

SHA-1:
fc43b8691f294108a37e3fd3f847ff742cea5420

SHA-256:
f27b403341470504ff645e2a9d254b87084d456183892b26b4c8ea41209bf7a7

Scanner detections:
28 / 68

Status:
Adware

Analysis date:
4/26/2024 11:20:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/CrossRider
2015.03.17

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.217.198

avast!
Win32:Adware-CDO [PUP]
2014.9-150627

AVG
ShopperPro
2016.0.3066

Baidu Antivirus
Adware.Win32.Shopper
4.0.3.15627

Bitdefender
Adware.Generic.1147113
1.0.20.890

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
20734

Dr.Web
Adware.Plugin.904
9.0.1.0178

ESET NOD32
Win32/SBWatchman.D potentially unwanted (variant)
9.11330

Fortinet FortiGate
Adware/Shopper
6/27/2015

G Data
Win32.Application.GoobZo
15.6.25

IKARUS anti.virus
not-a-virus:AdWare.Shopper
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.201.15277

Kaspersky
not-a-virus:AdWare.Win32.Shopper
14.0.0.1823

McAfee
Artemis!7CBFEB051643
5600.6722

NANO AntiVirus
Riskware.Win32.Shopper.dlfqly
0.30.0.65070

nProtect
Trojan-Clicker/W32.Shopper.1988456
15.03.16.01

Panda Antivirus
Adware/Goobzo
15.06.27.11

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Goobzo.YTDownloader (M)
15.6.27.11

Sophos
Goobzo
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00BD15
7.2.178

Trend Micro
TROJ_GEN.F0C2C00BD15
10.465.27

Vba32 AntiVirus
AdWare.Shopper
3.12.26.3

VIPRE Antivirus
Goobzo
38494

Zillya! Antivirus
Adware.Shopper.Win32.404
2.0.0.2102

File size:
1.9 MB (1,988,456 bytes)

Product version:
1.0.3.9

Copyright:
Copyright (C) 2013

Original file name:
YTDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytdownloader\ytdownloader.exe

Digital Signature
Signed by:
Goobzo LTD

Authority:
Thawte, Inc.

Valid from:
5/2/2013 2:00:00 AM

Valid to:
5/3/2015 1:59:59 AM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
2/3/2015 11:55:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:FJs4rrl5KuoczgImLLwB5VVZDTnTU5BHab9gB7TC:nsArTKuehLwKfab/

Entry address:
0xC8C14

Entry point:
E8, E3, 49, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 3B, 15, FF, FF, C7, 06, FC, 02, 54, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, FC, 02, 54, 00, E9, 7F, 15, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 02, 54, 00, E8, 6C, 15, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 6F, 1D, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
1.1 MB (1,157,632 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
YTDownloader

Command:
"C:\Program Files\ytdownloader\ytdownloader.exe" \boot


Remove YTDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.