home

ytdsetup.exe

YTD Video Downloader

GreenTree Applications srl

The application ytdsetup.exe, “YTD Video Downloader stub installer” by GreenTree Applications srl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.cbsi.com and multiple other hosts. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.
Publisher:
GreenTree Applications srl  (signed and verified)

Product:
YTD Video Downloader

Description:
YTD Video Downloader stub installer

Version:
5.8.0.3

MD5:
0519ecc951e50f5ad0165b649e8fa835

SHA-1:
bc01dc5eb9122c4b49a9831e51ebdc6263e81a2c

SHA-256:
40ba649d619d451fc4850d130b196bad586a3f3ffc17ed69d6675f909d624022

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is part of a Greentree bundled installer, which includes various adware, toolbars and co-bundled potentially unwanted apps pushed to the user upon setup.

Analysis date:
4/25/2024 2:55:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GreenTree (M)
16.8.25.15

File size:
115.9 KB (118,728 bytes)

Product version:
5.8.0.3

Copyright:
(c) 2016 GreenTree Applications SRL. All rights reserved.

Original file name:
YTDStub.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\ytdsetup.exe

Digital Signature
Signed by:
GreenTree Applications srl

Authority:
GoDaddy.com, Inc.

Valid from:
7/27/2016 2:25:38 PM

Valid to:
11/18/2016 9:02:14 PM

Subject:
CN=GreenTree Applications srl, O=GreenTree Applications srl, L=Bucuresti, C=RO

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B06D48A15E485DEF

File PE Metadata
Compilation timestamp:
2/25/2012 12:49:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:dVdePelp2Xy+tuQOzOYE5aXPnD68gkW+RoeGd8yNkM/Dk22WbCwF8B5HyTWBCIbn:GweqOYEUXPnD7Ozd8yNka9bCt5kYCoDb

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.0224

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file ytdsetup.exe has been seen being distributed by the following 50 URLs.

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=02154f2e51d77478af40239a&viewguid=hXZuIV6gH9aVswSXhOrMKBqQOwI11KT2EEk1&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=4a1ad39de2800ea330c9925b&viewguid=gujAKWWB6hJFFvwW@vM8ca756HX-6WHVwc94&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=11ec82113686ccee081163b7&viewguid=hHDt73IrUipdpIkn6kSJDqhEXWw0-TmhK73G&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d1l4j4rifo2iah.cloudfront.net/6LmNOJvp1c0y_sprVyrz_mZLbz2BalQjjEaawPWE4OA

http://d2rlvvwkmpa8ug.cloudfront.net/wIB5mEl--susG7JGyyCxTk4L3PCUmmm6Hk8Adb1AR1E

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=b2ade3129e349154609cce54&viewguid=h42-t-rmkXgXyLKfKlMQoeZIVBS@fwXN-kRt&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=8ddcea0bd39730f1afd7a35b&viewguid=hA3s01NGTmPSkSmogx1sZG1MLsl-CKI9uXkV&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d3dgmc8rip6t0h.cloudfront.net/kX_uM3ZS30jpHvXmI9wxsgybDHK70eTpWWCBhZMWVds

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=0510ba7021ee011d0ad70bc6&viewguid=gwx9sSYcO9yOXK8JdCbggTf@JgEV19S-gKd2&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d2rac1n9udtrn.cloudfront.net/NZ8Sm1G0gsXuKvyereV0dYD_dRZVSsu-kCxUa3H6VeU

http://d21aynnr5jucmo.cloudfront.net/uDL_HQUkZQWHJdF7rzIIi7JyuDy3RYrGVMe-rDE0x2E

http://www.youtubedownloadersite.com/.../stub.php?alt

http://d17otqz6kzkd6z.cloudfront.net/GGOnf2dTQgdqQsxsn2pje-lJsFFIp4b9wk_lWLqK04I

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=dc561fab782e9ea209e89d5d&viewguid=iqtsdsqnNPuOZTquyNsoHa0w9Ay4FWlW1oLz&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d17r1ebtzjfuug.cloudfront.net/ATM2aZtU3NW2erY4WXK57Z74-RA_qOpGbZA7E14vbOk

http://software.thaiware.com/download_url.php?id=10634

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=a2169cf5c1b11430386adcf2&viewguid=iHS-OoWq52IYslmpNB1uz@0Lmsa85iID7wSz&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d1adbmwjbvkhmz.cloudfront.net/WOgW0Eji8isgNtcEVZxL_qiVbpy2RXGDZxrlOR0Eq-s

http://d1whqzb8p243av.cloudfront.net/MIO4hiUhUHzAFkP-7oR5FoNTvYrVZqtKb-SGyOBLkKM

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=b5bf538c8dc78e92517ec73e&viewguid=iCNVKYgK0uctht8apD6W5tLMpNF6gk4jLbCZ&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d1lienvi1qx76l.cloudfront.net/IkgxUV8GEXr2pdpZrnxcV_4favHt7I328rPCum0sZo8

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=83a3b5832fb34eb301d500c5&viewguid=iYQ0pmTyG9f0tRtuiPQ5A7h77AjPRIqjGTxB&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=3edd2b2f7c31d1a55bb5dfae&viewguid=iHXAQGQeAlhK1uuQoQ-6zcj4-Lnwgi9ZE@Qd&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d2dix8gxqjpi5t.cloudfront.net/kYwR4Mq_S7oljAeY2T249gT_ArmdKVCdBG1u6aE2BFQ

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=cb03df3da1df2fe0b687b23e&viewguid=hGd-Gnyh4EPmz2KRrui6@cTG-uOMWKC6pF-Q&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

https://www.ytddownloader.com/.../stub.php?ytdds

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=626bc6a6bff8d601475a1e4c&viewguid=h4orUSjUN9MgWRcah2tqOB5ijIU418HY6tIt&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=9af11604ad247f786266b1d6&viewguid=gd0gFuSkxHXC-Vx1g5GDPiyhwWvUBTlpm4-r&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://d3ewtigj7oyqip.cloudfront.net/IlQzL5pgfBafI-qoMQyrNtcPYGoIrB-5JM_Lu8kxlDU

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=15561609&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=<!--esidesktop&pguid=b14bd0a2d90aa27c89bbdef7&viewguid=idlBgyB5gMQOGb4Ib0MLfRpERevl1@jVLG8D&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

Latest 30 of 314 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (5.79.67.111:80)

Remove ytdsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.