home

freeyoutubedownloaderoc.exe

Free YouTube Downloader

Bonjoy Software

The application freeyoutubedownloaderoc.exe, “Free YouTube Downloader Setup Program” by Bonjoy Software has been detected as adware by 20 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
How, Inc  (signed by Bonjoy Software)

Product:
Free YouTube Downloader

Description:
Free YouTube Downloader Setup Program

Version:
4.0

MD5:
e75f586d2a3f557503905125a0e4deea

SHA-1:
6d0e8d28f0ba23dfbdc82baed57b20fc8c219ef9

SHA-256:
b709f13ef4ba7a455ea10f76510e89e2f1c83933fa5b3949282cb68537ee5141

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/14/2024 4:00:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
W32/Virut.Gen
8.3.1.6

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15929

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.OpenCandy.72
9.0.1.0272

ESET NOD32
Win32/OpenCandy.A potentially unsafe (variant)
9.11318

Fortinet FortiGate
W32/Virut.CE.gen
9/29/2015

G Data
Win32.Virtob.Gen.12
15.9.25

IKARUS anti.virus
AdWare.MultiBundleS
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15641

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1352

McAfee
Artemis!61CC5EB8581F
5600.6627

Panda Antivirus
Generic Suspicious
15.09.29.02

Qihoo 360 Security
Win32/Virus.Downloader.272
1.0.0.1015

Reason Heuristics
PUP.BonjoySoftware.Installer (M)
15.9.29.14

Sophos
Generic PUA NB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0305
7.2.272

Vba32 AntiVirus
Virus.Virut.06
3.12.26.4

VIPRE Antivirus
Opencandy
38408

Zillya! Antivirus
Downloader.Agent.Win32.248040
2.0.0.2153

File size:
1.1 MB (1,179,136 bytes)

Product version:
4.0

Copyright:
How Inc.

Original file name:
Free YouTube DownloaderSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\freeyoutubedownloaderoc.exe

Digital Signature
Signed by:
Bonjoy Software

Authority:
COMODO CA Limited

Valid from:
12/29/2014 5:30:00 AM

Valid to:
12/30/2015 5:29:59 AM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CD3BC6FFAA74061B7CABDCB0D74FBB12

File PE Metadata
Compilation timestamp:
12/16/2014 10:56:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:m/xB2AUVbWNLHp0kT1ThvgWKy0s7woGm8OxbLR29+C:+AKNLJNRThvgqNJGQxnC

Entry address:
0x5B174

Entry point:
E8, 75, AB, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, C4, 00, 00, 00, A1, B0, A2, 49, 00, 33, C5, 89, 45, FC, 56, 8B, 75, 08, 57, 33, FF, 89, BD, 4C, FF, FF, FF, 3B, F7, 75, 1E, E8, AE, 2B, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, DC, F5, FF, FF, 83, C4, 14, 8B, C6, E9, 24, 01, 00, 00, E8, E6, 6D, 00, 00, 8D, 85, 4C, FF, FF, FF, 50, E8, DD, 6E, 00, 00, 59, 85, C0, 74, 0D, 57, 57, 57, 57, 57, E8, 8A, F4, FF, FF, 83, C4, 14, 8B, 85, 4C, FF, FF, FF, 53, 6A, 3C, 99, 59, F7, F9, 66, 89...
 
[+]

Entropy:
7.2887

Code size:
497 KB (508,928 bytes)

Remove freeyoutubedownloaderoc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.