home

freeyoutubedownloaderoc.exe

Free YouTube Downloader

Bonjoy Software

The application freeyoutubedownloaderoc.exe, “Free YouTube Downloader Setup Program” by Bonjoy Software has been detected as adware by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
How, Inc  (signed by Bonjoy Software)

Product:
Free YouTube Downloader

Description:
Free YouTube Downloader Setup Program

Version:
4.0

MD5:
47cab986efe6d23fce0c6a916d9f13dd

SHA-1:
cb7b495397842c36d64040cf022919cf3be88490

SHA-256:
88471a22e3f417f9ad192d5920a0b1627c83ae09b735ba41ed8e1b0e690e8595

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/14/2024 3:16:40 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15114

ESET NOD32
Win32/OpenCandy (variant)
9.11000

Reason Heuristics
PUP.Installer.BonjoySoftware.X
15.1.14.18

VIPRE Antivirus
Opencandy
36590

File size:
1.1 MB (1,170,432 bytes)

Product version:
4.0

Copyright:
How Inc.

Original file name:
Free YouTube DownloaderSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\freeyoutubedownloaderoc.exe

Digital Signature
Signed by:
Bonjoy Software

Authority:
COMODO CA Limited

Valid from:
12/29/2014 12:00:00 AM

Valid to:
12/29/2015 11:59:59 PM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CD3BC6FFAA74061B7CABDCB0D74FBB12

File PE Metadata
Compilation timestamp:
12/16/2014 5:26:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:f/xB2AUVbWNLHp0kT1ThvgKOG0R7KoGm8OObLRpDI+i:/AKNLJNRThvgaqzGQO7i

Entry address:
0x5B174

Entry point:
E8, 75, AB, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, C4, 00, 00, 00, A1, B0, A2, 49, 00, 33, C5, 89, 45, FC, 56, 8B, 75, 08, 57, 33, FF, 89, BD, 4C, FF, FF, FF, 3B, F7, 75, 1E, E8, AE, 2B, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, DC, F5, FF, FF, 83, C4, 14, 8B, C6, E9, 24, 01, 00, 00, E8, E6, 6D, 00, 00, 8D, 85, 4C, FF, FF, FF, 50, E8, DD, 6E, 00, 00, 59, 85, C0, 74, 0D, 57, 57, 57, 57, 57, E8, 8A, F4, FF, FF, 83, C4, 14, 8B, 85, 4C, FF, FF, FF, 53, 6A, 3C, 99, 59, F7, F9, 66, 89...
 
[+]

Code size:
497 KB (508,928 bytes)

The file freeyoutubedownloaderoc.exe has been seen being distributed by the following 9 URLs.

http://software-files-a.cnet.com/s/software/13/98/60/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14028933&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=d49be341ecbdb653d742cb77&viewguid=Ts7jQCBT78LT2A392OOOF1j8lHKGqOh4yuhf&destUrl=http://software-files-a.cnet.com/s/software/14/02/89/.../FreeYouTubeDownloaderOC.exe

http://youtubedownloader.com/update

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14028933&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=3f87698bfc7590efdf347d86&viewguid=Tgr3HKGBAD8Ucg@OyOwQgBU3iFY7vyHrEM4@&destUrl=http://software-files-a.cnet.com/s/software/14/02/89/.../FreeYouTubeDownloaderOC.exe

http://getyoutubedownloader.com/

http://software-files-a.cnet.com/s/software/14/02/89/.../FreeYouTubeDownloaderOC.exe

http://getyoutubedownloader.com/FreeYouTubeDownloaderOC.exe

http://software-files-a.cnet.com/s/software/14/00/58/.../FreeYouTubeDownloaderOC.exe

http://youtubedownloader.com/download

Remove freeyoutubedownloaderoc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.