33329538_stp.exe

Final Video Downloader

Bitberry Software

The application 33329538_stp.exe, “Final Video Downloader - Fastest YouTube downloader ” by Bitberry Software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from eu01.procloudstorage.com and multiple other hosts.
Publisher:
Bitberry Software   (signed by Bitberry Software)

Product:
Final Video Downloader

Description:
Final Video Downloader - Fastest YouTube downloader

Version:
2013.4.2.0

MD5:
8a0b169245cfdf85192914638f827ed4

SHA-1:
3d2e5abc6800c53d5388e91068fb28942197ae00

SHA-256:
46fe39c00c5f10cc1c458030311174a15dc26e009046b86ecc2309ff07ab6795

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 12:13:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BitberrySoftware.M
14.3.1.4

Vba32 AntiVirus
Signed-Adware.InstallCore
3.12.22.3

File size:
5.8 MB (6,044,784 bytes)

Product version:
2013

Copyright:
Copyright © 2009-2013 Bitberry Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\33329538_stp.exe

Digital Signature
Authority:
The USERTRUST Network

Valid from:
10/31/2010 5:00:00 PM

Valid to:
10/31/2013 4:59:59 PM

Subject:
CN=Bitberry Software, O=Bitberry Software, STREET=Blomsterhaven 42, L=Holbaek, S=n/a, PostalCode=4300, C=DK

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00BFCE655DC312403F105230416ACDF5B3

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:QXcUKkwEwn9S0b/xU+ge7xr5swx3jQGSUvs5patjSNwXB4uN9FHNk105RIupghDo:PmwEA9SqU4UWacma/XBbVNk1SmZI

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9992

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file 33329538_stp.exe has been seen being distributed by the following 4 URLs.

Remove 33329538_stp.exe - Powered by Reason Core Security