bvddsetup.exe

Best Video Downloader

Alactro LLC

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application bvddsetup.exe by Alactro has been detected as adware by 7 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address api.yontoo.com on port 80 using the HTTP protocol.
Publisher:
Alactro LLC  (signed and verified)

Product:
Best Video Downloader

Description:
Installer

Version:
2012.6.5.1143

MD5:
8ad6f7e6b5ae925c31988862debd6e2e

SHA-1:
acb0f2b59dd2e47f5cc1250baa84249584deffd2

SHA-256:
2e835662dca38a70a1ba317a3948474af36b0bd635f9cad37086eedea08d82b6

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/14/2024 9:16:49 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.MulDrop3.57258
9.0.1.0270

Emsisoft Anti-Malware
Adware.Win32.GNDEMWC.AMN!A2
8.15.09.27.05

ESET NOD32
Win32/Adware.GNDEMWC (variant)
9.7299

Fortinet FortiGate
Riskware/JTDMYOV
9/27/2015

McAfee
Artemis!8AD6F7E6B5AE
5600.6630

Reason Heuristics
PUP.Yontoo.Alactro.Installer (M)
15.9.27.5

VIPRE Antivirus
Yontoo
12242

File size:
1.1 MB (1,199,328 bytes)

Product version:
1.11.00

Copyright:
Copyright (c) 2012 Alactro LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bvddsetup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/16/2012 4:01:43 AM

Valid to:
5/27/2013 5:13:23 AM

Subject:
CN=Alactro LLC, O=Alactro LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
046CAA7E02C7FB

File PE Metadata
Compilation timestamp:
3/11/2011 10:55:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:FXELkiAbKaSoYp1paJATr6iYoMOD2UjVvgi1B3zP9c/AR42xX:tCkiA2aSoYXPYmD2aVvr1BjFcj2N

Entry address:
0x15B4

Entry point:
55, 8B, EC, 81, EC, CC, 05, 00, 00, 53, 56, 33, DB, 57, C6, 85, 34, FA, FF, FF, 00, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, 3C, FE, FF, FF, 50, C7, 85, 3C, FE, FF, FF, 94, 00, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, A8, 32, 40, 00, E8, 36, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, 20, 02, 00, 00, 8B, 35, 68, 30, 40, 00, 68, 94, 32, 40, 00, 68, 84, 32, 40, 00, FF, D6, 50, FF, 15, 64, 30, 40...
 
[+]

Entropy:
7.9969

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wac.edgecastcdn.net  (72.21.81.13:80)

TCP (HTTP):
Connects to service.yontoo.com  (8.25.35.148:80)

TCP (HTTP):
Connects to api.yontoo.com  (8.25.35.15:80)

Remove bvddsetup.exe - Powered by Reason Core Security