bvddsetup.exe

Best Video Downloader

Alactro LLC

This is the installer/setup program for a Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application bvddsetup.exe by Alactro has been detected as adware by 18 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address api.yontoo.com on port 80 using the HTTP protocol.
Publisher:
Alactro LLC  (signed and verified)

Product:
Best Video Downloader

Description:
Installer

Version:
2012.8.20.1128

MD5:
5ad63efcd6a6e2120e3d4e5ed4a48ef2

SHA-1:
bcd3a55571de36aa95c9246b3ee3325e0c1d8b34

SHA-256:
d4878a596d537a5040ec0b32de0a6b21f2c3a519c94ea09f5a9908e13c4efd29

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/14/2024 9:06:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.386027
560

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
ADWARE/Yontoo.Gen2
7.11.182.78

AVG
AdInject.Alactro
2016.0.3038

Bitdefender
Adware.Generic.386027
1.0.20.1030

Comodo Security
UnclassifiedMalware
19942

Dr.Web
Adware.Plugin.8
9.0.1.0206

Emsisoft Anti-Malware
Adware.Generic.386027
8.15.07.25.03

ESET NOD32
Win32/Adware.Yontoo (variant)
9.10643

Fortinet FortiGate
W32/Yontoo.9E43CA52!tr
7/25/2015

F-Secure
Adware.Generic.386027
11.2015-25-07_7

G Data
Adware.Generic.386027
15.7.24

McAfee
Artemis!5AD63EFCD6A6
5600.6694

MicroWorld eScan
Adware.Generic.386027
16.0.0.618

NANO AntiVirus
Trojan.Html.Plugin.bopldg
0.28.6.62995

Reason Heuristics
PUP.Yontoo.Alactro.Installer (M)
15.7.25.3

VIPRE Antivirus
Yontoo
34366

ViRobot
Trojan.Win32.Generic.1203440
2011.4.7.4223

File size:
1.1 MB (1,203,440 bytes)

Product version:
1.11.00

Copyright:
Copyright (c) 2012 Alactro LLC. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bvddsetup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/15/2012 2:01:43 PM

Valid to:
5/26/2013 3:13:23 PM

Subject:
CN=Alactro LLC, O=Alactro LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
046CAA7E02C7FB

File PE Metadata
Compilation timestamp:
3/10/2011 8:55:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:kXELkiAv6Dlyt0xOoAZge0l3HP6ykZVQHg+z8ZVQI0HzngGLY8:kCkiAmIGOhZE6dQHNqQV0G88

Entry address:
0x15B4

Entry point:
55, 8B, EC, 81, EC, CC, 05, 00, 00, 53, 56, 33, DB, 57, C6, 85, 34, FA, FF, FF, 00, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 00, 40, 40, 00, FF, 15, 70, 30, 40, 00, 89, 45, F8, 8D, 85, 3C, FE, FF, FF, 50, C7, 85, 3C, FE, FF, FF, 94, 00, 00, 00, FF, 15, 6C, 30, 40, 00, 85, C0, 75, 21, FF, 15, 14, 30, 40, 00, 50, 68, A8, 32, 40, 00, E8, 36, FA, FF, FF, 59, C7, 05, 04, 40, 40, 00, FF, 00, 00, 00, E9, 20, 02, 00, 00, 8B, 35, 68, 30, 40, 00, 68, 94, 32, 40, 00, 68, 84, 32, 40, 00, FF, D6, 50, FF, 15, 64, 30, 40...
 
[+]

Entropy:
7.9969

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wac.edgecastcdn.net  (72.21.81.13:80)

TCP (HTTP):
Connects to service.yontoo.com  (8.25.35.148:80)

TCP (HTTP):
Connects to api.yontoo.com  (8.25.35.15:80)

Remove bvddsetup.exe - Powered by Reason Core Security