home

free-youtube-download-3-2-51-1215-32-bits.exe

Web Installer

The application free-youtube-download-3-2-51-1215-32-bits.exe, “Web Installer Setup ” has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the installCore installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d.baixakifiles2.com and multiple other hosts.
Product:
Web Installer

Description:
Web Installer Setup

MD5:
6d6dd2128b0bf143ac355136749e5d01

SHA-1:
092973fe0f07af6a9b7fb4557df063965413958b

SHA-256:
329b149955b5d2c3cee9fa9a745a04354afea6be84d1e156375d2d90da9348da

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/26/2024 11:27:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15614

Comodo Security
Application.Win32.InstallCore.DAI
21741

ESET NOD32
Win32/InstallCore.QL potentially unwanted (variant)
9.11462

Fortinet FortiGate
Riskware/InstallCore
6/14/2015

IKARUS anti.virus
AdWare.InstalCo
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15567

McAfee
Artemis!6D6DD2128B0B
5600.6734

NANO AntiVirus
Riskware.Win32.InstallCore.dmhfwe
0.30.10.952

Norman
Troj_Generic.YAEKY
11.20150614

Reason Heuristics
PUP.Bundler.InstallCore
15.6.14.12

Sophos
Generic PUA AJ
4.98

Trend Micro House Call
TROJ_GEN.R03AB01AG15
7.2.165

VIPRE Antivirus
Trojan.Win32.Generic
39280

File size:
672.5 KB (688,617 bytes)

Product version:
1.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\free-youtube-download-3-2-51-1215-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:rMEFaWVBs7un8g7iGYYz/BgsC7HtJUzRfZR4QtFxT6nF8lrY2Hj38J1V:rBF70in8I/z/B/CztJUzRAQj0nFirRMt

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file free-youtube-download-3-2-51-1215-32-bits.exe has been seen being distributed by the following 5 URLs.

http://d.baixakifiles2.com/?ic_user_id=9289&data=nauMgIlosuHIfrf0AZhJbhAZouN/eCzbi7nAE 57SVsPu83YkzbMODqvRuAsqT5iSq1arEYr3nPm2vhAqZCSj5UhC/5l 9hQWvEpGxsDERk9f4/lSKOOrBcZ fDxiIx 9zFNR4mM4IfJqte7z6FmTR4ldkAy1ZKv Alrbl4bs5pD9SY40Wzz3LqBig7o721M22IlAogmQdAa3Ch1Q3PFl6tmlbguBO/3IE02iwB8cL7OkL6SGFccNrw10fA4CtkOqch3pFUCChH6LvJkB9vSq/yl0vfstrHE6jKGQO9TcBR9tKA2Bwkq5zv4c/MltaW wn2LPXzNdvxxHPPRNO8n2qK6brW6FCbFCSnWanBtVjtM31Pm1TIPYkN5PAkyaKniO7i4kXh7HdEK7Tm6l6W7RPJjz2I0XWqcD/XPkZ QIj9NCYRncspC NrxJYz77qX/Ul4eL08ysblP4VcqUqmF71KmmsJ45jA4r8ag/UPP0MkxmQJhrlrPhkPVnsM6PlVieBdAyJG2/NCsl0fiMrzvdK3BUAew4T4pCst5sROlaAxApN8OjjR7OpwXFewMU6rKMvEQF5AtBtYbBuZRvJL8VHrXyyt36/TpPj9p9JSIpMVYA7YnIVYFzl7s3CqisIR20QGxjejbiX0X1bS0kPHwfijZxcL6t6BVne18YzawQyNMs8gMkL qMqAjomhOGpNzfUjVZSRCq5ZqO5mE/jrm7Who/1iBTkw4uGNfrxMZI z/JlyOKsEJSOezfwbW4bRZDgiLeaCIa kQVU5O4UYlXd/UmlordYFK Mab3sZ18dveFFZdvIkU5ZzsFw==&key=ZIM6wC1dWvCT/.../6FnJZlw1PwXGY5D6Qz0gXNHijlCtN5no

http://d.baixakifiles2.com/?ic_user_id=9289&data=WY Ys35EQnKNiv455MaZKIQAQHNSf1uFGOGifDDuarOO/QYO8I0g9RMNFTq36dDs1OpF QmTCF7q574OvDJ3VA0BLL2TDTZQ3Ym4fhj564kxQObp Q bZj9SR/ 5MzjdFfc 9eml/ymD0DucoLsDlklWNh6lq4B6gsdgxC3lDuv1VTncy2c/UOYVheckkSOYCJK5FyXtYaGAz2oN8bi Yqgtb1FtB6a rPEOWb5lsXWOe Ch 0TXBxOuOwW8ZQqaHwp/MJQRGUrwTFxTt0v vZKKLIiEk 05GTc4bOOvBsGGmhfc0YPnu/1kBQmVskCC/qQafK4lqslxc1Zj0FH3XKFGBVxt4EmiGD8ZRZgIs7KusU7HW MLikNmWOHajhfTkMMvmdzrroMAmfb2NguogmXkNH9oTTW/E/NXhwnhhyFcDtnVWq2VobStHVTOk96nET/4Mh6AHSJ0/nS1omGHuxLjzvWAPr8rm4zy cUOPpKtg10M0c9zSgWMZyka4UJUC1JELAMxSQ2b7bYSaMpO3aX/mI/2oqrBm/TeR3BSFSgnVRiDNjFT4mhFzqxr977UhEYlxv8hCCtb5ickw1A8etxyptZ69yZOlfS/eEIHgPLiizIul7udQozcnaLMoxE8cnNwBrqFXb8kn9aV4 VPztGTjfHldoZGcP81OMqH7ucF4kvXuIyAOXMQmBeSMyxoU0FuD lK5qMbQhZhdmfLQ5TQItVOU0mCD5Xf/FEVEsOQK2JgQFw sIwBtlJ/4ziFhjXMjURzD6XLbCduS2F5FXk3NUe882P4MjOG1FxNCk34dQ6RlHLAHdogng==&key=G0rnhnvDHHRv0S7PmotjOgQ8JO dvZhGLiKHIhqoBFR2VVz/.../b2EIhd9js3nO3l47ZF

http://d.baixakifiles2.com/?ic_user_id=9289&data=DRJVXk5iVzIG1mCIB1KwaQ35gTbsdnaD8/rPqPp5zZao WirdfAz9htUA07iayKVPt8zgIuOcBu4rXbQ7WIUfJDCAS4RYpfnmEBTYX1GTEV5BC7M19doWAin7IojSoAYcQOA I7ZfAB/zrAyR11mO87Waji70/Xu1rfr28g3iRqQR2D8XXI62OnpbZVGSp5VSEAwIbsp9j02eF1NfbUZ62ehydQgxOMRBsG6oVDCHJ9NiJq7xwfUyc7pR3J8MkAQD5P4MZDeSRDp MoULA9StKFOCXjmY4iz5mG3uM3hNwCoZDrkx6Rdf0RxunWwJIjBl5urYk5kiR5WEAvA86dhHs9fUKIuDDRxCCwYuyoJFH uoQVWBQmob5y7g8Z1UC8M9eu5YLUeQYdneJ/IkGBihHjDzB05 jeS7P0Y0tHZINvzs kfKSTu6L9bORrjG39WcsuO1jRy1Z4OvxG9hTiNDProbYe PDjSv6d9fbCxqFd7KztvDg1CGnaXQqKmLk0gDX4tstwiAzPtrJEXfd1QLuxuAsKFh3xj/b05PSUAYO2s4D5m2h7hK7 cTE/6wygz6jWRlYcaXCQOJ9MVLHaRF1v6LoJTLFjG0gU JHNmEoPeOyL9FeVVoxggfELahWJ4mN1SzcuAVXUeFZXTZUgd3ngh40wgb Cwsmy0IgN/.../LRygxuXtfrI8JMFlL57aVWyP2UhcJnHTUjsZ2Nr7UxlRrVQjT

http://d.baixakifiles2.com/?ic_user_id=9289&data=tmzTYpTVxRXJ/zxFtR gRtqGXL1fVEAsC/dIwk108r5c SZRAPyYfePAOjIGjEnqeNDNOZkYqc7aWXdBjT NIZssvm/FsP5XgB0ZwTfm83FV/ZdF KMjNmObFBMP5R/NQFKrlmsx5Ph6Nfh brazMiV5/APBfnX0dFZjwcUk1YCOxJa0S1kX1vU 9N4N9GY/qPElckj6vfydZkA/pedGvmqfR ogAqpEBAsoSs/hJ5UE6qsEW500gTBnYn6veT8GzmaYs4pQDeaxxuCgaW0zGgKY9WEl8P7J2sSKfWeEv95btSkZq6nw5gLm4syHPHRFG n4hs3uzBVx VxnxkUdnKfRZ/fSbJSHVYENvkpv0d8hYdZSnfnmPnnVT3q4uMaOkReIpOgfw6ENmrPXPy3OLX11xRw29rFmuAJm3CR5dfaREqils JteEdT5di9mv5axEDg9c2dJtRuBQ0H8zA/gFHjduv4VNejH7ZfM0oa8Go518iP0wT1kwEE7euI7V9fh9fYJu6fl/TPrxYqBMJJom1599Mqg80jmZSL085XH6EApixaA Z GU 5Lz3R2bwE2K/9awUXsbm9nov7s61I/gJlKKcwHlSHoYIJBEGNmIzluSnKjWPCnYMPJBOguEGIXKWzUaP4CwYBIh1mvBGLNrL5Y7x9Ho4j4zUGINDS8LLqjTZuaFeudN4wSdNEiecXFPrPd6lj9u8QWU2z3tgSfYUhhPmIXmMK3A2DU8ya8h56mDrCoVncoyRiqM9dPeRI0wwkG5vDmAgFhY fjuFrkMrVVXbneGUbOdTQhgfBQNB1j5Pm16Dxr6qjA==&key=SZh9RiWNPOH7ytkGRqob3gb/.../pAYtWsHDZu672e9Vfb55bsQZSWicmBYjXl0sJqy0vcUc0wUkcWV EfCWVmbj4egcGw7h537qAgDB87WWzDC

http://d.likelyaa.com/?ic_user_id=9289&data=CnnF1i5GFRtO7Ck9udLy0aIZJj5BpPJxH3PYvvxNr255KIkDWExoXo8 2/H0cCU Mh5cVmo2y//rdI6iMZ5Ie74RnVEUdUSs0uOON 94VUx2S7rR1Wm5Hi8TAhRPBeXu/owPHI Mnt9HdTFbzbzHfigdIi9P2zuwkh8D/chB9LlDrN4NUDRTPu8pDUqCuHklWAsVxqoBQr9o04de15KhD 57 GGV188FVxNYkDiAsZNqCU6HkTGKJfkeWZhFt4OuGAyyk3JAENYWh4 l6gd9thEJeEf5xpFXgdBF5BWkcOAOSOtNg441akl7oIk1jAmb01DygU4QrjKhRxr1TAMiJg4tpdjhzVbU FfL1YPmCMpNmCiysifI37jBmPTJY2GFtWPf7icMEYJ3eyUbgOS7Z2B EioZ4QMTaN0x0FJpbmkvoCZdPnJd7gz7g1/KAVbdSrH42/U27KgAP 61kziCIYX zPFM8zXFtRXY7hOYWsVhgcGlBZJE1jntKkAGeO747UI9vTbqyDa51BBFPCS/ayyUd s75zaMsdacCowRDp4zdhtncdDeYJVVGanQzSsmMyuwMZhJBp13Wd7JGKCoSuyfGMknAB3ss/.../6oYDS2oHf5ZMdQkFT3eJsuWF58onMTfX5RAA3Kkwl4gFVRYzEvAI2BnVU

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.