freeyoutubedownloaderoc.exe

Free YouTube Downloader

Bonjoy Software

The application freeyoutubedownloaderoc.exe, “Free YouTube Downloader Setup Program” by Bonjoy Software has been detected as adware by 15 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts. While running, it connects to the Internet address host235-15.mtn.cm on port 80 using the HTTP protocol.
Publisher:
How, Inc  (signed by Bonjoy Software)

Product:
Free YouTube Downloader

Description:
Free YouTube Downloader Setup Program

Version:
4.0

MD5:
61cc5eb8581f7628c698d836ee447387

SHA-1:
d850a35120286078a6e4bd87fe91d5cebd70a632

SHA-256:
c4a3c574a3df93ed4486a0e0d0496e3a8d20f537d9bc1d9b4f188bd78ef7efd8

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 1:09:50 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Virut.F
2015.05.23

Avira AntiVirus
W32/Virut.Gen
8.3.1.6

Dr.Web
Adware.OpenCandy.72
9.0.1.073

ESET NOD32
Win32/OpenCandy.A potentially unsafe (variant)
9.11318

Fortinet FortiGate
W32/Virut.CE.gen
3/14/2015

G Data
Win32.Virtob.Gen.12
15.6.25

herdProtect (fuzzy)
2015.6.20.12

IKARUS anti.virus
AdWare.MultiBundleS
t3scan.1.8.9.0

McAfee
Artemis!61CC5EB8581F
5600.6827

Panda Antivirus
W32/Sality.AO
15.06.20.12

Reason Heuristics
PUP.Installer.BonjoySoftware
15.3.14.9

Rising Antivirus
PE:Win32.Virut.cl!1523074
23.00.65.15618

Trend Micro House Call
Suspicious_GEN.F47V0305
7.2.73

Vba32 AntiVirus
Virus.Virut.06
3.12.26.4

VIPRE Antivirus
Opencandy
38408

File size:
1.1 MB (1,179,136 bytes)

Product version:
4.0

Copyright:
How Inc.

Original file name:
Free YouTube DownloaderSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\freeyoutubedownloaderoc.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/29/2014 1:00:00 AM

Valid to:
12/30/2015 12:59:59 AM

Subject:
CN=Bonjoy Software, O=Bonjoy Software, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CD3BC6FFAA74061B7CABDCB0D74FBB12

File PE Metadata
Compilation timestamp:
12/16/2014 6:26:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:m/xB2AUVbWNLHp0kT1ThvgWKy0s7woGm8OxbLR29+C:+AKNLJNRThvgqNJGQxnC

Entry address:
0x5B174

Entry point:
E8, 75, AB, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, C4, 00, 00, 00, A1, B0, A2, 49, 00, 33, C5, 89, 45, FC, 56, 8B, 75, 08, 57, 33, FF, 89, BD, 4C, FF, FF, FF, 3B, F7, 75, 1E, E8, AE, 2B, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, DC, F5, FF, FF, 83, C4, 14, 8B, C6, E9, 24, 01, 00, 00, E8, E6, 6D, 00, 00, 8D, 85, 4C, FF, FF, FF, 50, E8, DD, 6E, 00, 00, 59, 85, C0, 74, 0D, 57, 57, 57, 57, 57, E8, 8A, F4, FF, FF, 83, C4, 14, 8B, 85, 4C, FF, FF, FF, 53, 6A, 3C, 99, 59, F7, F9, 66, 89...
 
[+]

Code size:
497 KB (508,928 bytes)

The file freeyoutubedownloaderoc.exe has been seen being distributed by the following 23 URLs.

http://software-files-a.cnet.com/s/software/14/37/45/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=dc3484030303b75c8d0c7f4f&viewguid=UpKF-afaogGPK5Sz7mnqDCc-AVVU3LZCdekU&destUrl=http://software-files-a.cnet.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=df264099a737cd4180f99ed3&viewguid=WAz4vtea8cSr4MVmSfQ3t8LPnQbnI-ba4xVA&destUrl=http://software-files-a.cnet.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=ded721b67bfd14e9daa95352&viewguid=U9pAw6i@8NECfxOTxV1AZhWxZhfWWFD@jNqF&destUrl=http://files.downloadnow.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=18daa8c2bfe9b01e772c3b25&viewguid=V2edS1WQdPk6oS0j@rsFUFJBoey9X4Pe59QH&destUrl=http://software-files-a.cnet.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

http://getyoutubedownloader.com/?EsetProtoscanCtx=149d428

http://127.0.0.1:37848/continue?TiCredToken=17870&Source=WTP&URL=http://.../

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=07aceceb67a9b19c166eeb91&viewguid=URpJ0ivjvXvteCaY0vesegVCyzGHuNUWXhSV&destUrl=http://software-files-a.cnet.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

http://172.17.190.245/webAuth/index.htm?software-files-a.cnet.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=b82366888c46ec8c414e23b1&viewguid=VKYixpWP35ZgyTOrR@ENmNnU9Kk4l@q8kyVq&destUrl=http://software-files-a.cnet.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

&onid=2071&oid=3001-2071_4-75219434&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14147924&mfgid=10099047&merid=10099047&ctype=dm&cval=NONE&devicetype=desktop&pguid=d426c30b730aef213c7d1aa8&viewguid=VDyXIe83wIeMcnV78vkP06C2fnFKOaLyHw59&destUrl=http://files.downloadnow.com/s/software/14/14/79/.../FreeYouTubeDownloaderOC.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to host235-15.mtn.cm  (196.202.235.15:80)

Remove freeyoutubedownloaderoc.exe - Powered by Reason Core Security