fyd_setup.exe

Free YouTube Downloader

Bonjoy (Verified Application Company)

The executable fyd_setup.exe, “Free YouTube Downloader Setup Program” has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from getyoutubedownloader.com.
Publisher:
How, Inc  (signed by Bonjoy (Verified Application Company))

Product:
Free YouTube Downloader

Description:
Free YouTube Downloader Setup Program

Version:
4.0

MD5:
7d489df5b8ad5a40caf0179dd9b929e3

SHA-1:
2b899935879ee535bbb9e4a0cf5459ed4fcdcacc

SHA-256:
e8db435c8c67509d48207f841b43b209867199620539478ea166815e199dda1a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 7:53:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.5.11

File size:
1.2 MB (1,233,960 bytes)

Product version:
4.0

Copyright:
How Inc.

Original file name:
Free YouTube DownloaderSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\fyd_setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/12/2015 8:00:00 AM

Valid to:
12/12/2016 7:59:59 AM

Subject:
CN=Bonjoy (Verified Application Company), O=Bonjoy (Verified Application Company), STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0CBA100EB8A303781BAFC3DFA145B230

File PE Metadata
Compilation timestamp:
1/30/2016 1:29:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
24576:miTEnq4j69rN/k+GtJklaTVdTPm0v7k5YqUoGd8O9hPBajA:mjq429rNmfklaTVdSq49JGND5uA

Entry address:
0x4F6D2

Entry point:
E8, DD, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 83, 25, 2C, AE, 4A, 00, 00, 83, EC, 2C, 53, 33, DB, 43, 09, 1D, D0, 82, 4A, 00, 6A, 0A, E8, D2, 84, 02, 00, 85, C0, 0F, 84, 74, 01, 00, 00, 83, 65, EC, 00, 33, C0, 83, 0D, D0, 82, 4A, 00, 02, 33, C9, 56, 57, 89, 1D, 2C, AE, 4A, 00, 8D, 7D, D4, 53, 0F, A2, 8B, F3, 5B, 89, 07, 89, 77, 04, 89, 4F, 08, 89, 57, 0C, 8B, 45, D4, 8B, 4D, E0, 89, 45, F4, 81, F1, 69, 6E, 65, 49, 8B, 45, DC, 35, 6E, 74, 65, 6C, 0B, C8, 8B, 45, D8, 35, 47, 65, 6E, 75, 0B, C8, F7, D9...
 
[+]

Entropy:
7.2776

Code size:
527 KB (539,648 bytes)

The file fyd_setup.exe has been seen being distributed by the following URL.

Remove fyd_setup.exe - Powered by Reason Core Security