home

tubesaver_2070-2021_v122.exe

The application tubesaver_2070-2021_v122.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, this AddLyrics variant installs itself as a Chrome extension, an Internet Explorer add-on, and a Firefox plug-in and displays advertisements in the browser, and also display the lyrics to songs viewed on YouTube.
Description:
TubeSaver

Version:
1.130.0.0

MD5:
ffba745f775e0243f746783f8c6070ea

SHA-1:
e2be3ebb9045e79ba0303acdc48ce946510edb8b

SHA-256:
abe8bf07e5f42cfb0736e980da2377683956e31ee1dc185042ee4db496f04c68

Scanner detections:
33 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 5:29:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.108504
226

AegisLab AV Signature
AdWare.W32.Lyckriks.cs!c
2.1.4+

Avira AntiVirus
ADWARE/AddLyrics.Gen
8.3.3.4

Arcabit
Application.Generic.D9B84F
1.0.0.666

avast!
NSIS:AddLyrics-AA [Adw]
2014.9-160622

AVG
Skodna.Generic_r
2017.0.2704

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.16622

Bitdefender
Gen:Variant.Adware.Graftor.108504
1.0.20.870

Comodo Security
Application.Win32.AddLyrics.B
24738

Dr.Web
Trojan.Lyrics.363
9.0.1.0174

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.108504
8.16.06.22.08

ESET NOD32
Win32/Adware.AddLyrics
10.13280

Fortinet FortiGate
Adware/Lyckriks
6/22/2016

F-Secure
Gen:Variant.Adware.Graftor
11.2016-22-06_4

G Data
Gen:Variant.Adware.Graftor.108504
16.6.25

IKARUS anti.virus
AdWare.AddLyrics
t3scan.2.0.9.0

K7 AntiVirus
Adware
13.220.19201

Kaspersky
not-a-virus:AdWare.Win32.Lyckriks
14.0.0.16

Malwarebytes
PUP.Optional.AdLyrics
v2016.06.22.08

McAfee
Artemis!FFBA745F775E
5600.6360

Microsoft Security Essentials
Adware:Win32/AddLyrics
1.1.12603.0

MicroWorld eScan
Gen:Variant.Adware.Graftor.108504
17.0.0.522

NANO AntiVirus
Riskware.Script.Lyckriks.dbvuql
1.0.18.7201

Panda Antivirus
Trj/CI.A
16.06.22.08

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1120

Quick Heal
Trojan.ZAgent.r5
6.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16620

Sophos
Lyrmix Agent (PUA)
4.98

Trend Micro House Call
TROJ_SPNR.0BIA13
7.2.174

Trend Micro
TROJ_SPNR.0BIA13
10.465.22

Vba32 AntiVirus
AdWare.Lyckriks
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
48378

Zillya! Antivirus
Adware.Lyckriks.Win32.197
2.0.0.2760

File size:
646.7 KB (662,259 bytes)

Copyright:
Copyright 2013

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tubesaver_2070-2021_v122.exe

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:GJUQ9IjEfv1dE4jbnv+4nwMMhCGPuQkz6mj7mVLc8yhvjJa:GJeIn1GObv+UaPuf6mj7mVqLJa

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9097

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file tubesaver_2070-2021_v122.exe has been seen being distributed by the following URL.

http://app.updatingapp.net/u/.../TubeSaver_2070-2021_v122.exe

Remove tubesaver_2070-2021_v122.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.