VideoDownloaderUltimate.exe

Video Downloader Ultimate - Win App

Link64 GmbH

The application VideoDownloaderUltimate.exe, “Video Downloader Ultimate - Win App [VideoDownloaderUltimate.exe]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 8082 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program VideoDownloaderUltimate by Link64.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Video Downloader Ultimate - Win App

Description:
Video Downloader Ultimate - Win App [VideoDownloaderUltimate.exe]

Version:
1.0.1.99

MD5:
41f617cfce4acfc3f6df78ae8417ceb3

SHA-1:
81537f5284a1a6cda102c8230d25996f6b493045

SHA-256:
72eff15db80472b572467d7ef71285fcce6978fc8290374e93d3e6f0377f567e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 2:52:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.2.11

File size:
3 MB (3,180,360 bytes)

Product version:
1.0.1.99 - 1056

Copyright:
(c) 2016 Link64 GmbH. All rights reserved.

Original file name:
VideoDownloaderUltimate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\videodownloaderultimatewinapp\videodownloaderultimate.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/5/2015 8:00:00 AM

Valid to:
5/4/2017 7:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
65CD89BFF8441FFA492CCEB690151ECA

File PE Metadata
Compilation timestamp:
2/1/2017 9:04:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x38FA6

Entry point:
E8, 3D, 94, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 00, 1C, 6A, 00, 75, 02, F3, C3, E9, BD, 94, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 72, 40, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 4C, 53, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 4D, 40, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 6F, 95, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, FF, 74, 24, 08, 6A, 00, FF, 74, 24, 0C, 68, 45...
 
[+]

Entropy:
6.5966

Code size:
1.7 MB (1,830,912 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8082/

Local host port:
8082

Default credentials:
No


The file VideoDownloaderUltimate.exe has been discovered within the following program.

52% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to pc164.nero.com  (82.98.209.164:443)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to a23-15-128-163.deploy.static.akamaitechnologies.com  (23.15.128.163:80)

TCP (HTTP):
Connects to server-54-230-216-163.mrs50.r.cloudfront.net  (54.230.216.163:80)

TCP (HTTP):
Connects to ec2-52-214-247-42.eu-west-1.compute.amazonaws.com  (52.214.247.42:80)

TCP (HTTP):
Connects to a23-38-204-127.deploy.static.akamaitechnologies.com  (23.38.204.127:80)

Remove VideoDownloaderUltimate.exe - Powered by Reason Core Security