youtube_downloader_hd_setup.exe

Youtube Downloader HD

Egor Chernyshev

The application youtube_downloader_hd_setup.exe, “Youtube Downloader HD Setup ” by Egor Chernyshev has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This file is typically installed with the program Visual CertExam Suite by Avanset. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
YoutubeDownloaderHD.com   (signed by Egor Chernyshev)

Product:
Youtube Downloader HD

Description:
Youtube Downloader HD Setup

Version:
2.9.9.13

MD5:
9efd88fa206200bdc586dd132f8a29e9

SHA-1:
3512c60f0df89c4c731eedf49bc09e3e4b6b7557

SHA-256:
e9d5ae8ae763154e0ad172b9f8b9e11f4c0b6f23e41f7614575b882eaebbac11

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/23/2024 2:51:38 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.3
9.0.1.045

ESET NOD32
8.9420

Reason Heuristics
PUP.Installer.EgorChernyshev.BB
14.3.29.10

Trend Micro House Call
TROJ_GEN.F47V0207
7.2.45

Trend Micro
ADW_OPENCANDY
10.465.30

Vba32 AntiVirus
AdWare.OpenCandy
3.12.24.3

File size:
9.2 MB (9,664,032 bytes)

Product version:
2.9.9.13

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\youtube_downloader_hd_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/25/2013 2:00:00 AM

Valid to:
12/26/2015 12:59:59 AM

Subject:
CN=Egor Chernyshev, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=Verhny Tagil, S=Sverdlovskaya obl., C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7CB35D943B644DB19DD9065F2D08C8CB

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:Lw8byKnFZM/aKt6OIEE9pFvvVIunLlGRfXjGHXGYnRdw9UUB8:LXnU/jt6OjEtnLlGRvO49Ra

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD...
 
[+]

Entropy:
7.9856  (probably packed)

Code size:
37 KB (37,888 bytes)

The file youtube_downloader_hd_setup.exe has been discovered within the following program.

Visual CertExam Suite  by Avanset
Publisher's description - “Visual CertExam Suite is a test engine designed specifically for certification exam preparation. It allows you to create, edit, and take practice tests in an environment very similar to an actual exam.”
www.avanset.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file youtube_downloader_hd_setup.exe has been seen being distributed by the following 50 URLs.

http://lb.cdn.m6web.fr/d/c/a/6098014e8a50347841d794e14228893a/53c4ffa8/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

http://lb.cdn.m6web.fr/d/c/a/0f99326ebec7dbb05b71cb52ec04c045/531392d6/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

http://lb.cdn.m6web.fr/d/c/a/5b66f6d26cb9d8f48ccfc437a56326cc/535d6a78/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

https://doc-14-ao-docs.googleusercontent.com/docs/securesc/t7ukh26e244lfhor8nrfv0bpd24n90ap/61ap5l4qsbhjk5kvnkuqnq29969m7gid/1483020000000/.../15883840766610466252/0B3TC6sc9zeYDcm96MTBTaU56NU0?e=download

http://lb.cdn.m6web.fr/d/c/a/480fd00b94bc6efe8f562082af1f1505/53d3fa16/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

http://lb.cdn.m6web.fr/d/c/a/68e75df1e09a7789865ade35e7ebdd86/537b5504/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

http://lb.cdn.m6web.fr/d/c/a/81a47ecc921ac83b5e0105fd5d2cce42/531c85ce/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

http://dw2.uptodown.com/dl/1400421046/.../youtube-downloader-hd-2-9-9-13-es-en-br-fr-de-cn-jp-win.exe

http://lb.cdn.m6web.fr/d/c/a/c7e915856f7c5afbbaa45d7b222ff95d/53afe3ea/soft/.../youtube-downloader-hd_2-9-9-13_fr_24719.exe

https://doc-0k-bo-docs.googleusercontent.com/docs/securesc/klric9ocrn4333on1sjqj7afki52rst0/o5s06651613vioa3u0cvi9achvdl2hos/1471010400000/.../06145373872847332780/0B-B5y0OuPmIuS0sxZTB3XzdYeW8?e=download

http://software-files-a.cnet.com/s/software/13/59/99/.../youtube_downloader_hd_setup.exe

Latest 30 of 52 download URLs

Remove youtube_downloader_hd_setup.exe - Powered by Reason Core Security