youtubeaccelerator.exe

Goobzo LTD

This is part of the Goobzo YouTube Accelerator program which is a web browser extension that includes advertising in the form of injected coupons (based on the visited web page) as well as additional advertising. - "The Software provides a suite of browser features that customize and enhance your interaction with video and other various websites by rendering download button, graphics, text, or other functional or interactive content in your browser." The application youtubeaccelerator.exe by Goobzo has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application.
Publisher:
Goobzo LTD  (signed and verified)

Version:
1.3.0.0

MD5:
0d53800bece72315137d17929b06bee6

SHA-1:
e40a2a014594c3d8d8cafe004edac9eb1ac22a49

SHA-256:
832d3881e4479b338bb4679fbf4511bb1b4de3d40432af152cb34ecce89b0b83

Scanner detections:
22 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
12/25/2024 12:38:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11488800
850

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Dropper-gen [Drp]
2014.9-141008

AVG
Skodna
2015.0.3432

Baidu Antivirus
Adware.Win32.SpeedBit
4.0.3.14626

Bitdefender
Trojan.Generic.11488800
1.0.20.1405

Dr.Web
Adware.Downware.6220
9.0.1.0281

Emsisoft Anti-Malware
Trojan.Generic.11488800
8.14.10.08.09

ESET NOD32
Win32/SpeedBit (variant)
8.10001

F-Secure
Trojan.Generic.11488800
11.2014-08-10_4

G Data
Trojan.Generic.11488800
14.10.24

IKARUS anti.virus
AdWare.CrossRider
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.183.13432

McAfee
Artemis!0D53800BECE7
5600.7088

MicroWorld eScan
Trojan.Generic.11488800
15.0.0.843

nProtect
Trojan.Generic.11488800
14.09.19.01

Panda Antivirus
Trj/CI.A
14.10.08.09

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Reason Heuristics
PUP.Goobzo.S
14.8.8.2

Sophos
Goobzo
4.98

Trend Micro House Call
Suspicious_GEN.F47V0625
7.2.177

VIPRE Antivirus
Goobzo
30666

File size:
1.1 MB (1,120,656 bytes)

Product version:
1.3.0.0

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\youtubeaccelerator.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
5/1/2013 9:00:00 PM

Valid to:
5/2/2015 8:59:59 PM

Subject:
CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
120B25DDE57B88636AD4D97D23B99C88

File PE Metadata
Compilation timestamp:
6/25/2014 9:01:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:VPzpc45r+5ydVOtNolAClb2EO5I+qjlsvB8ZjSlZmg:NrAyd8NolAClCgllaB8ZjSlZmg

Entry address:
0x4B92F

Entry point:
E8, 7C, D5, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A4, 56, 4C, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F0, 24, 4C, 00, 01, 0F, 82, B4, D6, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2...
 
[+]

Code size:
566 KB (579,584 bytes)

The file youtubeaccelerator.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-99-36.arn1.r.cloudfront.net  (54.230.99.36:80)

TCP (HTTP):
Connects to server-54-230-99-20.arn1.r.cloudfront.net  (54.230.99.20:80)

TCP (HTTP):
Connects to server-54-230-98-46.arn1.r.cloudfront.net  (54.230.98.46:80)

TCP (HTTP):
Connects to server-54-230-97-243.arn1.r.cloudfront.net  (54.230.97.243:80)

TCP (HTTP):
Connects to server-54-230-96-87.arn1.r.cloudfront.net  (54.230.96.87:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

Remove youtubeaccelerator.exe - Powered by Reason Core Security