home

ytd.exe

YTD

Pepak

The executable ytd.exe has been detected as malware by 1 anti-virus scanner. This is the uninstaller utility registered in the Windows Control Panel for the program YTD (pepak). While running, it connects to the Internet address edge-star-mini-shv-01-vie1.facebook.com on port 443.
Publisher:
Pepak  (signed and verified)

Product:
YTD

Version:
1.58.0.1395

MD5:
3ffb7dd10b87999f515c98eabe4c5288

SHA-1:
fb40ea36f713da50ee0633ba5c92b52240f99064

SHA-256:
80a3f7398454ce3f614d91ed119d2d24ff4c73b8bd72dc63296f9cb828eae89a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 9:07:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.6.0

File size:
1.3 MB (1,325,992 bytes)

Product version:
1.58.0.1395

Copyright:
(c) 2010-16 Pepak

Original file name:
ytd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ytd\ytd.exe

Digital Signature
Signed by:
Pepak

Authority:
Pepak (root CA)

Valid from:
12/31/2016 10:37:41 AM

Valid to:
12/31/2017 10:37:40 AM

Subject:
CN=Pepak, E=http://www.pepak.net

Issuer:
CN=Pepak (root CA), E=http://www.pepak.net

Serial number:
C639D5EA462147BD4E29AEE4D2A334CE

File PE Metadata
Compilation timestamp:
2/3/2017 9:10:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

Entry address:
0x105230

Entry point:
55, 8B, EC, 83, C4, F0, A1, 58, 94, 51, 00, C6, 00, 01, B8, 90, 1B, 50, 00, E8, 38, 41, F0, FF, E8, 17, BB, F8, FF, E8, 26, 03, F0, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,064,448 bytes)

Program Uninstaller
Program name:
YTD (pepak)

Uninstall string:
"C:\Program Files (x86)\YTD\ytd.exe" --uninstall


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-vie1.facebook.com  (31.13.84.36:443)

Remove ytd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.