» ytdsetup.exe
Overview
Analysis
File Details
Downloads (83)
Network (3)

ytdsetup.exe

YTD Video Downloader

Greentree Applications SRL

The application ytdsetup.exe by Greentree Applications SRL has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from ytd-video-downloader-free.ar.softonic.com and multiple other hosts. While running, it connects to the Internet address 14.d7.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

ytdsetup.exe

Publisher:

Greentree Applications SRL (signed and verified)

Product:

YTD Video Downloader

Version:

5.1.0

MD5:

11e0e182358f8353b5f048c83fec34bc

SHA-1:

228440e657d24380deafea2801e87b723b522c34

SHA-256:

8172010dc71b280cba15fb37242bce03417bf00f1928bf6311a9b778a66ed7e9

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

This is part of a Greentree bundled installer, which includes various adware, toolbars and co-bundled potentially unwanted apps pushed to the user upon setup.

Analysis date:

11/23/2024 6:37:04 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

2014.9-151127

AVG

Downloader

2016.0.2912

Baidu Antivirus

Adware.Win32.AskToolbar

4.0.3.151127

Bkav FE

W32.HfsAdware

1.3.0.6979

Comodo Security

ApplicUnwnt

19644

Dr.Web

Adware.Downware.10873

9.0.1.0331

ESET NOD32

Win32/Bundled.Toolbar.Ask.G potentially unsafe (variant)

9.11871

Fortinet FortiGate

Riskware/Ask

11/27/2015

G Data

Win32.Adware.Spigot

15.11.24

IKARUS anti.virus

PUA.Offer

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.183.13504

Kaspersky

not-a-virus:AdWare.MSIL.RocketTab

14.0.0.1056

Malwarebytes

PUP.Optional.APNToolBar.A

v2015.11.27.05

McAfee

Artemis!8A5AE67E0CA6

5600.6568

NANO AntiVirus

Trojan.Win32.Downware.ctuoeb

0.28.0.59048

Panda Antivirus

Trj/Chgt.E

15.11.27.05

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Quick Heal

AdWare.MSIL.g6 (Not a Virus)

11.15.14.00

Reason Heuristics

Win32.Generic.GreentreeApplications.Installer.Meta

15.11.27.17

Rising Antivirus

PE:Trojan.Win32.Generic.172F5263!388977251

23.00.65.151125

Trend Micro House Call

TROJ_GEN.R047H07HS14

7.2.331

Vba32 AntiVirus

Backdoor.Sinowal

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

31108

Zillya! Antivirus

Adware.RocketTab.Win32.32

2.0.0.1936

File size:

10 MB (10,491,088 bytes)

Product version:

5.1.0.0.1

Original file name:

Uninstall.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ytdsetup.exe

Digital Signature

Signed by:

Greentree Applications SRL

Authority:

Symantec Corporation

Valid from:

6/16/2015 1:00:00 AM

Valid to:

8/15/2017 12:59:59 AM

Subject:

CN=Greentree Applications SRL, O=Greentree Applications SRL, L=Bucharest, S=Bucharest, C=RO

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

65DB5B5BDFCE9083EDF79253BABF4963

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:pS9kwcmAwqhRslH8Oy3KfdWzcrbomWV+/vGmPRYuTpojHS:pHIAefqcPh1XZJYmpojHS

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file ytdsetup.exe has been seen being distributed by the following 50 URLs.

http://ytd-video-downloader-free.ar.softonic.com/start-download/.../e7552129142dc2b6639f4dd658ec894d

http://www.softwaresharetoday.com/1VHl4z_N2VPKo7ubYEr61ncmEBoCb3c4yS4lhLlHKlWvWHheMngOoBbICaEVZ5Nb7joDmPuocavQ tID9mj57dm3dvACOu3C 7NF9sxvBrz J8gQixF6QZItfrhIfv1zQWZuHhUsLqEq lRes84XtX_ilE1uV3nQ_5c2uw95AfZH_hypJ G6oYswpv7HwgrWE_m148Fa-G2AAAGRyXWtr2wNqwnUbHHLgcm4eBnpACzbGzhOl0brr2i5B3qhflrWaFjlLsP qIBYYan1AyRPVX62dl1KbQ rTt 890cJuHbPvZee8oFYImqMYluYEAQ==

http://www.signfilesgift.com/THmxcJFo99S3qi8KzL5FI8u5Adk4XPH3Ol6LJ_fy2ui6fEmWN428DyELzEcMvInqLLvLQIqFeIIcSLpgCPdBs7 tXVlhYZFcvYQyMW0SQDLb5gnDyKr7w5NrNRvqEJOyiEvcauIFG65HyYlOaFc2a DHTYSr9zOK0cKa7fwgYzRPrRGObrZLW8UBrY9GF7PUo5c_aLGho7k4Uk Gh7dSEcqe44Y7HmYYAHKp6j3hGhhaw92vWB0pc67lrl33_UFz7lH4Q rie5PI8xAO58VRfxm7ibhM5rx Ws4TSOGzv24fhc50hmYldQYMW_e9t2Ru0Nbh5RqsE4DOJDcqIK2MuWRS6qV8NUB I940q88Y0AZVFdhWXge3F lPoX7mYAwx00uEnAH JteVPKy1NgSB24_C4vajc26igffIwSD_fsoIPZJGT0gx45w7jnh0EwkFuf7Zph1altkIPuDmlUQx_FMbbWtME7qcpeMdYyU1zieu_3wtpfBc54qf1sG3JZYNZpHo1YEAtMS716cVo1SeeLa1DX3A0w==-G1gAAGRwXmtrO Cm9gQJNuDApYT2QQa0O9vAkzWGvkg3z0s5CsWJ0HOiV15Byrfakeqt1OOUo8Tz83VcE_d3uOkwrri3uQZUMk6xHIPhLE4C-e

http://ytd-video-downloader-free.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmKiKn6SjmZc=

http://www.softwaresharetoday.com/N46_1vdIyvq9GifAwt6k7XK4CHF2ECXN3m0WSsz9xGJZzQLBS6 L1dcOI6Ke7voDqSo6LewhxaXZkG2UArCIhFFmjnzBOCwdSYEcEuYHnXiT0Z3swqwj4dA2g1jAF51mgr8Th9aXgAWHemZI0Adrdoqh0YIOl3dywvOoAEIS9A8mwPoKnr9Mi3qsj3mawoeumCuT1KKTFXWaAaiqdpwMaQ67on8nHGM5x0Wz61nMBI8TnbvlxxJMC6wcQdSkm0QQ21m9IWCIfDgN4kCA ezlEjyK19An4_PiO2mbg608sLk2TkjbYLPSskFaRwCELVpn5cjfWq0JRfA9MyIp1VYRlSbx7BvhQzo7Cut_mf3GgnauK1rbkd5Ae1RZ7cIGgyJI S0WtpNmL0YQPXE40W7Z7hKbzZP2qOSuM6je4H1a8GYEuvwcB7w8klL_EH3XU7H0X BVH1eHBUsDUUvb20M05d2dQR TdVvvkX81z0UmgRPA0rdYVSLkOfuVJl0Hy0XmZOY TTYCmhGLjPYoy9_J PaKs7o4NXlhlho5TqKbe8kKQWFyyFc=-G2AAAGRwXmtrh5CkboNDDlzOzcNAD2jBxth5ojRad13bJcgb7pdlraZFTmPkvyoICxRqfUCSJ1x_tXJeEkdDTMIYzIiVtQbN9Yh7LtGCWsJIBkM5huRw-e

http://get.ytddownloader.com/kits/.../YTDSetup-1932282880.exe

http://www.giftchuckleflash.com/wjCCO_6CyzDwMJ9AlJJ iurvJv_J3bjOjVM03sbNr3ipkt1L 7SsMpIYd0kTkryLQ83ao9myU6oNofPKhJK4Rg2b9O7hri4ipT2cfCpO7oxtkc9RcD2jX1Jp2ZQqM2I2C 7wXrirkVXnEL3GM_W9fzENPLLxe8aOqQa IaHSzzEIvLM1Xh0qipNNgS62LZfvNIRj1wUgEtTd8rIZdKfmgq3w4QDKEUwJY_pKjyleKicVQ5lwxPB3HMAF1QO4IQMw2A_o1MDbfK4WI3k TbXKDi 1CqkATVa9iQWcxYHQHt1M 6uEDZC2 J889Ssw4_7O4U_527aSBOlLkuRIIoK6Yu wemqDStcfnUvuM1N_EJ2eRGXdZR7J4_aFaPzQc7ppfJwjbLy353 al6LBjfnrpBPsMyqZhXWZN20tVwI7bMwP3UEPJ16fiFuv 9HTeKcHFB01bvlF_Z26CptsatLuFqlkdl7gBIiIQsrj156JxCynEPyH9RZEieJKS25RllEJi_j3UZ ZwUmXVctrt L9y714_2k0LDtUTQNR9NNaVrPGadbxEDFiTsIuLKBfFp9aS06YRKyS-G1kAAGRsXWvXnk7kOmDYgAOXxLJhkAHtzrbvlPY81yTAL9zN81KORmoRsk70yisI8612uHor5Tgl0tD9dTatONUYis1 tXZz_QGVhJEMhqE4R9I=-e

http://www.cityclearflash.com/NFlCnxtMl3sjUOy7lao0vYn3NciPqnp70CM7vUFN7zl14_c Bdg3LcytZ1X0iQ5Rf6D2WWeDOsHX8tJW3CQtPtV6G1huFw8KAdvXK7DlJchP0qKFF_WbQt7Xii QunlNdRktgVzSabaJt b6VvKQIMuyPlsLTBcjuo9lds6Y86jjxjL3Zfc8Dr MJoc9d0mvheTR0KHDiwIJX_Fw8IIVAOWnAGG8GRgWBNS9Z TTpMF40msoC4G5SQJpu65Ctoj6OU7qFRE rI9fXGn1VRumRisDscrczwRztCfRlcKpvKVIdPcNVOcX6jPyHwv3rmqew4vG1ryzP5ZzL3BkZ8Uz5fDX6rHM_3WvasbadZmySUt_ny8NuCX9FAVDzHYyLGBa8bX7Miax8TDvOG3hxnkUccr6h LDOUaBVIElP0relWOx1EErW4R58 gdbtHrwKQc7yUU85FklRl3V6ve1Rj WVPWGlBTuoQl_Cb5kJr32zZosWXqU6FFTaoxe3OTgAcfwWLKLZ3ChB2mZY5ajUmPKwE4PHnLEA==-G1gAAGRgnq2twW6LAH7YgAOXEtoHGdDubANP1hj6QsO6bvUsFCuDz4k ZQNSvs0JNb9Gvm6xy5n22A_izzr6Eu1TsBWPmQKNiBIMQuEkSrI=-e

http://www.clearheartgift.com/C9a XpiZRhj8yDbgFajVw1oq wByXMpHknuTHoM1Aaml_WpQL3i9o622ba242ax_t06WKdMwDJMrAso9c1KbYXWT2R2b7IlmC6wD1WMlHqwK dTXSUzMUebrkmlFOfTFlfzKP5uZerHziVfvSlQocijfMFSsOe7hZzpJ1LbhZy18EOXcMMfcd97mMOJFyf1gTy3tJqnCeBSVVlniwELw17dL0QC602b01XD6SQrsJwgr9Sf0pTKG lveD6Uflp6V6jcELy8grYcewtlgBUoyYg6SPvVaxCtoMfluypmhESjVX pfTHZ8GG3PMroYmQq1mM0Vmo_phDGCTyMy8h0UuhPT16255ckX8gnuiHya2M5LIf2XiEYqBctBJ3rHlN_u183cFkbJY9F2dPVoQU1aQ8yB3MpPti62banR8UzA1XWUXq79F3UIHYWo1dLxHnJ72bW1GLrA_bJOk0FXvqxOkCDa0tQ7PMm6XjxZLNLVGtbnGE 4kM_9QtIJPg toofcrWsueb a_GBK8Y0rUnx4obl5fbz Cg==-G1gAAGRwXmtrOIDsDhg24MClhPZBBrQ728CTNYa qJvnpRyF4oX4nOiVV5DyrXZUvZV nCqVpD8r JbFxdm2rU1QUXdngkolGZ7nCYriRA==-e

http://get.ytddownloader.com/kits/.../YTDSetup-60696340.exe

blob:http://sd-web.softonic.com/53506ba1-6989-4d1b-9843-0ad3caabac5a

http://www.bitssigncurrent.com/WVl6OTRQVEF6YVNVeVJuSlphVnBzUXpoaE0wSWxNa1owZWpseWJtWkRlbHA1VFVwTVdFRkhSbXBaUlVWR09EQXpiSEkwSlRORUptTTlSbWRRWWxCT1psWmhZa01sTWtadE4yVjRTVGxUVkd4aFYwcFhVR2tsTWtKTGNETTRPRk5aUmlVeVJtVmhUVnBxVGxsaWIyVkVTa3hhVlVOYUpUSkNPRGh1TkhOdVYyOUNKVEpDYURSdVRVRkthR2xNWkRkallVdzRaRlJNT0djMVJucDRWVEZ4VGpaSlJVOXRXbXhuTTNWM05YSm5kRE5yWTBSa1NITnZSM1ZQYUhjMmNGTktaRkV3UmpZNGJtMTZiRzQ1SlRKR2VtOWljelV5ZFRVeVVsRlJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjSE1sTTBFbE1rWWxNa1p6WldOMWNtVXVhVzV1Wkd3dVkyOXRKVEpHUmxJbE1rWjViM1YwZFdKbExXUnZkMjVzYjJGa1pYSXVaWGhsSlROR2MzUWxNMFJPZDNvdFIyaHhMVTF2YTNZMVdqZ3dNR3RCT0VaUkpUSTJaU1V6UkRFME5Ua3dNakV6TmprbVpHOTNibXh2WVdSQmN6MTViM1YwZFdKbExXUnZkMjVzYjJGa1pYSXVaWGhs

http://www.citybulkchuckle.com/qHf7AFIW6EywZ_3l9 SXDWL46O59QSVkoUPVHSXBlJSX4Bfz1rbGEBNw732nD15HwXDnAqqZEzJYTAtflEHLoNt0_pgFLUEofW1DLW1uJi1XsOhECdpNkAqSlYaOq6ksROQjSte_YF8_UMhGhbGCZVFrWQbd5yM5psWTOMkHhth8EPW5AKo6zR0qxJICFWMA3I1VRILi6e3xn_8xoBNO1guwPL1fSZY0wJP0Gkm2 vajbfrfEFdHonSfiqBbCGGV84Hpn0gAhyfr_Bok Xr7OpKq7T0fc_afhHaKXNhP7SV1PQJYC7KcMesCYg9ZoTfJ8q5xetRbo1qTPvqr6JhVWk3GXt0pfwRBO7QXwT Hl59PS02iQD bxzfy45u6Nkq35DdbqN85BaEcsdEwZ9JAkcKO2sntmOLyzl 7T_YTKoGjJMe40 fV ulJeAQeh6wtIrTdrubyuDbJGoVjkhrlJlqqpwnMJgrY M7WGXbFC03Ix5LvpOdcnKCTjwPw00QbqHVI9Y5xP6VYwHuVnSs pZP9cL7yRQ==-G1gAAGRgnq2tGc1s9g8bcOBSQvsgA9qdbeDJGkNfaNy2vVmEogTwOdG3akHKt72g9t_K9yO6WaFiW3z G7 0der qGYIeqAVUYJmEZbBUQo=-e

http://www.bitsfarmclean.com/Mmx_AYw3wRVd tKsUJ7lXg2vnyHtQH8rdJjeFTVEMnlAchGTHssTiulhHbB zqexW35Jn1I0ohaIeVnkYJ9Jwl7JJ6whRRI_ZDDrCQOsfmf1xofqCHZA5lxuSuxu9XW974oaHMfIN46YezZj9KHJqldNqGFFEEOto1oc0IwLNaqcawR sOhIyUXzGUNSlk6EzLOxsQYvpnJQtI2KjbqqTsH8a4W2Sg==-G2AAAGRgnq2tCe7UQXDIgcu5eRjoAS3YGDtPlEabns_rEuQNzcdxdtsilzn8e3YgFjDU_g5KnlD_7eXHU9THzsFw8D9Xj081ZER41X77AXoRJWgWoRCcZAE=

http://www.clearheartgift.com/D9XZIofgiqSPASJ1GCdZkukUbXEk2tQTH8SQFUZQ7GbY6ueDpL8CRYssaCRG0EQUlUUpwWIoTxqm4UkFJCiJItyFkeG G2xxtr2u5xcoJAioNLDgFdGxgWE7B3A2COx_trnK8GI10lCh6gDCOfOuqT5RpwquQL1zH_ZN XDxG15RQ5QXglQCLh7v_1Zorka1vqV44aB6fBwb0npt Vq_Dh1S7ZTBdCVGdDVyidK4OFbKwdoR4clgZWb_DMcVq8lk8AnySdztHuU _P_UEmVkwiD8CYWG6yUD7RiQRwweHCrYeNpKEkZMYM7AbTmlJeFu5Y_LRkqTvMOtMo3ZPmthqmyIMCY_LdscKdYjghZdVFmrUAnGeZb0VkdNv0u3rNiFZ ktFAGrk2IhMn4kF_u 2tTY1sohR ZIcJi4tPEQY8ciyYVbLq5rUpaF8u_3e5lGSTaKSE50Lg1DcfYJjCvP7qvrg_jU_O0p9FU694LaKZfw9_anjwl2_M4NTE64j_PmSsjtqVUwfaXdsRpTH1a0smY7XsND_w==-G1gAAGRgnq2twW70RdiAA5cS2gcZ0O5sA0_WGPpC _V6m85CsTL4nOhnmEHKd35C83 WX28xH_V2N 6gfUM SYYyN68IiR8wiyhB0wTL4iQJ-e

http://www.quickcontentbundle.com/amxQA2Rs_uNU7pYBdpkStIrCJV5p5AofvUZa31FzoYAs8Hxilb_3ht_ b8cpzAMra3c9ac upyC2GiDC Z aZJi qFDEWC6kmdP1uT5FXTnTEO3ymobIbfbk_roAvxI1o5Tv8L5s odGQuxdKKq9ewlE7HSof8AJy4lrZdEUUOjP7vUUkiz255rTP22lghyRceVL lxGy UBwgnE8KYff iFr3FBBfvV8dKg4 1_Yft9wMZAoEngfw5tfDUSaImAd0UpRy4KB8avdv7jCkGBtanB_HbNd4P6vHgSVWIQ5SEChdJM NpamwP4wyiHCxFIOvamF8fRCku5VyIMNyAiyzjd2LMrDmLcUexyvV561pdrMQZUQzLBru_erbBudMwt3wUoXbCOUAfDODz00X1djg4AS_hP7WLg4B8ApHa5 P_lzNGFHD1datTjI3FUZfX9dUz3YMh iRv58dbx485rD8gsi0sDW_SPlFOCIDTVTH5j7h4JdGZWVwuuF0QUH4zR5dt qt73cxmYZgMv5BcnVoLJOp kDg==-G1gAAGRgnq2tCerGb9iAA5cS2gcZ0O5sA0_WGPpC83Gc3SYUK4PPib6bHqR8 wfU_3r5 RKt7qVShR_vgfPP1nc5pp4zfoFeRAkGQQgaRzA=-e

http://ytd-video-downloader-free.hu.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaKPoaOjkpo=

http://ytd-video-downloader-free.el.softonic.com/start-download/.../48eaf06d5425566eb46c374a15fe3c47

http://ytd-video-downloader-free.ar.softonic.com/start-download/.../ae1227a4eaba1fd503bb414ce3f9f20f

http://www.giftchuckleflash.com/i3xXk82lugYB1317g8kQ0UYrp 5TUzB1XTb4Ga7 eMHHlG8gnozqOcHfRyzbZpWvBPwdRhdbrcnY0tAHFA7wKsq_hEnDzPoyZKxT8OT6lnddw5mLkoC03T5v4bguiZ IVAqLPx4eU2eQBLQjv L_mJDwfsZKNU8SavPU6kDT91_rdqw4PN97_GifPiu6D4azd33eWR5GVxNkURbs6Q78nQGYY5iMnkZHON8lIUUc4b0Yv5zEhXKNndoG2A3CCEGLEMWjOFSmPu2klXU2a9efbKf60Cgcj fKfBkfETbHQp99jCLsAj1OxWnndtOGB8zcCImXUh84ccolpeCHg 6_lP_FRx64L DCuzX28JBjoYAK1EdwEWwzUAcuPofQ8dEOU3gkeFZdLcJcXc3ybseQ7L7ck01Bd4clPRoPc GKpdDj3xOX0qd5xjdTeab2s9rQhb3Ebtd4aBAZzNEyUrMPWgSRk0sGwIo75P5_U0byD72RSfnI052hA7X8N1Wn2SXnyAnDYaQ0Sgh2jfn0JgIh6tpX0MkqVnE7c83EZ32a8oSo8_SqRo68VhvLGhb9OQBakUqZOc15-G1kAAGRwXmtv05mEJmSAsAEHLollwyAD2p1t3yntea5JgF_YzfNSjkZaAVoneuUVwHyrHVZvJR nGBlPXmdWUTjvnQoM_QunnTVUJRJWoDFHMxwL-e

http://get.ytddownloader.com/kits/.../YTDSetup-2136136755.exe

http://get.ytddownloader.com/kits/.../YTDSetup-1215842847.exe

http://d1vdt3k7hski9t.cloudfront.net/kits/.../YTDSetup.exe

http://get.ytddownloader.com/kits/.../YTDSetup-1569204786.exe

http://ytd-video-downloader-free.th.softonic.com/start-download/.../3a7dddb43f65644911116d824f56ec5e

http://www.youtubedownloadersite.com/installers/.../YTDSetup.exe

http://gsf-cf.softonic.com/d1f/be2/.../YTDSetup.exe

http://www.giftchuckleflash.com/WVl6OTRQVlpLTVVoS2JHbFhXbkZUYmpOa1FuQkphVzk2YVdOUWEwbGxjbmQ1TlZjNVptOVdNRkp4ZGtsamRsVWxNMFFtWXoxc2VGcGFSRWxHYkd4UVdIa2xNa1l5TmpacFVFTnNhVm8zVGpOWE0xaEpiRlpqTlhBMk0zcEtKVEpDVGxsSFUxQXdXU1V5Um1zek5XTnJPSEF3SlRKR1IzUjZXV3hqWlhSbGFFeGlXU1V5UWtkQlV6WlNPR1kySlRKR2JIZEZkSFZNZFRRd01WQnNUbGt5ZGxsTk16Rm9RVk42VlVGNVptVlplR2dsTWtaUVFUUmhabVZTVW01a1JFRlllSHBFUVdZbE1rWWxNa1pVZDJ0eFRXTjNUalI2U21SeGMyUkZlVkVsTTBRbE0wUW1aVDB3Sm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3Y3lVelFTVXlSaVV5Um5ObFkzVnlaUzVwYm01dlpHd3VZMjl0SlRKR1JsSWxNa1o1YjNWMGRXSmxMV1J2ZDI1c2IyRmtaWEl1WlhobEpUTkdjM1FsTTBSdWNUWmxiV1JRWjNwdVMxZHNVM2xFZHpCcVIzcG5KVEkyWlNVelJERTBOalU1TWpVMk5UTW1aRzkzYm14dllXUkJjejE1YjNWMGRXSmxMV1J2ZDI1c2IyRmtaWEl1WlhobA==

http://www.ytddownloader.com/.../YTDSetup.exe

http://ytd-video-downloader-free.tr.softonic.com/start-download/.../7a9910daf8d64ef134d065b2b474d7f1

Latest 30 of 83 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 14.d7.24ae.ip4.static.sl-reverse.com (174.36.215.20:80)

TCP (HTTP):

Connects to server-52-85-33-211.mnl50.r.cloudfront.net (52.85.33.211:80)

TCP (HTTP):

Connects to hosted-by.leaseweb.com (95.211.187.107:80)

Remove ytdsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.