» ytdsetup.exe
Overview
Analysis
File Details
Downloads (54)
Network (2)

ytdsetup.exe

YTD Video Downloader

GreenTree Applications srl

The application ytdsetup.exe by GreenTree Applications srl has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.grabupdateshare.com and multiple other hosts. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.

File name:

ytdsetup.exe

Publisher:

GreenTree Applications srl (signed and verified)

Product:

YTD Video Downloader

Version:

4.9

MD5:

f4b5a8df2bcaf8730dc0eb022960dcda

SHA-1:

3c78d702d9d6645131b3aaf503c5c13999625455

SHA-256:

d01218da182e971c907159d5fa3136d6233e94bdfcc6e0924d75527681e418f0

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

This is part of a Greentree bundled installer, which includes various adware, toolbars and co-bundled potentially unwanted apps pushed to the user upon setup.

Analysis date:

11/2/2024 1:37:48 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

2014.9-150614

AVG

Downloader

2016.0.3079

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

19644

Dr.Web

Adware.Downware.10873

9.0.1.0165

ESET NOD32

Win32/Bundled.Toolbar.Ask.G potentially unsafe application

9.7.0.302.0

Fortinet FortiGate

Riskware/Ask

6/14/2015

G Data

Win32.Adware.Spigot

15.6.24

IKARUS anti.virus

PUA.BrowserSafeGuard

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13504

Kaspersky

not-a-virus:AdWare.MSIL.RocketTab

14.0.0.1888

Malwarebytes

PUP.Optional.Spigot

v2015.06.14.08

McAfee

Artemis!C0841F98FF22

5600.6735

NANO AntiVirus

Trojan.Win32.Downware.ctuoeb

0.28.0.59048

Panda Antivirus

Trj/Chgt.E

15.06.14.08

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Quick Heal

AdWare.MSIL.g6 (Not a Virus)

6.15.14.00

Reason Heuristics

Win32.Generic.Installer.Meta

15.6.14.8

Rising Antivirus

PE:Trojan.Win32.Generic.172F5263!388977251

23.00.65.15612

Trend Micro House Call

TROJ_GEN.R047H07HS14

7.2.165

Vba32 AntiVirus

AdWare.MSIL.RocketTab

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

31108

Zillya! Antivirus

Adware.RocketTab.Win32.32

2.0.0.1936

File size:

9.7 MB (10,178,496 bytes)

Product version:

4.9.0.3

Original file name:

Uninstall.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ytdsetup.exe

Digital Signature

Signed by:

GreenTree Applications srl

Authority:

Starfield Technologies, Inc.

Valid from:

2/17/2015 3:55:38 PM

Valid to:

11/18/2015 4:32:14 PM

Subject:

CN=GreenTree Applications srl, O=GreenTree Applications srl, L=Bucuresti, C=RO

Issuer:

CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00C427DA8891A2EF29

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:0Qqu5b1KOX+Km5qQzfDpdqaicfwi2rcWVWdeDCY:0s5p3+Km5qQv7qyJqaVY

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file ytdsetup.exe has been seen being distributed by the following 50 URLs.

http://www.grabupdateshare.com/5SEAfKjDDfcqkHohbzS2rCwJgkQ1mxrR8LaTbcoaztSHC8K_i1cmtIo9OLL4BfdLaVA_i1FmnUOiG32ErUoe_YgZygo22z6h9Aor4nYOmXgM0MYVWWVAH5pbbHTIcyF3h4xLXRrTuDLb0wTj4NuG9BP00uLCCykI4xUdmDRNvHJYlvxIQl8YPAz38dXxyORyHMEV6obwnZEmuTkUVL4lQ44QN_oAxrSRyY6BhU95NC9l8cBamsunFRW15od B LbG1pgdHaM7AD_YD42VkC5K3lQ2ZWCELWA7yDJMWuMCShFjIBMEeVlCYk8YR74lx39lMX5zWH8SIel6srhuJXg_CyFBFRLEggJyQeAtTrJiRPytyOSmSJ21MfxMlWnMIk8XMsMy2PIzIpZDNge0JIhrLKCjp8mBzXGsJ3MOHAJbkC7hpg3hn8F6c rcF2fgQU_GpMhNRitCLWCOqbCKKzAyUazUSjDprV6HXtZjB0ExJG7DMyl6eUcULhEQA jEGgLJN_Bd1q3WVDkrtbw838HPPALEApxc_bOv3XB5C V5uAXl07OBcKyX9EWkOYauB8pyF4YmNVTviBsHl0WROhcpvVWby1n1Tqjb18fQ5unMB9Srnghq02l9xyTXpvaBA1Vx7tU55qpyQkJ6ss9C1RdgrWHk0Mxb0c_UmB1PzumAG0L d_r7OUFn5L7Jl_mlX8OrJU0d3y4u35YiNRAQB5Tk0l3E1jInukCKfAgzqe71cFdXv1yf_g5xlUmFbqsK yc7C1QL9Q6-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e

http://www.grabupdateshare.com/c?x=CvFERCy5sj4xbh08SQXuQJ7Lvl8Ef9nCmqEcHWOmYaY=&c=QrfIgDuAgoijCs5uo7279oS9hjyMXN3GiljJGt0Zz020SpOMGaOcgWwHeAn0q8fPX8LlqAIQqKGmD tGg2FfZamMXLaxKoYLadOo7f9wBmIalYfVrIr/PLdmV7L5H0rP&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://get.ytddownloader.com/kits/.../YTDSetup-69555200.exe

http://www.grabupdateshare.com/UMbc5 DUzwP7FPujKG3brpvumHN32aG4Y65jdgF5TzcazOsCNi_L5JmEeQ4j_P2DW CCYvNyq5XDUzs BgbD9_dCepWICcmWZfuQztGqBqShTVw2F4qe9gbk0UJClW_272IGwpen2nG8i3Bb6v cLG58dJOjOQFImrhp Sn8vLdFyGLswQSPnOEnfJktXdrE3a8WbeWmCh4aUpYl18c7uY2Qm CJi5i Dz_qx1Xt5us17AS7kCmGYnC9dNpz2i86Jx1ma8mLPJle4z_kX0N66OvyBbSqvsXG_saa6exE0zj6hfWror1SlOnZ6X37tfk wzPiODRUaSz06tgIT_zNDnQNvmzOy7GiL83dOq PwYQFaPZLlJEJMfch8NqhMA0glbQUE_nWwXN5z0cyDjhmLo71oHSKkUMqSoe133EgPri 5Cade_EbE3tRfLOourHMbrtWglfp2lfj2nA5lfH8p40uZNaE6KTCIXtBJtlYfV6dvEgvNvdYaAgAe4iwvXziaYO5VA9_ecL6KWmBkDiXManQh2yMZoFCFhTp_Ao9URyOc_ruHtUoLN_ffdY2Dn WLzhO rX9Zmc1sU_1GxUvtmj5DdNjyOlmlWuI6Xu d3yrdgcwlySMbvf NQsi7jHBiYejdyuGARuRJtxyocfVjUNJeAHRjh2xiw_r cQOZLykNMqRKwMR3wddI6lyfiMWp4U_bDI_auEP40b9MCL1q3Wzx5mvDgX1EdGfv0vveyhfrtME8pQ=-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==

http://download4.freefiles-12.de/software/s50706/d23426/23/.../YTDInstaller.exe

http://www.grabupdateshare.com/DJTp_mvnyrkFjuYmS6inkH3mdscZzDlLJwHzaVuJuv4q9t49x58akr2rNQy00Ts9jgtLgwOOmIA0Vf0QRbXdIzUt0aAJ Fg3piV7NmYI9FwggQmztARbog9JuASlKFh80LCwJNdNNHk2jYIo_hPyAqxmn9868VBXr7KlJnACWMthphO_74OoG9cHt89_HGVKMLpUEyfwJX6QW2aZUWOlKFv6Gwu3kzEzZj6SG_aWulGhGrIB Eert7MQCBQ bq371rHpOIf5snrH2P7qrwOgF8g_qG4fhUdMcEHLIGIST86FjtfHwaPDEmRmwexnb6FT6nnsNObyBTVHUC6k C24M4JY81iKXrnZX63LiHGg1rfOlFmF zuScwC5JCFLd0vXIUFrkcxeTVIJcwrCA4A1fU5EBHPhkQ1kvgfaYcNN79I5VjyQT78z63itEZBKWGQhlcvLHTKCZ8U8BMk1NIi0TmVsn_Zei59en5ZYCRLiEvLUzYzUusBOAivKL48FcUoaLK6O4md7jaeYY417LqVX7hD4s1_UrIt_duV3JQnX RqSLtz1WLyShuvDw6vU2Asvf98rwmWKTWOJh8Kxp0dTulXlnYeP1z93eo_rHidsmmPDoiJOXWQ3K3 1jqoxL9Tutdy6NTu9aUyLuaV1BYEevqB4Lz8upCXsfDv3CDV32clx7k7mI7weWzopSyyvPhqIciQLE9F6whLJE_FGsT9lz BddH0E3A==-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e?EsetProtoscanCtx=d39db85f30

http://www.grabupdateshare.com/Igasru 7LdglkxL1em842JqBGuqc2XfwHKph8goeJh8I_Nv YPEjoZNbEsPECJkPP99IbjgtMiO7Xf2XlJFiP9P0MtbuoVum4_Vlyxh7GelIk_OGshirisKzGqc6MX2_WlbFe7zCz7eo4KBweGIKLkvuPnp_icifdSiBtl8Wv1xT8dSscszklpjP7v46mfr0V0Vo04y5V0O89fjeHi5uasXAYdl OWeODCwS013BYwbM62LvUZs2Y22sZLNZ2gUbvnL6GYCWCMs0 2_BRwTe54xluN46__QHvcx0xqzo9RuKQKx_hi _2c_7HPK5Qj7rSmYv Ph4Pbao0 rPY8V_cqBHxNi1bJ8hT_FTUOrCwcUq3O0y2w0AZ9mM8mtAaJoQxpWGT9vxY5x3jgDPOrgEQQPfdPy5E5TWe0UEW7ZlF1dHLxDziJcPkZfXhMgUmSz5EatAZr97lzPNcsnS9iNAvOSbB85VtVjp4UEFd02OHowI1y6r2GIq_h4dxW0w7Da3LWiFuqVDHtPnEb7VhOOWXDpAl4w87DtBRRQq5qQkKBIGWy2u4HAbZc9suxvl8MSY8w2y87s7J 1ttd DWScCEFAu4XAxmJgu1sHKagOpU0H8ihOZf1MoI6GKkPVJFJnGk1v41UfcC7Tp7 lSDVOQAXLWpHYZjYgmYCsSNBtVU74Yvpna3sUabPbQE3MX046gBC1zKUR3zfk0y62Qm3 TpB2A_E80KkCsMwhy4Fi8Qu1lHAisXUA=-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e

http://www.grabupdateshare.com/hq99Tz_3ShyNvIQuXkUmtwuQWh152lbA4oYMIqmq3lSx7VqIQqW8f1D359RyjGjR5C40sd7sOFJQWw0sUjXfUilyT47AwbYdUFmDiCuC18yxWSbvEZYk5YrZ4CEyBcGqnr1mt2vmv1k8SeG7xqjN42HM7eJ6tQ5ZD8dzCMkLg2exlK0Eskvp9KQhmWHnkmmJRiGhetbGiPHpsP7qpofrfROOHpbzZprHa0a1cvQzFoR5LKg14bPHfqjALOjr4UnS0rwOZsghyxo0 OKWGrgbDXfooKwIqfMyDIcIEuw1sImR8DlZ61WG2RXU_wC00Zm8fj14uiKpwEaiQBUMWbSR3 NTH8Iy2mGip2dso752wUZN79BXq2bTiZVybBbfUeO7Tas2QoajBE_sAZGW73RuTc24yn_K6vlydjkWretgUpGCV_U6eH3nFt_NOw3JybP17nlkTMEoc9joFFcjHDUH7eJ6oozAZ14n8C4B9T7cPkTKz5ADJblPJOBlA36RRKPCTkfGTnqbCftTCTqIt12Nd mIkAhegypOGJqSSZAdiQIqKMfyz26doflujREjpNN8o3uKTS3c0lOf20ufUPeo7aLKGvQRXDWCuqEGlBcs8hCm0E1llM4OLlsck4 g1hUAu0J0ggA7aGE57qeS4rC6FqI_fgEv2Ds1hkrNjTq hrmqB3Gb9JklyHgaVTI4P2mT8gjdoPNizsxP4mo_aIghl1Ka7Nbk_A==-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e

http://www.grabupdateshare.com/Eyxq2P8R17lTYLNg1lgSlw0LaswbeDBIphy78L3SunGIf2VcuWFbNLa3Y emu76H2njIfjdcjN8YS2FsZHEN5kK9YBJehnEBCaNv1cNuqbnQ_HSTM7DTnt98bKS3U24bwpX76mRFPI1Wr6SSf2DHkQaBSb0l8no3SOmr8qVXNjN5_hcNflgSgHdRRzYDYZUnPiUGlei45TeLLuscNUODUgFRlWW4RIxbRS9kfxh2TQR_AuXdo wtjihNO7fJG70CqI41uEMiDdIBtHXMRRfj9 Yo1B8fm4WnkVb89ZResViTwCWAHfeUnT 508MGdECk8LE Kar6PRxXIQU5dA_HVlBNz_SYO9HN5gybG6NFf_3 c1msv0rp4ttV91DDhiQ2gYx7_s0tXlGrkCTqvfE9U9kMzLgOtnSytVMfkuVyyWfyvanv6aI26UtPFV0RO_Lgf60IYthMbvfLuNRUQ_HrAWGbtIKn_FFExHrh4suqqsmflDQBgaDDvx OAYYHHHdGLOPY02cOnKhr2dWnP_DaV2sXRYxNvztvKEWdFcKSLZ2CEsd2055z50BVt0H4i t ZgK23Kcqs6gCuT JRSWc5kIfkOa04tOJNVBg4uzZFbffgHiEZ9wV_7 nr45CtPjsRtRcmBOJb11lMJ6VENQ7b2 8LFm1rnDbgB4Ndq9HIlr7SEnOwgFGaZ5IAGKGy1xvnAo5KmqLIqzDeRikHg5o1VZl82afLnIE6OzXfX7J2XOEnMsv9t4=-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e

http://www.grabupdateshare.com/swQaRPqCdCkxDj6VgPzE_mGWipnmUeJMnf5tbJuPCqAwHWlJhli_ynRl IjS7HJ_8AKHkB4nSePcE9qfE9IAxSmOBzOUsubs8a2_YCySW8IyMqoDGD1xIoSQMHMrVDnid_NGZDJw03CvJU3ZX3qNyK1uWo94_0sQUsMFzAKYtbrDO7iyO3OEbxQ8wiNnqlE3mI56YDjW6hElgIC0MLECHZMJ_Snj4SOLeYJ9dzidZmH06MtN_4FTQrI5G FoRO9FNeAKyQUIFORxkoZESjRURnog C9t5ilastewcStKeHbHBQxUvh9pNoKQsLQyOVIZjfbUhKP0 j1OqKmz_plIT3zjTVQl6wdqrcRXFE3Ijq24aFFZ85gG10tTHIvdoTlw9IpxqK6yjnIjZBDrXnWLK92jPlbXauA9kHrtI80jQloolhyPv8EZtWriMaO_ _8Hn2EjpgGBJYCpzacCbVHEgN1 qOPfNzchPwEcO6bNZu79PdstKw EM4LpFf2S_Z3 _aOFuMlKXEjcXbwEzj881xCI58apiwYEfFouEtjJe57UXgrJHw7N1zbERLFgAc3yJDNUyY04e8nxeNvJmQ26QSraDt9Ws7tnBrUVUrDkRongMQzgQnwaBu8Krd7WOiSbDRWZahw9KkZHNuUGTcrneNmUhLxTLpGAlQe2 JvBqX2rbCZzbKXVYjgHm05NZVvQr7zZwRTOfumQqXgwNvF30mn1Zf fpA==-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e

http://www.grabupdateshare.com/HSEr84GllbPKV63mwacxnjpMwpwHmZZ86qUOmxZE2IZ6AEW_RCOlIr611qGMztBVZmmSwHKQ9sN5Zb11jtMgSdlgEONy_NRQ9Whwin7BXei8CeLb5mwRbtvNS7kFjc7tx34nI0QDXYunrSHNHlWHNFR8O9znF9INsbg5x QkCFMdshqXL4rn_ANUiIh6TXq6RG l7n1qnZ_cy zV9_JJeDcP78t jcbVQIu_OpVZmyVgZ_Onx0jZNJ6x4_Zjv_oU2z8BRlLt5FDb2rwqEjPC_M7mlmJ3DKkLoqlHLpsHeIK2gsSKe0kzqhrOd3FEMbaWn6cZlhfK30Husqc0H529faWDxBK1 EB2EtKi0JOaeRxV ch4AkyxNWds7yFNZJ 6hadJAajit93ELZ3ca meuz_6Q4ENNukp6VrogN9r79dAbEhf1pOV4qhXXew8jGR4dlmh4c1zcxz2YxyTH_Xdl5V_DmRgJNxy N twgXsm4YfdWjhcQIDcDLjf7GzehpQHbXP8bJFtTymmhhEbgQE93YL1pVRJysaV5iXHULqhXL0pitOL 4Q_SQmYIrAzMBdonxSuwvafpl7AZTgOCwpM0DFcHHYR6Q YeEcOxw5jhbpVktUV2tvUrU1FK eUbn8JkDkoRFkTMK6x_2L5kpBbRX_IHKp7QZr66iGQLQ 7tTst65GDJX K8rj7YS8y4BofRy7st-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==

http://get.ytddownloader.com/kits/.../YTDSetup-526539171.exe

http://www.grabupdateshare.com/ii tfAxscE3_4CAWrGHqh7l3AdTcGHbdl9GUSQmCxy2nRN10rGH1_hy6KoTddTKMpRgo7b9B8MJIw0rF2tpMAoZ89VIFWynj6L85w7Cs2hXkhYgHH8zm5dMfFv4F6z38vS43TXzwXlJpzEud3edIQ gKDnxb8IF9FkuhwxMvZz7tx3A9wPBZGRcEpndfWCSbGLrCEf8eqsTHle4CESDcZ1LReXVLx3UNVNcsc1MpxMxSDHUp6XHMgLtOercFpXWQBibG4boHkq bq6YD31eDchTB06S zbhb4WDPQT G1Bt7EQOeZhwhF3TUP9cKRDBwulTCiAswKCxta5c8dt8wsLEg7idqohK9rco878DnbhglHWepTTPEjmbAlfdeNIfXbKKRH7VbnXr7UvogoFNJxIEZNhC2noC9rFRQKPspdLmaD2dgCcZqW4rCoYKQ9dAcGnKBk9paBxS7dt1_W2z3lUDkFZ 9IXmRaDffCScQCCy bLWRrUm4tXj7vweKOWGWQqf3QstFVHnahqv8rTZkBsOYSwANDWhLLnWj5 6GIpfkThpN9Jd81MItiKeDorbQIMerU1mvPYgVwHOG6 c50_FI3_HobDwYNvb0rXGWLNJa0eDI6ZZWznXrmj3DvHFkFSyWYMIGuXmk89VqB9j1Sfr75B3ELrywioYyJ6ayQJq5ym L0jEkFKYsox7iUV2XSsvdQjkhV2YQGJp_2qZWZw2PXlRd0w==-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==?EsetProtoscanCtx=ad16918

http://www.tourbodycontent.com/c?x=wOZbFANxNsTNy5cv0RUwS4iuIqsz5SxvFJ6rrxr1cng=&c=6Ah5JkbN3v/ItW5khCDNDZVQ/o4mEvSBkpx/P1LS3bQfCUd2oVCQ2AOx4cn/k2syJ3iGdR3Y1IKXB6DOlWKZKpFpqLd9ZiDyK hITn3YbaYq Z9m6r6cDMxr0x0BPlvL&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.grabupdateshare.com/Kkta6irkx2LrdefJlISG7yLI80VbV1mPYCvsvHMT8Fe_oy_zTnQoNFH1RNPjcbJObG4t04aOEmML2dNhINZqLUKxUDiitbUroPGkH SDHiEkdG1RUY4CgGy qipqsLUCWTftpDqgAzL_qVh9HsAclPOFqRaAtnnUIrk4KFeouGFdnUjGLDRH 8Ynm9hAYfoTeVTgO5excq9giEcTyQlOetZlfV6o68EWhg_2HvNxKSCArzIsgNLahQTK_91151N1CGzLfQdD7SM6eazwamppyVBH0JmdruSXlPPUiEC4kqGGtLtj1Q3h ICqOHwKdKg_qx5RFzFMMAAlx8j7IR5cYaNM_ejZICjemjHd L7RjA5OLoMpjRDMcM_8oUZxgIj5E_kRIApGJNAfiiM7YWtDIjZtJEafqQI rE0TlMfgBVfZDQDuEEu5pXC_j KPnUqIiVssl3mOBEst5DtDibPOU4OKXvNpfFEY8nvcUtVS9ZTItXiwR 5mlAuahPhkjbhT10r1I5itq dc0Pnw0MOawUluqNXjzNmC_jtT8T1hlaomErl_cVro6OPpeEGGB4dkLFu6SVa8BU9apTCkV evME4y C4oOQ828_4p9HpraQC0vexCFDN6alHoMWXPZdT8vAoY_vtXuPOMCpc3Lo9LEygGGg618ufHJpZ6O5PbmkfQCa6SFTh6mc1f6pxmv95fZsblrGSmarKFvZNbJmoncB4q8JCgaA==-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==-e

http://www.grabupdateshare.com/c?x=uhUTGUin0KGqzDLZDjxCsgrWB1ZQCXPaVDbn3dNhGb4=&c=/RZee7uJRJf dIMV1GNqW ZaYB kXIgL78idL wNRup/73/YzHtORXp8nIwinR2lAz8K Cgu62S1TCc6QHUD4532iviFvYKBkKN1kHa9Fq9vxXhooUPBB9QHDrNpYbGO&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.grabupdateshare.com/c?x=RfE1T SBf xpeJLJjz6fu3PLE59AvkeXFIfuNXubLU8=&c=O8VEO9E8qVBKZmBIEz2HMjmHIVaAxIlwIXfed9EJ1bmiSmvvET9pm3A3xngDHYLdfm cpMKVBZDf12Wb3B0iZvZAqJb95Yl4wJZKrSrlPb9WLVh8VFpXjnql1NJ1ssHk&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://dl.fileeagle.com/files/2015/.../YTDInstaller.exe

http://get.ytddownloader.com/kits/.../YTDSetup-1368973318.exe

http://www.grabupdateshare.com/plYFNzeXhtp_ix9ILlJJwlYOXoAKw8wfbRC1 o0yYco4Ppg71kfQpYckhIqr7a Q3ulM5YF4EDsGa2cOADxruPV8wqapbSkPzF_emdYOQRPQx5HrGTEz aIuDThDuaXzvP56ENf4x0d97l4nNMRYHLc08xIYYnjx9txUcw_VQ0Y8H asZsS3RqtaK8iGFYioEi3N7cmR1Ub0ynOh4wI KnJ4D94pdE2gTFfNnc1iH5z183nJlXQCYcdHvxWFGk5WkXxi1k7fPukQ2PbcigAsDBeEskxlT8iDtKcUD33E H9xWQE2mq sT5CMUfRcPtl0sfsBVvSkTzBKPUlM9Qb6e AHgPqlC3TpxHkcmiFfbCLkxLmkFksgKGrmQ93mtewY43mYixtPy68MwtXhSVI_ZehwvQyOFex4yXIC87DZ0KEHLXuv9GduGIPgBGAsVYQI_SpGB1nxems62VupyCTTGmybuRsG ppgXjlnOb3UzmphVprnLXwhIV487BY53BnoBlpmNFK5h JiRq29C_ozLx0K6UaGQKyts_Ydaubatg5UvKyxmBwQSqyeN7rK7LtwIHO8wiLJjRLLt261rlLv7tBD Iq5KAdJIFvjfdbXqlL68ZmGraAVr3GJWT79r YY5GzSV3dmkXilxwqMlyhP2J236UNfpA4ZLriz _rR_z_1NdiGYvoAw4kP3lyisTucBETYD5D6AcO1ZB8K2usapJlLVgl_dA==-GzkAAMTPGx_b_TYTiqIr r2ATXBswCEHDt9BEs0CwnrrPJA3hig0 4d6wXT5Q62bKySRLm3UndoHhzCBw==

http://www.grabupdateshare.com/c?x=PxtZkBxfj6x1OuRCuOgpwcuFhoScuwuBrI gLBlgLp0=&c=Abfyu2Q5/imKFbf1kXrvI9gfOQFZzpEemqyikUpCzy8ll3C fSnYXc64QJasxfYmtERQhcFgvjRirUDUSNv05VtcFXn8KbxC4ZuG8e5LtMTuLrj7nplUAjEkhD1CsgKNELozxBP/HJ2ON6yiAtDBnA==&e=0&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.safeapplicationsfun.com/c?x=UJcUoUbYR0EglHa bDKDQwTcNWPBU4ZzMtrgkPJwbHY=&c=OCisxMvmyNJMVUptAfRM9go1uosVgLHE MrfXqggHFhfA6SHJNl4awMK0UnPK4Tzkg0zYIRV1PBj3iIXwrFj2bh3iQe9mHpSQpyvzr8t5NrJTaeaHx Pfl OxXUuUNvVA8tTHFvYmPmD8s9aUObw w==&e=0&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://global-shared-files-lw.softonic.com/3c7/8d7/.../YTDInstaller.exe

http://download.youtubedownloadersite.com/.../YTDSetup.exe

http://www.grabupdateshare.com/c?x=2glgSjNxAUtKH9WCoYEXdEmnvFuoTiM5wEDIhD9n/ 0=&c=2eHEPp5KYxGIPcXtlt3Omrr8bAYux0mBkJYne/eAF2Kdhb2eJB/fd2 MRymIln9k0enair 9ce6Z5UYSv6VvpweWOwFSTa/8Jw7Dj24W2HJeWpWcOlUStBeTESt7soUo&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.todaycapitalconcepts.com/c?x=xMpfeDD6jb/CVMmidShwKYmddqGciN6EhcWiiPQHlXs=&c=G7a75vViFacKokKA23WXs8L4yS8w7zejH6ljsyRbr0vyV2GkDe80LN8DNPBvkUQqzWkS1saM/s81vsdJqspUuY2oYtfB87kSLNmfgZfzTGF9KbDMgu8HwBt77DspNJP6&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.giftpresentsign.com/c?x=LPFMSY/b /Y6c9c OjKzdPmATOPwn2BqwOUQOO2ZNfk=&c=mRcdjpxpd4cGPzYyRk5PYQ9UWuJBAvOVVYyyBVx lWsphm6VlmgZIeUmGRcETxpMwAe10Fwuaz357z6eF380pvPLvBKR03n/Z297vXaJStGYT1dyf6TduiJqmdBqU4mT&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.safeapplicationsfun.com/c?x= tWOzSx gfEL2n ahjRyYQKBgfWPngZaO6/RnDBPlNk=&c=717utI 6kVMWhbrAt kPujFh6gWhqbr0pisjmuz27Yb862bxkE2pttaT3RxUVLbvXcP8yDEBgZGLIVjsZRRGg1Xy1fPs2fIeGNJPUTTk0U5Joz0caNk8mejupSUOB0 X&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.tourbodycontent.com/c?x=/wcxLPO4RGS9WufCP7042A/WMau/C1uuZzGR3FI0 Xw=&c=pHMP BLPPMpLqSc9KsNhSNMdND8FtFGbr J R6UBOLbe0xCLQjs6xNwtC0QJHcEHRa/Ta7z wtuU1ISOXL1vSrnPgK83OInookfNFSjKoo2jw0ErBq/OrcTU7ajzbSyV&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

http://www.safemegachuckle.com/c?x=eAQ3la1KMdm RsbdB5hhDXyQVlQ/vyI9gT13pcV6Bxo=&c=AolWwLtin4R5i2JBp/x7WnlrTHrSs8Fve9kdaORYeM7DtRdFEXeuyH3PAHurPxlTc0bArY5qbIHuNcxf7PtWjHLV9ctA6stORC6KNayVkSqTXbR0H6mEmzRunerLZPd7&downloadAs=YouTube Downloader Downloader - JalanTikus.exe&fallback_url=http://files.jalantikus.com/dde/272/.../YTDInstaller.exe

Latest 30 of 54 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hosted-by.leaseweb.com (95.211.187.107:80)

TCP (HTTP):

Connects to www.youtubedownloadersite.com (95.211.187.90:80)

Remove ytdsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.