ytdsetup.exe

YTD Video Downloader

GreenTree Applications srl

The application ytdsetup.exe, “YTD Video Downloader stub installer” by GreenTree Applications srl has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dw.cbsi.com and multiple other hosts. While running, it connects to the Internet address hosted-by.leaseweb.com on port 80 using the HTTP protocol.
Publisher:
GreenTree Applications srl  (signed and verified)

Product:
YTD Video Downloader

Description:
YTD Video Downloader stub installer

Version:
4.9.2.3

MD5:
17d7492eda58648970d0cfa0ecad0c78

SHA-1:
58d9aefc121aef573970474c97e3980d432e4e9b

SHA-256:
c618d8a14b2298602e210072b0304becf1c349269b7041bfeaf80337981760cb

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
This is part of a Greentree bundled installer, which includes various adware, toolbars and co-bundled potentially unwanted apps pushed to the user upon setup.

Analysis date:
11/23/2024 4:38:38 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Widgi.102704.2
8.3.1.6

avast!
Win32:PUP-gen [PUP]
2014.9-151106

Baidu Antivirus
PUA.Win32.Toolbar
4.0.3.15116

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Downware.10873
9.0.1.0310

ESET NOD32
Win32/Toolbar.Widgi potentially unwanted
9.11444

G Data
Win32.Adware.YTDownloader
15.11.25

K7 AntiVirus
Adware
13.205.16545

Kaspersky
not-a-virus:HEUR:Downloader.Win32.Generic
14.0.0.1165

McAfee
Artemis!4EC0C81186BF
5600.6590

NANO AntiVirus
Riskware.Win32.AdLoad.dxemmd
0.30.26.4437

Panda Antivirus
Generic Suspicious
15.11.06.01

Quick Heal
Downloader.Generic.r5 (Not a Virus)
11.15.14.00

Reason Heuristics
Win32.Generic.GreenTreeApplicationssrl.Installer.Meta
15.11.6.1

SUPERAntiSpyware
PUP.YTD/Variant
9525

Trend Micro House Call
TROJ_GEN.R0C1H07CH15
7.2.310

VIPRE Antivirus
Trojan.Win32.Generic
42624

Zillya! Antivirus
Adware.Toolbar.Win32.343
2.0.0.2286

File size:
115.9 KB (118,728 bytes)

Product version:
4.9.2.3

Copyright:
(c) 2015 GreenTree Applications SRL. All rights reserved.

Original file name:
YTDStub.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ytdsetup.exe

Digital Signature
Authority:
Starfield Technologies, Inc.

Valid from:
2/17/2015 6:55:38 AM

Valid to:
11/18/2015 7:32:14 AM

Subject:
CN=GreenTree Applications srl, O=GreenTree Applications srl, L=Bucuresti, C=RO

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00C427DA8891A2EF29

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:CweqOYEUXPnD7Ozd8yNkaqJC94na4fWT9bM:/EUXb6yyKanl4fw9bM

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.0232

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file ytdsetup.exe has been seen being distributed by the following 50 URLs.

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=716f66918eb0fdf643b6956e667077de&devicetype=desktop&pguid=4721bae14d7925df9e8e1787&viewguid=cTUGcqGNRdMItAE68r2VPT1IQ4AJT4pjFzy8

http://d2qfwhm5fhx3bh.cloudfront.net/HXT3dRioOKFhMU02RjrjE40z9PYF4dFy5FKFCeAdB-M

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=2818514324fafefaaa8188cc65a57f0c&devicetype=desktop&pguid=1d6bc1cdd422bd8875de08e6&viewguid=cuK@C32BmOFiw1uemEm@XwEW8TCjqSCNQUCG

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=ecaa084792bf32803502e552a949d049&devicetype=desktop&pguid=efa4d999ae6d0ac320c8ea1e&viewguid=cryZ9ImSvFudWUucX6faXRaO1WPZjcIfrtkQ

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=756ad9366c42c9aeea6d675d66a454c9&devicetype=desktop&pguid=bdcb9dd82602bcc4ddfc48bf&viewguid=cp5i8dqGh4erVJWFq5lG43Q5PX0FTf5dPWZs

http://d39ddg9ze4px2h.cloudfront.net/A-_RVU1wyGKA5Ha9u2jjz08kf60Ij21hNU4leyXU1oU

http://dw1dz03mith3v.cloudfront.net/d2mgeP3oEq-uwTO-DaAvDYSU73_AnkQ2DRCaILmGEXE

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=2f85b361db54b8ed0b0ce9e99667c5d2&devicetype=desktop&pguid=48eda01c5b21580f20b23ffe&viewguid=ccrlR1szNbMW6AUaPUppYoXUgpQbKfJt6l-6

&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14496261&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=f0a455ba844ffc4cd6f57cca&viewguid=a13cLNIoEug6ihbowIGwPXrZC-jbS0x-gqtR&destUrl=http://software-files-a.cnet.com/s/software/14/49/62/.../YTDSetup511.exe

http://d1dj337pgkk9tf.cloudfront.net/xYReq4iMoCHG96Fu6qoFfewzSsvbDLwoSAX2wshV13o

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=f1a1e87c1a123f40c8204ce6b99bf84a&devicetype=desktop&pguid=078354004e101dd9b70d13bb&viewguid=cqAmYpJibMQ23Z7lssnxn6lxlaLzL1uhwWZy

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=8f6f35d3fa203b3a5d5ca45c064b3ac0&devicetype=desktop&pguid=dc15f613f65af20b9987a4a4&viewguid=ceVSB0wR6bXkiS@9vioRtFFwCa9HbJEW5bFU

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=83fd1a1c44c05e80190da38dfb5d8e92&devicetype=desktop&pguid=444a7b69ba42e13ea0a19d61&viewguid=ce24Ofz-07HvCyfow6Sh-XpBKN@b420Eqmkl

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=ce4a12e147f07f8041304acd&viewguid=eMflWfIVhnhg35X60iz9if8aHi8yZR1pZGNg&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=54c3ea4f61d6df844506b40f&viewguid=dKd4jR5NUg3SrjIUc@zOicpzJDS5TRyty5Rq&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=3af7eb12cf001d89b8ffd02c&viewguid=d44AWL01TwY7u6KRZFp2G6K2dB8DzWqkZcur&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=f24e87d42c6473b3ab7f02c179f1c6a3&devicetype=desktop&pguid=99822a99492c43721a81dde7&viewguid=ct1RtPHfuQ6IK7XgIEFp31z325NU8h052bPx

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=f82e03d516e453c6e89469326fe5f19e&devicetype=desktop&pguid=115f84e47aed4e32b8ee389a&viewguid=cmKPafDHdnpB6lzpL1Rgf-5QpRFoSkdUEbdd

http://d3gc9smisfcr4l.cloudfront.net/pYRveF5jHmvOV25Ik5IKhB4y1o6W6-iSo3wqBf2jSr0

http://dw.cbsi.com/redir?ttag=dre_visit_site_btn_click&lop=link&ptid=3055&pagetype=product_redirect&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=ad391930eb39feca8db8173862bf0f49&devicetype=desktop&pguid=a96f7846b046764c5b4c2463&viewguid=ckhXNjIQa0kjn8V9TcqdHUrcgduEz0H@UA4v

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=3f31843c80627759a4bdabae41177fa6&devicetype=desktop&pguid=b5ff1e2f347473c62980aa1f&viewguid=cRAL7cskTDRxLO-u@kcsEi5DjFIVsTn9rMiy

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=0d12e4d93da70fb74ea1f148&viewguid=dIShAFqfkK2SLeRFRdLvIE7bN@seYLJ38zPY&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw1dz03mith3v.cloudfront.net/m-KK0L27P7Q_qFypsHVQRVdvpz4WweF_TlDHKdJ8o0Y

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=d9a1123938898937194db867bc25abcd&devicetype=desktop&pguid=4db114e94cb08252db78c830&viewguid=cuEFYKXzaK2H7U9MTsqRAb9xq3RFL4LtVPCk

http://dw.cbsi.com/redir?ttag=visit_site_btn_click&lop=link&ptid=3000&pagetype=product_detail&astid=2&edid=3&siteid=4&destUrl=http://www.youtubedownloadersite.com/installers/.../dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&ltype=dl_dlnow&spi=41ddf2e9d2aba3a5e82d691b28109028&devicetype=desktop&pguid=956ed0a3a5bbfe6e2b0a2255&viewguid=cc04O@jnKZ3aAaqoCahtTCQT3eiUXw0igs2F

&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14496261&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=0df882e7cb699ed03aa949eb&viewguid=a2Gicc5CPM5NNP-ryvRabrebUnzghNmSIOtX&destUrl=http://software-files-a.cnet.com/s/software/14/49/62/.../YTDSetup511.exe

http://www.ytddownloader.com/.../stub.php?ytddgcie

http://dw.cbsi.com/redir?ttag=restart_download_click&ptid=3001&pagetype=product_pdl&astid=2&edid=3&tag=link&siteid=4&destUrl=&onid=2071&oid=3001-2071_4-10647340&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=internet/dl-managers&topicbrcrm=&pid=14504515&mfgid=6291469&merid=6291469&ctype=dm&cval=NONE&devicetype=desktop&pguid=5e7ce2e598ff8664996fd876&viewguid=d1NUxgtLvGuQq4IrGzz4NnpH3K9RvI3OsvGA&destUrl=http://www.youtubedownloadersite.com/.../ytdcnet.php

http://dw1dz03mith3v.cloudfront.net/O-VqSea5pi0j4YntVtNkMvPWbZ69R9t7kXI4T1Bf4pA

http://d2b7y1a411klfa.cloudfront.net/hQNAvtypwFQARTBEj5gcmzCMymtsuSeX5erx9Hs1A0g

Latest 30 of 650 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (5.79.67.111:80)

Remove ytdsetup.exe - Powered by Reason Core Security