Reason Labs

fyd5829.tmp.exe

Free YouTube Downloader

HOW Inc.

The application fyd5829.tmp.exe, “Free YouTube Downloader Setup ” has been detected as PUP.InstallCore.CSH. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
HOW Inc.

Product:
Free YouTube Downloader

Description:
Free YouTube Downloader Setup

MD5:
b02da95f7b65ac0138881931b50be7ff

SHA-1:
add3d4914d2c9dedc2efbd388e4b40571ff616b2

SHA-256:
2e35a0794314d9ab3f63ada5d02f640bc7eb1f019d8104305591065a6e911aa7

Detection:
PUP.InstallCore.CSH

Risk:
Low

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include browser extensions and various toolbars or other offers.

Analysis date:
1/20/2019 11:56:36 PM UTC  (a few moments ago)

File size:
258.1 KB (264,331 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\fyd5829.tmp.exe

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.3471

Packer / compiler:
Inno Setup v5.x - Installer Maker

Characteristics:
0x33167

Code size:
39.5 KB (40,448 bytes)

PUP.How.FYTDownloader.Bundler.Installer
2016593_setup.exe  (14de3a29bb49cb70c8d26f0546b6f57b9ba1bad4)

PUP.Zugo
vzo-fytd-sntb.exe  (faee5aeb9f0f23308c22c55fac74a63b16454727)

PUP.How.FYTDownloader.Bundler.Installer
2554117_setup.exe  (ee8b10561eb688be70d5166dc9a8775e5753ea38)

PUP.How.FYTDownloader.Bundler.Installer
1941066_setup.exe  (a15aeedee2dbc57dabc555bdd5e8decdd0529b0b)

PUP.BetterInstaller.Somoto
freeyoutubedownloaderinstaller.exe  (3451a1acdb9d6c4520923e732a6d7993e8197383)

Unnamed.Threat
freeyoutubedownloadersetup.exe  (f22e9a48185261b6448fdec90c333e12281eaa70)

PUP.How.FYTDownloader.Bundler.Installer
110315394_setup.exe  (6c6ff0dc2205c5836172309175ff610af402e169)

PUP.How.FYTDownloader.Bundler.Installer
188638367_setup.exe  (a8b82a05b0c81142e4d4a2e2c4a5a44a34f1777f)

PUP.How.FYTDownloader.Bundler.Installer
609673_setup.exe  (541f658d4a29f684e33e8dd5008e82fda3462e52)

PUP.How.FYTDownloader.Bundler.Installer
212282757_setup.exe  (d66f0a96a03a78773aa7897fce3cddfa356f7891)

PUP.How.FYTDownloader.Bundler.Installer
1165675_setup.exe  (8f4d619bc127387886675e5612dc7184f9646348)

PUP.How.FYTDownloader.Bundler.Installer
54578245_setup.exe  (cd88413071813004c8d220f9a451db7bf4ca1874)

PUP.How.FYTDownloader.Bundler.Installer
54578581_setup.exe  (ebbe2777602068bc4db06e384a54d248ddc60054)

Clean
YouTubeDownloader.exe  (8b07e1e157a260db65fe063c10544b67b7ca8854)

PUP.How.FYTDownloader.Bundler.Installer
27071749_setup.exe  (44a461dfcd02933e0193d934b6fad6f61509546f)

PUP.How.FYTDownloader.Bundler.Installer
1178088_setup.exe  (7a4aacd72b27ec92b35f6ecf6ab275b353958dc0)

Download Reason Core Security - Powerful anti-malware software