Solid YouTube Downloader and Converter
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 1,842 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 8,161 |
| First Seen: | August 12, 2015 |
| Last Seen: | January 24, 2026 |
| OS(es) Affected: | Windows |
The Solid YouTube Downloader and Converter developed by TopVideoSoft, Inc. and published by DreamVideoSoft, Inc. is promoted as a powerful video conversion and download tool for YouTubers. You may have noticed that the Solid YouTube Downloader and Converter programs has a 30-day trial version and a paid one. However, you might not know that both versions come with a privacy policy statement that the Solid YouTube Downloader and Converter app will display advertisements in your Web browser. The Solid YouTube Downloader and Converter app functions similarly to EZ YouTube Video Downloader and 1click downloader and will use tracking cookies and read your browsing history to help advertisers push targeted promotions. The paid version of the Solid YouTube Downloader and Converter is worth around $35 but will not guarantee ad-free experience for its users. The Solid YouTube Downloader and Converter program will insert a registry key in Windows to start as a background service and show advertisements from third parties in your Internet client. Solid YouTube Downloader and Converter may display banners, pop-ups, and sponsored search results as you surf the Internet. The Solid YouTube Downloader and Converter may decrease your overall computer productivity and load additional ads on videos on YouTube. The promotional offers displayed by the Solid YouTube Downloader and Converter may invite users to install Windows 7 System Repair and Windows Abnormality Checker. The apps mentioned before are reported as rogue security software will use fake notifications of security breaches to urge users to purchase a premium license. Computer users interested in using Solid YouTube Downloader and Converter should take into consideration that it is deemed as a Potentially Unwanted Program (PUP) and will have to tolerate many ads. You may Solid YouTube Downloader and Converter listed on your 'Programs and Features' panel and could remove it manually, but its uninstaller will leave cookies on your PC that advertisers can reach via supported websites. You could use a trusted anti-spyware instrument to delete all files associated with Solid YouTube Downloader and Converter and secure your computer.
Table of Contents
Analysis Report
General information
| Family Name: | PUP.GameHack.HI |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
379501819e91f514aa5f13a37056e34b
SHA1:
724e7a35c1c02a561737c06fe2359a505c8a08bd
SHA256:
48E45481852C0191F29690ED71AEAC785949AE90B2273F0C383A880F8BAEBB97
File Size:
6.49 MB, 6492160 bytes
|
|
MD5:
4b2c65ea69daf924f72188edf8c3ad5b
SHA1:
0ee115474b036371987d4271c9a908c6717327a0
SHA256:
DBAE179BE672CB41E7F8E7D12CD101389C3214FB97C2B54DF38D41F8A212C891
File Size:
3.63 MB, 3631104 bytes
|
|
MD5:
28a7761fcda6949e40982319372d7365
SHA1:
b0a4a09bf8d364c63c5cc3bfa3af79f28bb4cdaf
SHA256:
3262919DFBF7BAC752D4DDBB233723F4BD7309E4371E0746F1F683962E803B8F
File Size:
7.67 MB, 7668736 bytes
|
|
MD5:
371652326c07748c1c104d0945c85c2e
SHA1:
ddb3527cd25dd602599fe54969dfcb723e94c5b8
SHA256:
B02E54554F339E368E66B69A9F747CFEE5915B21FF352A8241BA78F4558173BE
File Size:
3.98 MB, 3976192 bytes
|
|
MD5:
0ef153fa573d4e68a82a27d7fdae3d31
SHA1:
3d6a28e8d9648d12953d71c0c41415c6940d1eb2
SHA256:
D60575A37240268C18DD95C3C0F485D4BA846A51A49C4A81CA8BA0D1CAD70712
File Size:
3.15 MB, 3153408 bytes
|
Show More
|
MD5:
6a9e2ecc87443b9f861cb516c3b3852f
SHA1:
7e84ad253f1f3e9c77c7b7f3a2615a494031ff7a
SHA256:
BB06400D5F1E9729659F5F74DDF4EE7624E7FB44ACABD1258BA83C0325DC72AA
File Size:
3.92 MB, 3917312 bytes
|
|
MD5:
c8ed24106699cb9f2dbdc0c7671bd05f
SHA1:
d5a95838a63fead467d86b352a453fa138fecb75
SHA256:
E0A21B43B5813A279C3D04581C44648BDFCE1260BF5D46DED0BAE9E245091214
File Size:
1.53 MB, 1531392 bytes
|
|
MD5:
dbde226ff1b517a30db52b3f2846dd6d
SHA1:
8dd41f6116b2241c7c9fc9a3d4fd8fe2c1544e86
SHA256:
77DFF08277675596194392FED669F2CC04AE830539296C11CEC32C9F714432C2
File Size:
9.09 MB, 9090048 bytes
|
|
MD5:
1427ef2ea385bb6cbe2558b3f6313778
SHA1:
f6eafe02d42d581b88709a54cd568ea94e40e667
SHA256:
C295ACDAED7033E6BBA7329233A74805DD617BFAB048D58C44472F7AE68BF885
File Size:
869.89 KB, 869888 bytes
|
|
MD5:
60961b4116b5ef006866b5154a12f237
SHA1:
27e497ea575bac7397c888a1e36c822c9dc60251
SHA256:
43F56567D97C7EBEB89795429A52496A5E728A3CD97CB8E5536635C4025FA107
File Size:
1.92 MB, 1921024 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
Show More
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
|
| File Description |
|
| File Version |
|
| Internal Name |
|
| Legal Copyright |
|
| Original Filename |
|
| Product Name |
|
| Product Version |
|
File Traits
- 2+ executable sections
- dll
- fptable
- HighEntropy
- imgui
- JMC
- No Version Info
- VirtualQueryEx
- WriteProcessMemory
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 3,727 |
|---|---|
| Potentially Malicious Blocks: | 172 |
| Whitelisted Blocks: | 2,736 |
| Unknown Blocks: | 819 |
Visual Map
? - Unknown Block
x - Potentially Malicious Block
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
Show More
|
| Process Shell Execute |
|
| Anti Debug |
|
| Process Manipulation Evasion |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\724e7a35c1c02a561737c06fe2359a505c8a08bd_0006492160.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\0ee115474b036371987d4271c9a908c6717327a0_0003631104.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\b0a4a09bf8d364c63c5cc3bfa3af79f28bb4cdaf_0007668736.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\ddb3527cd25dd602599fe54969dfcb723e94c5b8_0003976192.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\3d6a28e8d9648d12953d71c0c41415c6940d1eb2_0003153408.,LiQMAxHB
|
Show More
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\8dd41f6116b2241c7c9fc9a3d4fd8fe2c1544e86_0009090048.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\f6eafe02d42d581b88709a54cd568ea94e40e667_0000869888.,LiQMAxHB
|
C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\27e497ea575bac7397c888a1e36c822c9dc60251_0001921024.,LiQMAxHB
|
