home

bullvidsetup-r155-w-bi.exe

Bullvid

Koyote-Lab Inc.

The application bullvidsetup-r155-w-bi.exe by Koyote-Lab has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.bullvid.com and multiple other hosts.
Publisher:
Koyote-Lab Inc.  (signed and verified)

Product:
Bullvid

Description:
Bullvid Install

Version:
4.0.0.4045

MD5:
f27b1d69d833c0393dc545bcc2d13f55

SHA-1:
0e195951d39614bbeff357cd64953f104d6ae133

SHA-256:
21f94b8a2f1da4e14b6ede65c6a6fd11d2c040c9ae8783af22d0a574c415d50a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 3:27:18 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.964
9.0.1.0360

Reason Heuristics
PUP.Installer.KoyoteLab.W
14.2.16.8

File size:
1.2 MB (1,274,736 bytes)

Product version:
4.0.0.4045

Copyright:
Copyright (c) 2013

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bullvidsetup-r155-w-bi.exe

Digital Signature
Signed by:
Koyote-Lab Inc.

Authority:
Thawte, Inc.

Valid from:
2/23/2012 12:00:00 AM

Valid to:
2/21/2014 11:59:59 PM

Subject:
CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata
Compilation timestamp:
5/30/2013 9:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:wnNthkk9sks5szKQkC5Yh/Lor2kNHMX49xjLYOBJ/lLcg3e9K:Wrkkws2C5YhzbwHM49xvBBr7cK

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9682  (probably packed)

Code size:
29.5 KB (30,208 bytes)

The file bullvidsetup-r155-w-bi.exe has been seen being distributed by the following 2 URLs.

http://download.cdn.bullvid.com/cdn/r/.../BullVidSetup-r159-w-bc.exe

http://download.bullvid.com/BullVidSetupV1.exe

Remove bullvidsetup-r155-w-bi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.