iLivid.exe

iLivid Download Manager

Bandoo Media, Inc

The application iLivid.exe by Bandoo Media, Inc has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘iLivid’. The file has been seen being downloaded from dc612.4shared.com and multiple other hosts. While running, it connects to the Internet address 163-172-48-50.rev.poneytelecom.eu on port 6909.
Publisher:
Bandoo Media Inc.  (signed by Bandoo Media, Inc)

Product:
iLivid Download Manager

Version:
5.0.0.3958

MD5:
b820cc1fac0adea66687ee13cc2cb114

SHA-1:
05a80eaf2fe944822e7c28a37eaa15a0bb03db8f

SHA-256:
af68dc3157dafff9e83f88ffd9a45fac14d56659c47ce411f549ac44215046cf

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
9/24/2018 10:44:38 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.BandooMedia.G
188163

Comodo Security
Application.Win32.Bandoo.gb
17389

Reason Heuristics
PUP.Optional.Startup.BandooMedia.G
14.3.1.3

STOPzilla AVM
PotentiallyUnwantedProgram.Optional.iLivid
6.0.8.12.4

File size:
6.5 MB (6,827,008 bytes)

Product version:
5.0.0.3958

Copyright:
Copyright (C) 2013 Bandoo Media Inc. All Rights Reserved.

Original file name:
iLivid.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\ilivid\ilivid.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/19/2012 3:00:00 AM

Valid to:
11/3/2014 1:59:59 AM

Subject:
CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7A5189D163723107DEFA157662A4BAE4

File PE Metadata
Compilation timestamp:
9/9/2013 1:55:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:7fppc5HSTLZ5Zk16ROeZL3g/p05JBsf10+0+JVx:7fCHWLJdvLQ/p02O+0+J3

Entry address:
0x341AA8

Entry point:
E8, 5D, 07, 00, 00, E9, 1C, FD, FF, FF, 8B, 00, 81, 38, 63, 73, 6D, E0, 74, 03, 33, C0, C3, E9, E2, 07, 00, 00, 6A, 14, 68, E8, 27, 95, 00, E8, 40, 04, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 96, 07, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 36, 04, 00, 00, C2, 10, 00, 6A, 0C, 68, 08, 28, 95...
 
[+]

Code size:
3.8 MB (4,019,200 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
iLivid

Command:
"C:\users\{user}\appdata\local\ilivid\ilivid.exe" -autorun


Windows Firewall Allowed Program
Name:
C:\Documents and Settings\Administrator\Local Settings\Application Data\iLivid\iLivid.exe


The file iLivid.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to r179-24-116-59.dialup.adsl.anteldata.net.uy  (179.24.116.59:56060)

TCP:
Connects to pc-14-142-164-190.cm.vtr.net  (190.164.142.14:45767)

TCP:
Connects to pc-130-139-239-201.cm.vtr.net  (201.239.139.130:40876)

TCP:
Connects to net-2-35-246-66.cust.vodafonedsl.it  (2.35.246.66:59557)

TCP:
Connects to cm-staticIP-85-152-94-7.telecable.es  (85.152.94.7:17374)

TCP:
Connects to 4.58.60.94.rev.vodafone.pt  (94.60.58.4:27469)

TCP:
Connects to 201.190.204-48.supercanal.com.ar  (201.190.204.48:55995)

TCP:
Connects to 186-130-17-19.speedy.com.ar  (186.130.17.19:38287)

TCP:
Connects to 181-25-245-115.speedy.com.ar  (181.25.245.115:52212)

TCP:
Connects to 163-172-121-150.rev.poneytelecom.eu  (163.172.121.150:49574)

TCP:
Connects to s5594d2c2.adsl.online.nl  (85.148.210.194:51226)

TCP:
Connects to pc-193-235-91-13.norrkoping.se  (193.235.91.13:60020)

TCP:
Connects to host-41.239.222.61.tedata.net  (41.239.222.61:64088)

TCP:
Connects to CPE-121-214-39-216.lnse4.win.bigpond.net.au  (121.214.39.216:48983)

TCP:
Connects to car.athome.globe.com.ph  (112.198.72.184:14632)

TCP:
Connects to bzq-84-108-39-157.cablep.bezeqint.net  (84.108.39.157:32514)

TCP:
Connects to bb116-14-27-207.singnet.com.sg  (116.14.27.207:58930)

TCP:
Connects to b3d7eb6f.virtua.com.br  (179.215.235.111:59696)

TCP:
Connects to aua.athome.globe.com.ph  (112.198.75.90:37290)

TCP:
Connects to a79-168-23-25.cpe.netcabo.pt  (79.168.23.25:40758)

Remove iLivid.exe - Powered by Reason Core Security