iLivid.exe

iLivid Download Manager

Bandoo Media, Inc

The application iLivid.exe by Bandoo Media, Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 42-2-24-033.static.netvigator.com on port 13765.
Publisher:
Bandoo Media Inc.  (signed by Bandoo Media, Inc)

Product:
iLivid Download Manager

Version:
5.0.0.3958

MD5:
c050a12204bde0f072da1aa36970c547

SHA-1:
a7c9982a4d9266ec429a3eee04126c997e198f57

SHA-256:
c89b78686fa11cd7d7d4f87cf1b6c2eba114e0a8fcbdcafbe49529641186d0ba

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
9/22/2018 12:29:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.4.16.18

File size:
6.5 MB (6,827,008 bytes)

Product version:
5.0.0.3958

Copyright:
Copyright (C) 2013 Bandoo Media Inc. All Rights Reserved.

Original file name:
iLivid.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ilivid\ilivid.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/18/2012 5:00:00 PM

Valid to:
11/2/2014 3:59:59 PM

Subject:
CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7A5189D163723107DEFA157662A4BAE4

File PE Metadata
Compilation timestamp:
9/8/2013 3:55:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:Rfppc5HSTLZ5Zk16ROeZL3g/p05JBsf1e0+JVx:RfCHWLJdvLQ/p02Y0+J3

Entry address:
0x341AA8

Entry point:
E8, 5D, 07, 00, 00, E9, 1C, FD, FF, FF, 8B, 00, 81, 38, 63, 73, 6D, E0, 74, 03, 33, C0, C3, E9, E2, 07, 00, 00, 6A, 14, 68, E8, 27, 95, 00, E8, 40, 04, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 96, 07, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 36, 04, 00, 00, C2, 10, 00, 6A, 0C, 68, 08, 28, 95...
 
[+]

Entropy:
6.5145

Code size:
3.8 MB (4,019,200 bytes)

Windows Firewall Allowed Program
Name:
ilivid


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to cpe-181-44-79-232.telecentro-reversos.com.ar  (181.44.79.232:51304)

TCP:
Connects to 42-2-24-033.static.netvigator.com  (42.2.24.33:13765)

TCP:
Connects to catv-80-99-1-88.catv.broadband.hu  (80.99.1.88:48918)

TCP:
Connects to ns311668.ip-188-165-209.eu  (188.165.209.143:55982)

TCP:
Connects to ppp089210085065.access.hol.gr  (89.210.85.65:55339)

TCP:
Connects to m176-68-233-133.cust.tele2.se  (176.68.233.133:53236)

TCP:
Connects to p2038237-ipngn201011tokaisakaetozai.aichi.ocn.ne.jp  (153.179.12.237:20396)

TCP:
Connects to m213-101-14-149.cust.tele2.se  (213.101.14.149:5516)

TCP (HTTP):
Connects to tracker.janky.solutions  (5.196.95.20:80)

TCP:
Connects to opentrackr.org  (163.172.157.35:1337)

TCP:
Connects to net-130-25-188-121.cust.vodafonedsl.it  (130.25.188.121:23000)

TCP:
Connects to nat-90.pe3ny.net  (94.142.238.90:49339)

TCP:
Connects to hosted-by.leaseweb.com  (37.48.70.132:64603)

TCP:
Connects to ctel-92-53-47-41.cabletel.com.mk  (92.53.47.41:5760)

TCP:
Connects to cm-171-98-4-63.revip7.asianet.co.th  (171.98.4.63:51413)

TCP:
Connects to bba523694.alshamil.net.ae  (86.97.41.200:42270)

TCP:
Connects to bb115-66-192-134.singnet.com.sg  (115.66.192.134:44713)

TCP:
Connects to as7148.seedbox.org.ua  (212.113.33.166:25940)

TCP:
Connects to ns345434.ip-37-187-251.eu  (37.187.251.156:23877)

TCP:
Connects to ns318797.ip-37-187-134.eu  (37.187.134.95:23877)

Remove iLivid.exe - Powered by Reason Core Security