» ilividsetup-r0-n-bc.exe
Overview
Analysis
File Details
Downloads (1)

ilividsetup-r0-n-bc.exe

iLivid

Bandoo Media, Inc.

The application ilividsetup-r0-n-bc.exe by Bandoo Media has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from download.cdn.ilivid.com.

File name:

Publisher:

Bandoo Media Inc (signed by Bandoo Media, Inc.)

Product:

iLivid

Description:

iLivid Install

Version:

5.0.2.4833

MD5:

3ecb5e23662780f3d6a05f4446192af8

SHA-1:

351361efa5ae32c067f79eafddb9d4ba9e406fa7

SHA-256:

7f65b3d979f1b954b72e7ff683ed7e17e6fc75d5bfa3dcb00a22f9c4e30e0da8

Scanner detections:

24 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/23/2024 1:51:19 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.ILivid

2015.11.14

Avira AntiVirus

PUA/iLivid.Gen

8.3.2.2

avast!

GenMaliciousA-DXW [PUP]

2014.9-160124

AVG

Generic

2017.0.2854

Baidu Antivirus

Adware.Win32.iLivid

4.0.3.16124

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.SearchSuite.AAK

23584

Dr.Web

Adware.Bandoo.377

9.0.1.024

ESET NOD32

Win32/Toolbar.SearchSuite.W potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/SearchSuite

1/24/2016

G Data

Win32.Adware.Bandoo

16.1.25

IKARUS anti.virus

PUA.Soffer

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.212.17853

Kaspersky

not-a-virus:WebToolbar.Win32.SearchSuite

14.0.0.766

Malwarebytes

PUP.Optional.Bandoo

v2016.01.24.06

McAfee

Trojan.Artemis!C5124A920CD2

5600.6510

NANO AntiVirus

Riskware.Win32.Bandoo.dtfdmo

0.30.26.4437

Qihoo 360 Security

HEUR/QVM42.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.Bandoo.BandooMedia.Installer (M)

16.1.24.18

Rising Antivirus

NS:Trojan.SearchSuite!1.A261 [F]

23.00.65.16122

Sophos

PUA 'SearchSuite' (of type Adware)

5.22

SUPERAntiSpyware

PUP.Bandoo/Variant

9365

VIPRE Antivirus

Trojan.Win32.Generic

45202

Zillya! Antivirus

Adware.OutBrowse.Win32.61635

2.0.0.2560

File size:

1.6 MB (1,714,320 bytes)

Product version:

5.0.2.4833

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\ilividsetup-r0-n-bc.exe

Digital Signature

Signed by:

Bandoo Media, Inc.

Authority:

thawte, Inc.

Valid from:

9/16/2015 7:30:00 PM

Valid to:

2/23/2016 7:29:59 PM

Subject:

CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:

CN=thawte SHA256 Code Signing CA - G2, O="thawte, Inc.", C=US

Serial number:

0AEA776A90BF58BA2DEB5770F39F9A26

File PE Metadata

Compilation timestamp:

2/24/2012 2:50:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:541SUP+ckqhzyFzPpDFANx7IThPbBT6N5e76H:5+SULkq1czpCT7ITh9Q5e7

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file ilividsetup-r0-n-bc.exe has been seen being distributed by the following URL.

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r0-n-bc.exe

Remove ilividsetup-r0-n-bc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.