home

ilividsetup-r0-n-bi.exe

iLivid

Bandoo Media, Inc.

The application ilividsetup-r0-n-bi.exe by Bandoo Media has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.ilivid.com.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc.)

Product:
iLivid

Description:
iLivid Install

Version:
5.0.2.4833

MD5:
91f41e18ed0d79553a882426e06e547f

SHA-1:
78848a77a3e3e806ca79bdec10f193700287b6ea

SHA-256:
4e390189cef3ba7f638ad5a834f22367a4e73192c674d2b2bcdc549650d6aed7

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
4/26/2024 7:43:04 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.ILivid
2015.11.10

Avira AntiVirus
PUA/iLivid.Gen
8.3.2.2

avast!
GenMaliciousA-DXW [PUP]
2014.9-160128

AVG
Generic
2017.0.2850

Baidu Antivirus
Adware.Win32.iLivid
4.0.3.16128

Bkav FE
W32.HfsAdware
1.3.0.7383

Comodo Security
Application.Win32.SearchSuite.AAK
23561

Dr.Web
Adware.Bandoo.12
9.0.1.028

ESET NOD32
Win32/Toolbar.SearchSuite.W potentially unwanted application
10.7.0.302.0

G Data
Win32.Adware.Bandoo
16.1.25

IKARUS anti.virus
PUA.Soffer
t3scan.1.9.5.0

K7 AntiVirus
Unwanted-Program
13.212.17797

Kaspersky
not-a-virus:WebToolbar.Win32.SearchSuite
14.0.0.747

Malwarebytes
PUP.Optional.Bandoo
v2016.01.28.12

NANO AntiVirus
Riskware.Win32.Bandoo.dtfdmo
0.30.26.4437

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Bandoo.BandooMedia.Installer (M)
16.1.28.12

Rising Antivirus
NS:Trojan.SearchSuite!1.A261 [F]
23.00.65.16126

Sophos
PUA 'SearchSuite' (of type Adware)
5.21

SUPERAntiSpyware
PUP.Bandoo/Variant
9358

VIPRE Antivirus
Trojan.Win32.Generic
45120

Zillya! Antivirus
Downloader.Upatre.Win32.59467
2.0.0.2549

File size:
1.6 MB (1,714,320 bytes)

Product version:
5.0.2.4833

Copyright:
Copyright (c) 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ilividsetup-r0-n-bi.exe

Digital Signature
Signed by:
Bandoo Media, Inc.

Authority:
thawte, Inc.

Valid from:
9/16/2015 9:00:00 PM

Valid to:
2/23/2016 8:59:59 PM

Subject:
CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA - G2, O="thawte, Inc.", C=US

Serial number:
0AEA776A90BF58BA2DEB5770F39F9A26

File PE Metadata
Compilation timestamp:
2/24/2012 4:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:L41SUP+ckqhzyFzPpDFANx7IThPbBT6N5e76H:L+SULkq1czpCT7ITh9Q5e7

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.3910

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file ilividsetup-r0-n-bi.exe has been seen being distributed by the following URL.

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r0-n-bi.exe

Remove ilividsetup-r0-n-bi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.