home

ilividsetup-r1236-n-bi.exe

iLivid

Bandoo Media, Inc.

The application ilividsetup-r1236-n-bi.exe by Bandoo Media has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.expressdownload.net.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc.)

Product:
iLivid

Description:
iLivid Install

Version:
5.0.2.4813

MD5:
df61301d88b06b4876a6e5519d9e3218

SHA-1:
f9dc8ca3e4092534fea5310d78793b2c77c51c0a

SHA-256:
0119012d956338cc5357e7bb69ea53527082733b10944dee63db86dd41a9089b

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
4/25/2024 12:37:12 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.SearchSuite
7.1.1

AhnLab V3 Security
PUP/Win32.SearchSuite
2015.04.02

Avira AntiVirus
PUA/SeaSuite.inze
7.11.212.40

avast!
Toolbar-U [PUP]
150414-0

AVG
Adware Generic_r.VQ
2014.0.4311

Baidu Antivirus
Adware.Win32.iLivid
4.0.3.15417

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Searchsuite-3
0.98/21511

Comodo Security
Application.Win32.SeaSuite.AKA
20767

Dr.Web
Adware.Bandoo.194
9.0.1.0107

ESET NOD32
Win32/Toolbar.SearchSuite potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/ILivid
4/17/2015

F-Prot
W32/SearchSuite.B.gen
v6.4.7.1.166

G Data
Win32.Adware.Bandoo
15.4.25

herdProtect (fuzzy)
variant of ilividsetup-r484-n-bc.exe (Adware)
2015.7.18.21

K7 AntiVirus
Unwanted-Program
13.203.15723

Kaspersky
not-a-virus:WebToolbar.Win32.SearchSuite
15.0.0.543

Malwarebytes
PUP.Optional.Bandoo
v2015.04.17.04

McAfee
Artemis!F5B21AD0B250
5600.6793

NANO AntiVirus
Riskware.Win32.Bandoo.dgnlaz
0.30.20.1219

Panda Antivirus
PUP/iLivid
15.04.17.04

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Bandoo.Installer
15.4.17.0

Rising Antivirus
PE:AdWare.Win32.BearShare.b!1075356890
23.00.65.15415

Trend Micro House Call
Suspicious_GEN.F47V0221
7.2.107

VIPRE Antivirus
Threat.4150696
39676

Zillya! Antivirus
Adware.SearchSuite.Win32.368
2.0.0.2123

File size:
1.6 MB (1,712,640 bytes)

Product version:
5.0.2.4813

Copyright:
Copyright (c) 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ilividsetup-r1236-n-bi.exe

Digital Signature
Signed by:
Bandoo Media, Inc.

Authority:
thawte, Inc.

Valid from:
11/27/2014 11:00:00 AM

Valid to:
2/24/2016 10:59:59 AM

Subject:
CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3DECB3F6069817010107782EABF518FB

File PE Metadata
Compilation timestamp:
2/25/2012 6:20:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:D6C4SAmwW9AFXPYMq/m+VO2kQEFAtURxnSHmxTX++6WF8uWH5YGydyg0TF:14e9Ubi1cXQObnNRXXlWH5idyg0TF

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.3913

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file ilividsetup-r1236-n-bi.exe has been seen being distributed by the following URL.

http://download.cdn.expressdownload.net/cdn/r/.../iLividSetup-r1236-n-bi.exe

Remove ilividsetup-r1236-n-bi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.