» ilividsetup-r2156-n-bi.exe
Overview
Analysis
File Details
Downloads (1)

ilividsetup-r2156-n-bi.exe

iLivid

Bandoo Media, Inc.

The application ilividsetup-r2156-n-bi.exe by Bandoo Media has been detected as a potentially unwanted program by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.sharelive.net.

File name:

Publisher:

Bandoo Media Inc (signed by Bandoo Media, Inc.)

Product:

iLivid

Description:

iLivid Install

Version:

5.0.2.4821

MD5:

ef82b7e7f046e01d944bff3620a14af9

SHA-1:

10af9b9e22addad802cdcb9efab9a342edd064d2

SHA-256:

b5083ceeb1fa520461a790748deb8bfe6c584ffb4f5553059783f23132eec513

Scanner detections:

30 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:

4/25/2024 4:28:33 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.SearchSuite

7.1.1

AhnLab V3 Security

PUP/Win32.SearchSuite

2015.04.20

Avira AntiVirus

PUA/SeaSuite.inze

7.11.212.40

avast!

GenMaliciousA-DXW [PUP]

2014.9-160129

AVG

Adware Generic_r

2017.0.2850

Baidu Antivirus

Adware.Win32.iLivid

4.0.3.16129

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Searchsuite-3

0.98/21511

Comodo Security

Application.Win32.SeaSuite.AKA

20696

Dr.Web

Adware.Bandoo.194

9.0.1.029

ESET NOD32

Win32/Toolbar.SearchSuite.W potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/ILivid

1/29/2016

F-Prot

W32/SearchSuite.B.gen

v6.4.7.1.166

F-Secure

Adware.SwiftBrowse.CX

11.2016-29-01_6

G Data

Win32.Adware.Bandoo

16.1.25

IKARUS anti.virus

PUA.Soffer

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.203.15723

Kaspersky

not-a-virus:WebToolbar.Win32.SearchSuite

14.0.0.744

Malwarebytes

PUP.Optional.Bandoo

v2016.01.29.03

McAfee

Trojan.Artemis!F368AF7AA7DE

5600.6506

NANO AntiVirus

Riskware.Win32.Bandoo.dgnlaz

0.30.20.1219

Panda Antivirus

Generic Suspicious

16.01.29.03

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Bandoo.BandooMedia.Installer (M)

16.1.29.3

Rising Antivirus

PE:AdWare.Win32.BearShare.b!1075356890

23.00.65.16127

Sophos

Generic PUA OO (PUA)

4.98

SUPERAntiSpyware

PUP.Bandoo/Variant

9357

Trend Micro House Call

Suspicious_GEN.F47V0221

7.2.29

VIPRE Antivirus

Threat.4150696

39676

Zillya! Antivirus

Adware.SearchSuite.Win32.368

2.0.0.2145

File size:

1.6 MB (1,713,944 bytes)

Product version:

5.0.2.4821

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ilividsetup-r2156-n-bi.exe

Digital Signature

Signed by:

Bandoo Media, Inc.

Authority:

thawte, Inc.

Valid from:

11/27/2014 7:00:00 AM

Valid to:

2/24/2016 6:59:59 AM

Subject:

CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

3DECB3F6069817010107782EABF518FB

File PE Metadata

Compilation timestamp:

2/25/2012 2:20:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:B4iUJg/bzdpAI7QeZ6688/ykGl4y8u7CUxQ:BpUJWbp+IdQ3VPmyrBK

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.3914

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file ilividsetup-r2156-n-bi.exe has been seen being distributed by the following URL.

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r2156-n-bi.exe

Remove ilividsetup-r2156-n-bi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.