home

ilividsetupv1.exe

Bandoo Media Inc.

The application ilividsetupv1.exe, “iLivid Installation ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source.
Publisher:
Bandoo Media Inc.

Description:
iLivid Installation

Version:
1.92.0.118480

MD5:
ae36b2ffc0ba2bb717d9fae3015ffcb0

SHA-1:
74b4e1cf8e3e9e285da6eecf8838a179e6b7fda7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 11:36:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bandoo (M)
16.7.31.6

File size:
2.1 MB (2,225,711 bytes)

Copyright:
All rights reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\ilividsetupv1.exe

File PE Metadata
Compilation timestamp:
4/15/2009 11:43:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:XwMLUpE0F1vxKZ7tWPeQCuUm9HTvKdCHoay4pF/0k8rNKXQfmy7xwTfr6iapqw/d:XwMLURxxK4mQCut9HTCj4H01r9x5D3N

Entry address:
0x12A70

Entry point:
BB, 7C, 29, DB, A2, 93, E9, 20, 01, 00, 00, 1C, C2, 25, 21, CD, 51, 25, 21, 65, 1F, C4, A5, A5, 25, A5, A5, 37, A5, A5, A5, 04, D6, DB, D6, D5, D6, DE, DC, DB, A5, A5, A5, 19, 06, 1F, 0A, 07, 06, 12, 06, D3, 09, 11, 11, A5, A5, A5, A5, 01, A5, A5, A5, EB, 17, 0A, 0A, F1, 0E, 07, 17, 06, 17, 1E, A5, E8, 17, 0A, 06, 19, 0A, E9, 0E, 17, 0A, 08, 19, 14, 17, 1E, E6, A5, A5, A5, A5, EC, 0A, 19, FC, 0E, 13, 09, 14, 1C, 18, E9, 0E, 17, 0A, 08, 19, 14, 17, 1E, E6, A5, A5, A5, A5, EC, 0A, 19, F2, 14, 09, 1A, 11, 0A...
 
[+]

Entropy:
7.9071  (probably packed)

Code size:
96.5 KB (98,816 bytes)

The file ilividsetupv1.exe has been seen being distributed by the following URL.

http://download.cdn.ilivid.com/cdn/r/.../iLividSetupV1.exe

Remove ilividsetupv1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.