home

setup.exe

UKRREMBUDSERVIS LTD

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by UKRREMBUDSERVIS has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer.
Publisher:
UKRREMBUDSERVIS LTD  (signed and verified)

MD5:
75cc605731e020b77ccd80cb5ee92ebf

SHA-1:
1cc3864cb596a4100f1d6a1f79cff76ec2647cf5

SHA-256:
5d1dcdc58843632dc98af6879df65f604962aa5e2c77c8505e51d8c69aef5bd0

Scanner detections:
24 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 4:31:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.12439
5549295

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2015.05.23

Avira AntiVirus
PUA/Bundlore.Gen
8.3.1.6

avast!
Win32:PUP-gen [PUP]
150521-0

AVG
Adware BundleApp.DSY
2014.0.4311

Bitdefender
Gen:Variant.Mikey.12439
1.0.20.710

Clam AntiVirus
Win.Trojan.Agent-869012
0.98/21511

Dr.Web
Adware.Downware.9625
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Mikey.12439
10.0.0.5366

ESET NOD32
Win32/Bundlore.T potentially unwanted application
7.0.302.0

F-Prot
W32/S-b5ba81db
v6.4.7.1.166

F-Secure
Gen:Variant.Mikey.12439
5.14.151

G Data
Gen:Variant.Mikey.12439
15.5.25

IKARUS anti.virus
PUA.Bundlore
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.204.16000

McAfee
PUP-FOZ
5600.6757

MicroWorld eScan
Gen:Variant.Mikey.12439
16.0.0.426

NANO AntiVirus
Riskware.Win32.Downware.dqttqr
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.05.22.03

Reason Heuristics
PUP.Bundlore.Bundler
15.5.22.14

Sophos
PUA 'Bundlore'
5.14

VIPRE Antivirus
Threat.4150696
40432

Zillya! Antivirus
Backdoor.PePatch.Win32.72266
2.0.0.2187

File size:
359.5 KB (368,136 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
UKRREMBUDSERVIS LTD

Authority:
COMODO CA Limited

Valid from:
3/22/2015 8:00:00 PM

Valid to:
3/22/2016 7:59:59 PM

Subject:
CN="""UKRREMBUDSERVIS"" LTD", O="""UKRREMBUDSERVIS"" LTD", STREET="Stepana Sahaydaka str, 100-A", L=Kiev, S=Kiev, PostalCode=02002, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2275F2D622D08DDBED9ABADB3884FAA5

File PE Metadata
Compilation timestamp:
4/26/2015 4:27:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:GsJ/ztsM7fMcLxmH2moRexPxxe+ybgslUZhcgR5AMXMGKOBOC13:LFbMc1mH2NQVu+yt6ZhcgR57XsOA83

Entry address:
0x7A6D

Entry point:
E8, 66, 5B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, CF, 42, 00, E8, 9D, 48, 00, 00, E8, 37, 5D, 00, 00, 0F, B7, F0, 6A, 02, E8, F9, 5A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 62, 43, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.0067

Code size:
141 KB (144,384 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.