home

setup.exe

Bundlore Ltd

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Bundlore has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer.
Publisher:
Bundlore Ltd  (signed and verified)

MD5:
3edcc1938e02c2326e11edbee55497b4

SHA-1:
326c75f596c2e3fc7bcef7cb32e27213a1c5a4b5

SHA-256:
696740817d8fa24667e1c944acb59670a7906dd741a61f3e28b36e785aa22d35

Scanner detections:
23 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 10:48:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPlug.6
6498366

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Bundlore.N
7.11.206.64

avast!
PUP-gen [PUP]
150129-1

AVG
Generic
2016.0.3213

Bitdefender
Gen:Variant.Adware.MPlug.6
1.0.20.155

Clam AntiVirus
Win.Adware.Mplug-1752
0.98/20008

Comodo Security
Application.Win32.Bundlore.D
20910

Dr.Web
Adware.Downware.8925
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug
9.0.0.4799

ESET NOD32
Win32/Bundlore.P potentially unwanted application
7.0.302.0

F-Prot
W32/A-2d25e330
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPlug.6
5.13.68

G Data
Gen:Variant.Adware.MPlug
15.1.25

K7 AntiVirus
Trojan
13.193.14818

Malwarebytes
PUP.Optional.Bundlore
v2015.01.31.08

McAfee
PUP-FOZ
5600.6869

MicroWorld eScan
Gen:Variant.Adware.MPlug.6
16.0.0.93

Norman
Gen:Variant.Adware.MPlug.6
02.01.2015 13:58:24

Panda Antivirus
Trj/Genetic.gen
15.01.31.08

Reason Heuristics
PUP.Installer.Bundlore
15.1.31.8

VIPRE Antivirus
Threat.4150696
36666

Zillya! Antivirus
Backdoor.PePatch.Win32.49460
2.0.0.2049

File size:
341.7 KB (349,944 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Bundlore Ltd

Authority:
COMODO CA Limited

Valid from:
7/8/2014 3:00:00 AM

Valid to:
7/8/2016 2:59:59 AM

Subject:
CN=Bundlore Ltd, O=Bundlore Ltd, STREET=Ahad AhAm 21, L=Tel Aviv, S=Israel, PostalCode=6515103, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B4EA37F3705B7372B8ACBBA6F2CB424

File PE Metadata
Compilation timestamp:
10/23/2014 3:50:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:3fh5zxnT4ieJfLbii5bkgVuN+xSKV7Wkrsf7LsFoA5lA:3fhdxnT4hXikbkgaISKV/5lA

Entry address:
0x539F

Entry point:
E8, B8, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, C3, 41, 00, E8, CB, 1D, 00, 00, E8, A0, 2F, 00, 00, 0F, B7, F0, 6A, 02, E8, 4B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0A, 40, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.8509

Code size:
81 KB (82,944 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.