home

setup.exe

UKRREMBUDSERVIS LTD

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by UKRREMBUDSERVIS has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer.
Publisher:
UKRREMBUDSERVIS LTD  (signed and verified)

MD5:
a9a635616a2299ce8fd3277bc829389e

SHA-1:
3ef562ad546fb1bdb370e965d9033eb5aa554ca8

SHA-256:
f1f59364fcf45aba4266d754ae9a7afcd2850f24696b3ad43c5da90f25f58a92

Scanner detections:
23 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 5:29:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.12439
5549295

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2015.05.23

Avira AntiVirus
PUA/Bundlore.Gen
8.3.1.6

avast!
Win32:PUP-gen [PUP]
150521-0

AVG
Generic
2016.0.3101

Bitdefender
Gen:Variant.Mikey.12439
1.0.20.710

Dr.Web
Adware.Downware.9625
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Mikey.12439
10.0.0.5366

ESET NOD32
Win32/Bundlore.T potentially unwanted application
7.0.302.0

F-Prot
W32/S-b5ba81db
v6.4.7.1.166

F-Secure
Gen:Variant.Mikey.12439
5.14.151

G Data
Gen:Variant.Mikey.12439
15.5.25

IKARUS anti.virus
PUA.Bundlore
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.204.16000

McAfee
PUP-FOZ
5600.6757

MicroWorld eScan
Gen:Variant.Mikey.12439
16.0.0.426

NANO AntiVirus
Riskware.Win32.Downware.dqttqr
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.05.22.03

Reason Heuristics
PUP.Bundlore.Bundler
15.5.22.14

Sophos
PUA 'Bundlore'
5.14

VIPRE Antivirus
Threat.4150696
40432

Zillya! Antivirus
Backdoor.PePatch.Win32.71536
2.0.0.2187

File size:
359.5 KB (368,136 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
UKRREMBUDSERVIS LTD

Authority:
COMODO CA Limited

Valid from:
3/22/2015 8:00:00 PM

Valid to:
3/22/2016 7:59:59 PM

Subject:
CN="""UKRREMBUDSERVIS"" LTD", O="""UKRREMBUDSERVIS"" LTD", STREET="Stepana Sahaydaka str, 100-A", L=Kiev, S=Kiev, PostalCode=02002, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2275F2D622D08DDBED9ABADB3884FAA5

File PE Metadata
Compilation timestamp:
4/22/2015 4:27:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:AzQTS8h7PMcLxEH2uBDhvgeVGu2DqYpf5zVvQV2FZW4:n9DMc1EH2uhhvgUAqYpf5zVvQV2FZZ

Entry address:
0x7A8D

Entry point:
E8, 66, 5B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, CF, 42, 00, E8, 9D, 48, 00, 00, E8, 37, 5D, 00, 00, 0F, B7, F0, 6A, 02, E8, F9, 5A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 62, 43, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.9882

Code size:
141 KB (144,384 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.