home

setup.exe

VideoDownloader

Bundlore Limited

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe, “VideoDownloader Setup ” by Bundlore Limited has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer. It is also typically executed from the user's temporary directory.
Publisher:
Video Downloader   (signed by Bundlore Limited)

Product:
VideoDownloader

Description:
VideoDownloader Setup

Version:
1.9.2.2

MD5:
8b474137a5f6b2c9dc386e92606c927e

SHA-1:
3ff063708d20093bf81ba7d704aa088b292f8740

SHA-256:
dc45e743ff7e632b31d18f41f494bb458daee837adb853b6b27fe719ebb076bb

Scanner detections:
10 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 12:49:36 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Bundlo
2015.0.3404

Comodo Security
UnclassifiedMalware
18047

Dr.Web
Adware.Downware.1897
9.0.1.0204

ESET NOD32
Win32/TrojanDownloader.Adload.NMV
8.9638

Fortinet FortiGate
W32/Adload.NMV!tr.dldr
7/23/2014

Malwarebytes
PUP.Optional.Bundlore.A
v2014.07.23.08

McAfee
Artemis!2C2E2572E731
5600.7060

Reason Heuristics
PUP.Installer.BundloreLimited.F
14.8.7.21

Trend Micro House Call
TROJ_GEN.F47V0321
7.2.204

VIPRE Antivirus
Bundlore
28026

File size:
715.5 KB (732,672 bytes)

Product version:
1.9.2.2

Copyright:
Copyright © (VideoDownloader_1.9.2)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Bundlore Limited

Authority:
Thawte, Inc.

Valid from:
9/11/2013 6:00:00 PM

Valid to:
9/12/2014 5:59:59 PM

Subject:
CN=Bundlore Limited, O=Bundlore Limited, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
232CE5297F2941A352148152A936FB93

File PE Metadata
Compilation timestamp:
2/4/2013 11:24:57 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:hSxG01zX/d4BL8+iDSMMGLrusGIeQ3PAk0bdJI0iTdVvBrzVxNQahwS5oS:sxGOzA8QMMGPnIkqdHiJXWahbL

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9182

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.