» setup.exe
Overview
Analysis
File Details

setup.exe

Bundlore Ltd

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Bundlore has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer.

File name:

setup.exe

Publisher:

Bundlore Ltd (signed and verified)

MD5:

20d1a69cd0daea933066c4998dca0e8d

SHA-1:

600fa99ad4f152f27e8d21902bb6ebb5dabf8cff

SHA-256:

780b6ea0e2b7368a2d2db2d82a1ed45804521aed07da143255323d6263d5f634

Scanner detections:

13 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/18/2024 10:26:17 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3368

Comodo Security

Application.Win32.Bundlore.L

19348

Dr.Web

Adware.Downware.7995

9.0.1.05190

F-Prot

W32/A-c1947da8

v6.4.7.1.166

IKARUS anti.virus

PUA.Win32.Bundlore

t3scan.1.7.5.0

Kaspersky

not-a-virus:Downloader.Win32.InstallVibe

14.0.0.3335

McAfee

PUP-FLY

5600.7024

NANO AntiVirus

Trojan.Win32.InstallVibe.dedptf

0.28.2.61861

Panda Antivirus

Trj/Genetic.gen

14.08.29.12

Reason Heuristics

PUP.Installer.Bundlore.K

14.8.28.23

Vba32 AntiVirus

Downloader.InstallVibe

3.12.26.3

VIPRE Antivirus

Threat.4150696

32210

Zillya! Antivirus

Downloader.InstallVibe.Win32.10

2.0.0.1905

File size:

263.2 KB (269,560 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Bundlore Downloader

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Bundlore Ltd

Authority:

COMODO CA Limited

Valid from:

7/7/2014 7:00:00 PM

Valid to:

7/7/2016 6:59:59 PM

Subject:

CN=Bundlore Ltd, O=Bundlore Ltd, STREET=Ahad AhAm 21, L=Tel Aviv, S=Israel, PostalCode=6515103, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2B4EA37F3705B7372B8ACBBA6F2CB424

File PE Metadata

Compilation timestamp:

7/20/2014 4:48:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:+68wGdG7rnPcP5tW8HeFzGKwEnOQ3y2636pbDbGRJtrRQX+nP+VcI9rMo1d62P5/:+68wGM7rEbEp3yulsJZRd+VDMqhsO

Entry address:

0x56FF

Entry point:

E8, D8, 47, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, C3, 41, 00, E8, CB, 1D, 00, 00, E8, B4, 2E, 00, 00, 0F, B7, F0, 6A, 02, E8, 6B, 47, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2A, 3F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.4484

Code size:

82 KB (83,968 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.