» setup.exe
Overview
Analysis
File Details
Downloads (21)

setup.exe

Bundlore Limited

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe, “Video Codec Setup ” by Bundlore Limited has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer. The file has been seen being downloaded from lax1.ib.adnxs.com and multiple other hosts.

File name:

setup.exe

Publisher:

Video Codec (signed by Bundlore Limited)

Product:

Video Codec

Description:

Video Codec Setup

Version:

1.9.0.4

MD5:

8314e05dca526136d123cc56adabf755

SHA-1:

ac4114698c3c01d14225271a81037320bc9289df

SHA-256:

a2454dc7b4c54614271da676d4b2cc5e317872144fa2016386a9c5e9b16593c6

Scanner detections:

3 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/23/2024 12:02:14 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.1897

9.0.1.0210

Reason Heuristics

PUP.Installer.BundloreLimited.F

14.8.7.21

VIPRE Antivirus

Bundlore

26578

File size:

752.9 KB (770,960 bytes)

Product version:

1.9.0.4

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Bundlore Downloader

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Bundlore Limited

Authority:

Thawte, Inc.

Valid from:

9/11/2013 8:00:00 PM

Valid to:

9/12/2014 7:59:59 PM

Subject:

CN=Bundlore Limited, O=Bundlore Limited, L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

232CE5297F2941A352148152A936FB93

File PE Metadata

Compilation timestamp:

2/4/2013 1:24:57 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:DSxG0wzX/d4BL8+iD4ARwVvj36viIM2jfl9UsGIeQ3PAk0bdJI0iTdVvBrzVxNQt:GxG3zA8pmVDxYj5IkqdHiJXWahb2

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9245

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file setup.exe has been seen being distributed by the following 21 URLs.

http://lax1.ib.adnxs.com/click?Er73N2iv0T9mNkTsflvNPy2yne-nxu8_ZjZE7H5bzT8Svvc3aK_RP2-TPQH7kflzlYOd0UfbKQOkGKVSAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAATr4AAQUCAQIAAIoAEyk0SQAAAAA./cnd=!OgYoOgiL05oBEPPgjgUYhfITIAA./referrer=http://tw.neisd.net/classroompages.cfm/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=lax1CJWH9oz96PaUAxACGO-m9omwv-T8cyIMNjYuNjkuNDEuMTA5KAE.&pubid=2024463

http://lax1.ib.adnxs.com/click?htIXQs770j9OgVAHR4PPP0oMAiuHFu0_ToFQB0eDzz-F0hdCzvvSP16dyQ1C0YRihYOW5TZYymrFYp9SAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAAmsUAAQUCAQIAAIoAeSZk_QAAAAA./cnd=!OgYoOgiL05oBEPPgjgUYhfITIAA./referrer=http://www.denvercenter.org/about-us/contact-us.aspx/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=lax1CIWH2qzuhpblahACGN66pu6gqLTCYiIMMjQuNi4xOTAuMTQ3KAE.&pubid=2024463

http://nym1.ib.adnxs.com/click?KGn-mNamxz-ZjzkJhKHDP2Dl0CLb-e4_mY85CYShwz8naf6Y1qbHP1YgaR6JmT9M0WsD0MPEkjbP06NSAAAAABrkHgA_AQAAdgIAAAIAAABzsKMAFvkEAAAAAQBVU0QAVVNEANgCWgDYlgAADaYAAQUCAQIAAIoAvSncmAAAAAA./cnd=!Xga1Owi6tpsBEPPgjgUYlvITIAA./referrer=http://www.nationzoom.com/?type=sc&ts=1386025648&from=tugs&uid=WDCXWD3200AAJS-65M0A0_WD-WCAV2C44550745507/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CNHXjYC9mLHJNhACGNbApPORseafTCINMjQuNDQuMTkxLjEwNigB&pubid=2024474

http://lax1.ib.adnxs.com/click?OnZQiesY1T_jV8V-w4LRP0oMAiuHFu0_41fFfsOC0T86dlCJ6xjVP963bkeDixMNgwMgyofVREP5hp9SAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAATnAAAQUCAQIAAIoAvyaCcwAAAAA./cnd=!OgYoOgiL05oBEPPgjgUYhfITIAA./referrer=http://www.hulu.com/stand_alone/60308104?lcname=ESMABh1kZWZhdWx0UXVhbGl0eQT/////Bhdwb3BvdXRTdGFydAQABhVwb3BvdXRUaW1lBUJ0K/J 24AABi1zZWxlY3RvclZpZGVvQ29tcGxldGVkAgYnZGVmYXVsdENhcHRpb25TdHlsZQEGFWN1cnJlbnRQb2QEAAYhYWRDaG9vc2VyT3B0aW9ucwEGOXZpZGVvVHJhaWxlclNlbGVjdG9yQWRVbml0SWQE/////wYhYWRTZWxlY3Rvck9wdGlvbgEGLWlzVHJhaWxlclNlbGVjdG9yVmlkZW8CBhFhdXRvcGxheQMGF2N1cnJlbnRTbG90BAAGH2RlZmF1bHRMYW5ndWFnZQYPZW5nbGlzaAYjcGxheWxpc3RBZFVuaXRJZHMJAwEEkuIzBilzaXRlbG9jYXRpb25PdmVycmlkZQEGE2NvbnRlbnRJRASOsLqIBhVpblBsYXlsaXN0Ag==&continuous_play_mode=4&continuous_play=on/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=lax1CIOHgNH8sLWiQxACGN7vuru08OKJDSINNjcuMjEyLjE5NC4yNygB&pubid=2024463

http://nym1.ib.adnxs.com/click?bjR1fu0hxz8zMzMzMzPDPzMzMzMzM8M_2ZUSWdYD0D9j00ohkEvTP4Q206nJ1q9vuEKWYbvIUBnd3KFSAAAAAElyGgDIAQAAdgIAAAIAAABpsKMAUWsEAAAAAQBVU0QAVVNEACwB-gAHmAAA6JUAAgUCAQIAAIgAISVlfQAAAAA./cnd=!yQYIQQju3JkBEOngjgUY0dYRIAA./referrer=http://tags1.z5x.net:5280/an/?id=1733193/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CLiF2Yy2l7KoGRACGITtzM6a2fXXbyIPMTYyLjIxMy4xNzcuMTkzKAE.&pubid=1733193

http://nym1.ib.adnxs.com/click?bXNjesIS0T802ZoIdlfMP6SIDKt4I-w_NNmaCHZXzD9tc2N6whLRPwA21u41eDIIC4y4o-cILxDYDKFSAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAAoccAAQUCAQIAAIoAzyQ9kgAAAAA./cnd=!OgYoOgiL05oBEPPgjgUYhfITIAA./referrer=http://tylerpaw.co.fort-bend.tx.us/Search.aspx?ID=100&NodeID=100,101,102,103,104,105,110,200,201,202,203,204,205,206,400,401,402,403,404,405&NodeDesc=Fort Bend/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CIuY4p36nMKXEBACGIDs2Pbehp6ZCCINOTYuMjYuMjEzLjEzMCgB&pubid=2024463

http://nym1.ib.adnxs.com/click?bZBJRs7C0j8c__RVqCTPPy2yne-nxu8_HP_0Vagkzz9tkElGzsLSP5DhlI6LM31nJsh8vr7mHxwTzKRSAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAAuaQAAQUCAQIAAIoA4Cpd6gAAAAA./cnd=!OgYoOgiL05oBEPPgjgUYhfITIAA./referrer=http://rvzr2-a.akamaihd.net/sd/cpops-1.2.0.html?u=http://rvzr2-a.akamaihd.net/sd/apps/fusionx/0.0.4.html?aff=4300-1008&p=BetterSurf/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CKaQ8_Pr1_mPHBACGJDD0_S48cy-ZyINNzQuNzAuMTkwLjI1MCgB&pubid=2024463

http://lax1.ib.adnxs.com/click?wr6dRIR_zz9UXsAFuCTKPxSuR-F6FO4_VF7ABbgkyj_Cvp1EhH_PP6JjKpp2P_UEeQXaWuySqC79kqJSAAAAABrkHgA_AQAAdgIAAAIAAABzsKMAFvkEAAAAAQBVU0QAVVNEANgCWgDYlgAAPrsAAQUCAQIAAIoA-iflwAAAAAA./cnd=!Xga1Owi6tpsBEPPgjgUYlvITIAA./referrer=http://goodneighbor.corporateperks.com/holiday/index/rem/1/uSource/DRIP1/guid/145D97CB-E2E1-4BBE-BB7C-741E8C0EDBD4/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=lax1CPmK6NbF3aTULhACGKLHqdHp7s_6BCIMNzEuMjEuMjQzLjcxKAE.&pubid=2024474

http://nym1.ib.adnxs.com/click?e_Xx0He32D8m8k1ozIPUP8HKoUW28-0_JvJNaMyD1D979fHQd7fYPzGwT_9Qj1N5hXLp0KNaFxcgaqFSAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAAa6QAAQUCAQIAAIoAZyyyyQAAAAA./cnd=!dQaWPQjA2JsBEPPgjgUYhfITIAA./referrer=http://www.lavalife.com//clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CIXlpYe91NaLFxACGLHgvvqP6uOpeSINNTAuMTc4LjEwMi41MigB&pubid=2024463

http://lax1.ib.adnxs.com/click?43g-A-rNzD_lpkBFWejHPxSuR-F6FO4_5aZARVnoxz_ieD4D6s3MP0O-QxnHaNIwcPI7KI9BiwkGBqJSAAAAABrkHgA_AQAAdgIAAAIAAABzsKMAFvkEAAAAAQBVU0QAVVNEANgCWgDYlgAA4cQAAQUCAQIAAIoAKiiW6wAAAAA./cnd=!Xga1Owi6tpsBEPPgjgUYlvITIAA./referrer=http://nhahangphuongnguyen.com.vn/tin-tuc/Cach-nau-canh-cua-mong-toi.html/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=lax1CPDk78HysdDFCRACGMP8jsrxmJrpMCIONjMuMTQyLjIyNS4xMTkoAQ..&pubid=2024474

http://nym1.ib.adnxs.com/click?xHx5AfbRxT8ymBr8WBzCP-kmMQisHPA_Mpga_Fgcwj_EfHkB9tHFP98JqkepfWgtFTvVl-sBHj41uqJSAAAAABHkHgA_AQAAdgIAAAIAAABpsKMABfkEAAAAAQBVU0QAVVNEACwB-gDNlgAAqqcAAQUCAQIAAIoAQyYTKwAAAAA./cnd=!MAbEOQiL05oBEOngjgUYhfITIAA./referrer=http://xbigg.com/gallery/naughty-young-asian-schoolgirl-gets-gagged-and-blindfolded-for-torture/index.html?7x8x972/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CJX21L65vYCPPhACGN-TqL2UtZ-0LSINOTguMjEzLjM5LjEyNCgB&pubid=2024465

http://www.onlinevideopctools.com/download/.../?nocache=a53d4f2ff11cbf9d3130b19fa56c459d&software=VideoCodec&name=setup.exe

http://service.mediasrv21.com/.../?appid=308&subid=lax1CMi3tI3n0t72TBACGLPdkeno6oL0dyIONzUuMTA5LjE3NC4xMDgoAQ..&pubid=2024463

http://lax1.ib.adnxs.com/click?0m9fB84ZzT-Skh6GVifIPy2yne-nxu8_kpIehlYnyD_Sb18HzhnNP7NuJI1WC-h3yButcZZ67UwTsKRSAAAAAA_kHgA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgDKlgAAaL8AAQUCAQIAAIoAJCeVcgAAAAA./cnd=!OgYoOgiL05oBEPPgjgUYhfITIAA./referrer=http://www.bcbstx.com/throughitall/?source=TXACA72730&WT.mc_id=TXACA72730&creativeLP=SCS&creativetype=hcscacabanners/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=lax1CMi3tI3n0t72TBACGLPdkeno6oL0dyIONzUuMTA5LjE3NC4xMDgoAQ..&pubid=2024463

http://ams1.ib.adnxs.com/click?PweWI2Qgrz8OXWDBw9WpPwAAAAAAAPA_Dl1gwcPVqT8-B5YjZCCvPz0C2j18XlIIilgrYAMuBisbmqVSAAAAAMwFHwA_AQAAdgIAAAIAAABzsKMAehIFAAAAAQBVU0QAVVNEANgCWgD1pgAA9LsAAQUCAQIAAIoAGx8KTQAAAAA./cnd=!kgYQPgjNv5sBEPPgjgUY-qQUIAE./referrer=http://www.ulissedeluxe.com//clickenc=http://service.mediasrv21.com/.../?appid=308&subid=ams1CIqxrYG2wIuDKxACGL2E6O7Dz5epCCILOTQuMC4yMDQuMzMoAQ..&pubid=2033100

http://www.onlinevideopctools.com/download/.../?nocache=7a9050b12011defeb6682cc451a2e915&software=VideoCodec&name=setup.exe

http://www.onlinevideopctools.com/.../setup.exe

http://www.onlinevideopctools.com/lp/.../?country=US

http://www.onlinevideopctools.com/.../4958535c?country=US

http://service.mediasrv21.com/.../?appid=308&subid=nym1CODm3rbWiKC7aRACGM7Vq8Koxp7gfiILOTguODkuODAuMTIoAQ..&pubid=2049659

http://nym1.ib.adnxs.com/click?xQJf0a3X1z9MQnW1DcrTP6AaL90kBuk_TEJ1tQ3K0z_FAl_RrdfXP87qSogyesB-YLPXZkWAdmm07qVSAAAAAHtGHwA_AQAAdgIAAAIAAABzsKMABfkEAAAAAQBVU0QAVVNEANgCWgB-kQAA0LIAAQUCAQIAAIgAESmjGQAAAAA./cnd=!dQaWPQjA2JsBEPPgjgUYhfITIAA./referrer=http://stats.prestosports.com/stat_entry_instructions/clickenc=http://service.mediasrv21.com/.../?appid=308&subid=nym1CODm3rbWiKC7aRACGM7Vq8Koxp7gfiILOTguODkuODAuMTIoAQ..&pubid=2049659

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.