» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Bundlore Limited

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Bundlore Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bundlore Downloader installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.freevideodownloadforpc.com.

File name:

setup.exe

Publisher:

Bundlore Limited (signed and verified)

MD5:

a4512d87adac75534d82b4f17b93c49f

SHA-1:

f3914f32d1a21b776aa815ac7c4caf4092c71b2f

SHA-256:

453a883231f5646af656bc4ebd6fd28ca1a2c414e802e82dddfe8fe2d6d3d8ff

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/23/2024 11:30:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bundlore.Bundler (M)

16.2.2.13

File size:

341.6 KB (349,760 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Bundlore Downloader

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

Bundlore Limited

Authority:

Thawte, Inc.

Valid from:

9/6/2014 2:00:00 AM

Valid to:

9/13/2015 1:59:59 AM

Subject:

CN=Bundlore Limited, O=Bundlore Limited, L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

40A69D5E3B99022B855D14B5FD0A993C

File PE Metadata

Compilation timestamp:

9/15/2014 1:20:17 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:Be1npSDuKOeJ3Lbii5bkgVuN+xSKV7Wkrsf7Ls8GuM/c+w8tzXFj9:Be66KhXikbkgaISKVTT/E8trFj9

Entry address:

0x537F

Entry point:

E8, 48, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, C3, 41, 00, E8, CB, 1D, 00, 00, E8, 28, 2F, 00, 00, 0F, B7, F0, 6A, 02, E8, DB, 47, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9A, 3F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

81 KB (82,944 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.freevideodownloadforpc.com/download/.../?software=MediaDownloader&name=Setup.exe&no_cache=29725e4c45b5e9991634f4ba4ff2d344bdf3c556d9fd67

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.