home

video_downloader.exe

Bundlore Limited

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application video_downloader.exe by Bundlore Limited has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer.
Publisher:
Bundlore Limited  (signed and verified)

Version:
1.0.5.3

MD5:
fd66b5b4c139a885134df8a5d481d7c6

SHA-1:
8abd3bfc9eee34a5b2a326514e04d7737e115fe9

SHA-256:
7cde00204f168caf93549040424c8c3bd5e1ce9a54078fd521c5394f846092b4

Scanner detections:
17 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/29/2024 12:42:49 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.177.234

AVG
Bundlo
2015.0.3322

Comodo Security
Application.Win32.Agent.BUND
19788

Dr.Web
Adware.Downware.2285
9.0.1.05190

ESET NOD32
Win32/Bundlore.C potentially unwanted application
7.0.302.0

F-Prot
W32/A-d96567a3
v6.4.7.1.166

G Data
Win32.Application.Bundlore
14.10.24

K7 AntiVirus
Unwanted-Program
13.183.13662

Malwarebytes
PUP.Optional.Bundlore
v2014.10.13.04

McAfee
PUP-FJA
5600.6978

NANO AntiVirus
Riskware.Win32.Downware.cxdayw
0.28.2.62483

Reason Heuristics
PUP.BundloreLimited.Q
14.10.13.12

Rising Antivirus
PE:Malware.Bundlore!6.180F
23.00.65.141011

Sophos
Bundlore
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

File size:
144.8 KB (148,320 bytes)

Product version:
1.0.5.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\video_downloader.exe

Digital Signature
Signed by:
Bundlore Limited

Authority:
Thawte, Inc.

Valid from:
9/11/2013 8:00:00 PM

Valid to:
9/12/2014 7:59:59 PM

Subject:
CN=Bundlore Limited, O=Bundlore Limited, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
232CE5297F2941A352148152A936FB93

File PE Metadata
Compilation timestamp:
3/11/2014 10:33:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:9BI5pwLfZshrCduppMOwIqEV1pBvVvM7qczGG/sWjcdk5a+k3h5khMqEEajbHp4:XlV4UWKERi7AkY+k3h5YnEEaju

Entry address:
0x3ECD

Entry point:
E8, 1E, 49, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 8B, 41, 00, E8, 8D, 08, 00, 00, E8, EB, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, B1, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 92, 42, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
5.9754

Code size:
69.5 KB (71,168 bytes)

Remove video_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.