bitlordsetup.exe

Sodobi

House of Life

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application bitlordsetup.exe, “Sodobi Setup ” by House of Life has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.applicationsheartvaults.com and multiple other hosts.
Publisher:
House of Life  (signed and verified)

Product:
Sodobi

Description:
Sodobi Setup

Version:
4.7.2.2

MD5:
f1c692604b9aeddee68d50d62fde979f

SHA-1:
1a3cfa730fc4a0a95252d195b4965352b00b3595

SHA-256:
c179b38f26cb76a5d53f8e06bb3363fa43b022ede6826cd40e4bce1d00456bf9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:42:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.1.3.14

File size:
1.2 MB (1,303,648 bytes)

Product version:
3.7.3

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\bitlordsetup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/11/2016 2:00:00 AM

Valid to:
4/12/2017 1:59:59 AM

Subject:
CN=House of Life, OU=IT, O=House of Life, L=Sogndal, S=Sogndal, C=NO

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0E8FFE1E4086A8FB13C069E8E8571F82

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9798

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file bitlordsetup.exe has been seen being distributed by the following 18 URLs.

http://www.applicationsheartvaults.com/py66Md3vHVB2cvWTEIia5GK_3CNhmpvHq2edlljJwqBJ9msahv8_Ffw1chrPMZI2bwlkx0KLJt31WBxuYobSuAvSocx3gBWclYCP4pXIvLVXqoo_b42szkPCBux5rmcSacICHUzXkeJHvqAvzGfpLp dzkpn7ZegUqEE3iVjXx2J1iiFN2Ws1V9df4xSYED9Yce9DnY2Od4MvXOsnKm8bswaiKSVt5IEoAl44XPUs4hkqtWSOplUhTSovvswquj3ibdkEKfZ-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.applicationsheartvaults.com/5SsbcxwYn76qoLgo_Fe c4m1hyAZFoWzeJClATZg5UNJPeY xfUE7efntWTBzUpDMBMKwzL7QP4k iETKn8S27tAdoL1QTU5c7RY3RKEP0Ugy_F3sVzRiBomecV18sxrHqhTw0xcxm7m__wxhpXDyUBiIzTyJ1KsqFFiqO2c_g8Wosq8PLz60O5fcwpu_VvZiDxxZH05 0FeMqheCSTgTDj0Kg63gk0X8NtYIJZ5xy9In7EacG1vQrIXVlDO2Y6pEnD7SjIP-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.applicationsheartvaults.com/WFy1ZzzN33V1Cv1VpH94JBxOWyLOg1_MCofJeVPsBCmVNBaqkLdPyuKGSYTwDPgxox4N7F0ZaAcNDF7BuWrGRZihS99imf6T2s0ve8m9qKz_W4V1dzFndG8ZPjd3GXGhlXT1PDsBVSKdd6wwiYHoyz8r73I2ZVnFT_1LMy8zLjB_ISc YZFABXZmFdKzN d 1HMxDL7VA66WPcvA73qF3F_sDbG36JI52Dae7DAdzyBSv1nghQwjdarKFHQLVnOXaO9C8fHO-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.grabquickupdate.com/2GbaL6s3ur2dAaL4ypguv96dsvjB9_ejTSabDc80u39aelaXFjJu_5c9DMhe7lG0YF1_zr0qKfK8bjC4Wx_ywnUWgxG5Z1LMQMn5B4X1BsRVakhOxxSITgo85y0i5ixDeVerICOQajiXu7k2JvwS29 9dG60YF8HWuMEKrom7kCyJyYKASJ_6eYbuDME0tptJ23cP7QxOMZ9JKra_dKcZY LEW0Qc9w28MmzKQGf4g40fPU38RFnjVBjSsXwHfXlTY4_GxPw-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.bestmegafiles.com/71uttKvjvNhb TbFpoNb E sxtkikcYsT5nsnrEFW5V65OlLh9Gs_ZEBhFcp7pbpCS6fE0Ma6qVdLI6NLhneEFhboS5JjxTY5rELCuN96m0xftY9Re6xYzuSuKfGj ft8afk4XcnkbwUHC l9i8SqMUy3gpHek2ZIYLCFP2HjTKsKgS3jO3Fh_yJryCyW2pI0Zu5Z3QOIyV_Iy1DlYZgSqn1B2DrmsK4WhMKepipaTWqsCeUqyXJNfb_bDCqw0IrJg7IHCuU-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.towersfarmtown.com/e2xYW5SIw0ETJNcxX2ERIdFG7nWIMvzGx4kE1lXfdsRlJ7YWZsm6ZcZwthWMKP9y2WH48nunXB81PHV7D1khDwNIOeZhOzqnP1odKiBWDQcecZX5_LxsLkJHeA1zOoxhdj_Zti4rNaRT6wCDNpaEnhbh9NSrreVWQcBh5Wz4zOE0 AQgdFNAghY_sq2Mm2eIXpN2SnH6moKhaSBq9JjV71PeiN80DOxKR Ty3pmfHeApyhVOt5WF7RatHHVXiBpPOcesxjoP-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.worldheartuniverse.com/lvOj2ni7UmI77_qOx33QuiFdg5EmzWbFW2ZOqwS5U5acwQSmyGjSr0Z XOwX3m_2J9Ynz7dj1Rgm5w8wDok8q7qQzrjiC87rPFkouxD_ANilJVUxNWEsazotu1nqAkxxh4C97GQrcNhM_1A3CSZZya6jZ BgwiestNcX4lo2rDwknuwrOxDLqVyTZInO7U5ccR0MBC4VrL_ISNiwQGoyk4WRuHvTy_6j2YD5GqgfMRy7JaME XXrW1a4A MG310GrQwE37Hq-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.towersfarmtown.com/IpgrWqHMZEUbvUVCe5aWnHkNhelzQSrElMdnDELtgdk1lBOnyLykmPVtGfTAk3aDaGwYlpbMcY8QJEVARFLX6EUXBfptHGQBXQiJDDJVg_tH5t9kYBM_k3RF0NKGl2LI4 JquaNbLjvMiiAsU2JuU9xzJNHwQ2DbHp02i7M2BqAU38AkSTtonihDCZvsq4SETKHBnSzddj8krRTqLOSP0oyWN1oC6YhYtpSdGapK6MSDaiWYbqiLgHGJWBS4i0yB48OOgaXC-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://piratenproxy.nl/.../DlH0FapNg7aEOTnIz0sjKy fHlJlCB6vsK4NywSsz48 9LduVHGdjfqrL0 9485TP3HbsspUyx22WoUgBaWtJJOTWHBCnNedFoBH2h7aUZreQUk4stUlPMDuyVWITrkwzdIrym6F3dtz4um3q0PUcwvXYQlx2Znjqsei9jIbx 1AjiPRsN_We1qYs7PjCXzP0NuM8WrEDlgbqB5h8UPPqsjh5V 2vCi_lvKa6vRANj7PL3gD l4Tupmn Z6bmrPGnXW3 zQs-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/v6DVi2EJ24Wtomsl1Ue7iGQefgKEWuuHFEs8xsJ3kpyL6bUVqmOWLNCcpKMYz_2sGE N0SkEeOqR1 EC7jhkZgKvVRWnjsNZQfNuFjSdFgoUE75fFlflFvleAW4A9AnAFc_yiL2Wv97wcEqgRdOVmX_wYSmDYeDhCYPTFezK9UvrF_e9I6M_GPdjnbuFxLNxk42hSkmnmNYAWtZy60Hy19YDQ5LltLCWIxsPYiJj1ZhJMVou44_mzEWE_L9VEq4CAR9IXJjk-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.grabquickupdate.com/QtAFuiWGqu8iIyb0zZUwCQ0Ew7e53_pKSd1H2Opsd 23l5OUmE qLioCak2yG6eVUHgF0iklSQQG7I1eA2FzJwB4vXxWCT3vipipgkWDG4iQt2_hJNcYhfL0Fz xtyMZBMQtbCEV5nD_GURLSDB63gcJ83R5JR7s9qA14lHRQoX191RuUp6jOqUplfkBRRjwSqBi541sAsBf8J3zMUe5k3ofOzI3c2LuXIMLc4_WI9_dPvix 4557SR3e1ts4a24H9f5DJfy-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/zFIuAk_xNuCXMUFIboGmphxTQ1KQeLTgHU78mm2sGGSP2Vr6 s8KZs4XT87caqpCPVKvrTDSZOy474mIwf1USo2GSujq Sfbh3Qlf7G14rvckVS6hRHIA9z0jJyT6jtV o3JkGO5OOlNoULwCKtMmMltQdm8B7wfPCIkNHs4PI2lpl1RKFChA2yx5wGYg P3ojCQ7sTpHiICX6ku1DOt5OoFLvMQL0zr6Q2507nBUTpmUryB2u1nzx94sq2LUwUkme_v At4-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.worldheartuniverse.com/zC1zkuNzyNuR3uB3f_l7CHYGQtc5dkMJKZM8Ebjm6Z9LWxt0Kn712r2Kkt7U8hSUlAsSTJsnzkM1GsH7BZXL7R MQypvbTeODL10hIc8646bql_3zVd7bE_nJzwg3fbfqKpw6p1wbNlQBJdmasPRATNI8hJiXRGPRMtcbDPGlDaxW7_rPYrq5cO_Ol6fWekMkZ2SD3pW6wEPboK9RTHdSnBd oJqPYb2LvtNzJP Y_PwBR Lj2UZv93NqdimtCp yKIUzmP7-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.towersfarmtown.com/Zus3GqVXMScegkF7org2rnCjz22gYKpx6xOV9Kx_np4rAYR6hrwijWGX9k8PlxLMn e7q7fHeTd zIzuJkATvLXiudsys_Eayhe1cAK2x_gwwToiA8DFqTQW1x1hr1xEg8RYqB332eDcRjiPbovfk4XQNgcYR1J0xmV25aL44aNYgSfYu9euUXsJ6RCFuygRac8MHQ sayMDoivdBKZDfkos9b8ZuCkQDRX7EK SqtKEl7yOJb3P70u5hPHHzyQVdr ts2Ns-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.applicationsheartvaults.com/HRp0Y3vlSfXvP1Vl1cR2kly1A3QQUjh9LKmSqJfeutlq yBg5xwu3uYpa3lkADi7iy7DmbSuq8UZw2Aw_qjeNBtbLu_akeHKB7bKXIIhMUyj Gba8Rpt4Z8Ht8erxlZrZFEIRi94RvUr fussxLEi5nM2pF3S5XbLnUKFpHCJO2wrmkoGCngVFGzmiILY8WmSo0JxhVZdahaa0MV oPS5pzDITvTUcUP3hDJ1xTYxBMcUsoRB9Q048ivIZ1I13p 6u64U6Uh-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.towersfarmtown.com/JXrie6GkZqe8V77e uy062zaNX5XeJh_rAhJXPNcHWhCbrLX9gZu9ttL5psB4sPsKcNz6P25naVYH5lHN0U VSplzI6Dcx5uD9Xjt1BUxlnx3FzwXLptsHPk4efUWfunVYHgclFgCDg2U8tgtQJNcWBFV4s5 LxLxbcx3OASYnppIYw_o7Occ2gBkCJFB64lWGZRnmMjg vQWQRyqBzamZoT4bKN0IqZ1YRuoGM4Cvdjr RPNG1lY5I9FD 7kqo_GtNzgLI9-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.towersfarmtown.com/Fd aaJKy3PNK6415WyokHoz7R3c1IFsAXMUjUEJVxcjwl_g1Uzc7Tq5n25uFeYu1VnjKZO71IkhmW9L0l9S0YTe9NXuruNjlU3gy7Fh9jvj65cG98VvNeX3UMuIozEwrLN31HBxlLw6gWs5M3NLOyDZ2oMFmeFg3thlVTCtDv7pDAUSRpF_mNQ1Cemy oXNDqUpHA6SM4S63TWF9iOdhWdwF9bAutyCJvhbTCCBw u4 U1kFVxJXwRB9HkHrevkFQfLn5Few-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.grabquickupdate.com/SQfESW3L swf_YP3StQ mAZaigV2h8HWt2kmUXHcTJYIohhRv673t0Er0QidfEHos2U6niXP8lHsACI3ElxhGTydKiM_54GQD7Vtm81MQ8jeAqqCZ fH5vOkFOufzFudxyISuxC44OedLOmqz03FMlquAimQqUq MJ9JzqQCStR Y3R7Zai8ZLYbLcrj8ZZhjGbxYHC8Jo6 RtjHLAr16HCuhWnXdueaStvzatmP8vnP42kfEi9qoProX4eAURA4A7HgnNCu-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

Remove bitlordsetup.exe - Powered by Reason Core Security