home

bitlordsetup.exe

Budeg

House of Life

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application bitlordsetup.exe, “Budeg Setup ” by House of Life has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.safeguardupdate.com and multiple other hosts.
Publisher:
House of Life  (signed and verified)

Product:
Budeg

Description:
Budeg Setup

Version:
1.4.2.7

MD5:
740aa8932e8d4e4476360546fc6323d6

SHA-1:
3951269c2ddd4ced175eeb12ff82369005384ac6

SHA-256:
87a29fa2b490933841eaa9015f27aed0e003783dd2800ca66e8e13c894d0a51c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/8/2024 3:40:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.1.12.22

File size:
1.3 MB (1,403,136 bytes)

Product version:
3.4.9

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bitlordsetup.exe

Digital Signature
Signed by:
House of Life

Authority:
thawte, Inc.

Valid from:
12/26/2016 5:30:00 AM

Valid to:
12/27/2017 5:29:59 AM

Subject:
CN=House of Life, OU=IT, O=House of Life, L=Sogndal, S=Sogn og Fjordane, C=NO

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
77DD66F8463792FF8C7544E4CE670D2B

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9837

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file bitlordsetup.exe has been seen being distributed by the following 26 URLs.

http://www.safeguardupdate.com/OSH7HKoyS0_MtStZELdjh1ZLbz5aLpDONAsgk3yZN2CPTwY0A2wL_YYpIt0xB49f0IfHFnEjX1SfOJVZUOBePGBIMtIKLm66neAfRaLrihxXx_N okE JX4S2HjBnC b6IO02jufUlo_b_QA4qDH9yabRWG cMfugwWet9G8ITMoZCuAYvG7YSPqgE_3QDBirb5nKT177G7xhQfk8p0ZZaav0HrakQ==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/EDuJlpUeouuDwsTQj6XBAuB1cd2G5hLxOvN84Isn0qmUKNsmx4nQjXTxgU6N4kPxAsrEMlvRJTiWSdDYEpBX6vHJrrCIfUM3N4OVk65L3mPfJo8rc0URIymfz 2MM7ZWKFWzyKUuKC3qFtFD2IyyDYhMWg4shnWDcrMZCiLjxiQ09UVrIt5BRjqdIVi8 xCTj2u9s9gSvANpTrZH591llzLXHPumhA==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/T3ig4RqH8vlsnspaanX I1dV8nveyRmewht0L6vpRvTID090zxOmZtAkEhq7QEmMQEQVo0DVnYk4JtwlD5Om9DNy0uvAOWfhJFTzkADDiBWHDIvahEe324gk7_wmT8SBDzvkJyPyfG1LtlqaLvIVbGrxcr44dw_rfSGKR1OWkmfAMNx6AxE4O43SO2KnbpjaweFzCm1kX3upjwMlw4aTxxpnUU iYTiLPFdVpHmr_f8kLIp4stSgpVgDIIdK2zmVPFWswHMvPOy1TgM_L1hRWwWBiE1oaA==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/gOzRPfw0nBkqVaYBfSdKKfTuETLEdB25HhuV0kiraOLxr2HQNoupxF12BwGIOs_ToQyiN_UY0 TE72Wi3JresZEN6EcgtgHhYnkvksGPjkGj8m0KQo5XCIIjVCekk2RusL49GmN0jJqYE1JaT0hL9bOhycrLCXLVHBjzRQNtZO0aEA2vZyU4mEviWlB1EzuS8zWVzoPn6Um4lZudJHU7yJW6KqlxvPjZRktMTLck6_n43B7Tu4RReg5xqhZVlFtkGQB40L Fr45OPJO0Y8LwQ3VWg5M3ew==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/lqR_QzcLZLW_9liTgHMjd_4TN0LFDFu53RTo0YaWMe6yU4K DakA4UiBvuSjyj3TkfywsC40tRc4Z5qseqKJaS83o5MzHzvX4CiJMtnBdTJvIsshdcv89s26tuTQUYIpGALYyZJYL59pg9oSz3FN4TWmwt_x9oVn3PuJjs1jvSIev0yIHaRrNrVxCsA0cLcnP4i6Z1r8qiY9CL wcB7zZAurGdFGZ2nMqT5LUyYySFpHcsHvQbHVN3z99E96_NWik4 5 FjVeqpylPjY1Mi IFurxi0T9w==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/hFhmGekCnhvRZg9PiwZuOfRuRR5deyUtm8bFwjnfooRh_nNTWj8_XH1_HL300UP HzeKUALJK8X7KGQKdkuWliUO8QY DdMoMe0fAwZLRoqoojaJwFGB9hHOVHLl82F7QdkNfhVx527osLo0Av3MLu9Trx9oe9D2E9F8IeMXNE455SsDztUZvwk1fdegcqg86BBdqjWHsyzGyAYFjh61jjs_sumb4Q==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/LIZ4yLjsgf_i FyQO8c53iG14q0zUQisqHE E6aHItoLKFIvva18fHxEaUUU69vu7PPfvzwGKe2X7qMWCL7xm5NffEiDq1abFhrJUmT_wExF0RXt71Fmmca KmYtlEL2llUdk7JP3QsfwfzqLT4KjGp0IqvzN5jPNdekWaQWefuhiR81 DFpYAAGhLdiE8aIIsqXNaeUEVQaPqAjJbukRXN3NdgfXQ==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/fHcuJTuQDSNfBgqpVRpHKE0_hyb0uk2yO19RPVGM7xGOHXSrjYYTBHdbWVndcIbUYUJtLkbX6PbHHvQTvu2fE3v1sdIOWUu2HRZSwJ3dhbjgg9kvwB6t6XxYyG30ioeZDbXbRODv0WoaZWV3MICcGHg4psSmGQ7KWamlM3g4cSwZuTyuVh97_mp6eSKCyi016eb5URz5SMcr ncVOnQQ2hoGdD3Bozp7UDzA5pLgEBmud4DXzqEKBJFKia_aOWX3rGdxG7YoDEg45K_Au4UfIY 2_MKW1g==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/7BNtnz_WvbDdlwSy_fx5yXgfPHVLIJvNN_kGMPavfIXIj 1WFeSXuZfe67mMo3hEIinHDX85WjLiHDpXM4UG2RMAkzWJ2syj_LqWg7hkfmuftDBqABuJqs9M10lbm5BuU64zWqLz8mFtsSRG3F0a mBV6oqDrgbxuuoExMFly0fWYj6dv5AA_FNWuQdkl9IIfQes16kh2qqxL0n0MXJvZT7fNS9dl5_HnrJNqzMlzF4KDfUvEKyMb1R8UErabNgMJZgrRZEK1hm9czr2HBqMBQyFsMQBQw==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/Bn_78Cln5s_aHDyLSXokCtZM7icT6tXZQJcH6pIhttka0qqV1rtkm8rUXfnCTPLsWmgqK7KwRZLq6OLQLE9eskwNKv3J1IjDrFO2kH111F7N32GwmjpJqPgCyzFsn8A S3qmaKmwYKPs1faIsZF BpsSc_KxS4fIIU6JIMYS7cg1H0PI68ehcIHWBQxtk6i_X3KesV5yMB9PADdU3A PLTOraeVkKw==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/OoLzijH4_DLOX1GgDZobjzBPGZL9g_TujdyB0yjDSqbK32xpp91p2U2mT8YnJzqBN27gWzVg2pdQyOyKqqLhzI9ZFXrwIPcd4SKLTtpYVU6uSBl1rvJWEgNLgakZnSiQpgsZHLiOpd2KhhBJU2_EJ6WDcwqL4RACbfSDoAUoP 4MVlFx7EnEj40UCFSIpJopxOr8yxP9Ihe9DrpHPXOOoUkDsTQ0zQ==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/Va2aMMNodIUqyuNhkE6UNXL0SwYY9SmDjrzY4ndp_6A0Y1Wsqjy7ncHI02CJi_8uQ0SS752vg6IZBeTsm_9RoH45GXL2E82bD_GfkMKUC Yl8eQYJyBvc X7UpgjNQk6AnGL70hysRMSjrh7M_g1bgkHx89Ozr6zLgUgcgFzfL8 xyX_duIga 1dpG8LMuv6Y1xpj7sol93NkDlKHaEfLOKPeIGMYNXUP6ULxbNI_6AhJhdLykYl0RK2qrGJuLe9uZkUNqBb9yRp9jLEHAoiuKbyg9vVUA==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/c854Z25E1Mcyjwr5vXqiDAD7tS56BXBYgY8XZR bZSHfRp5SjrBGSmqj2NYnv fKCqGzq1cRa BJeAqYZJpoIZNFnefgtJICb3CAwmqLiwyLVXdaqypvdYksjKvzX_4uHeRjNzKFO7mp_0N_raxAiQvkWJyk093pymK zcxvCYzB__wsReifIS3FBSc0EIUht9vJcXD_rR86tf2Wmh2HXD7WkFgrGQ==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/RmGK0miwUhWWSZIFGs4ensp aVgzjScrGuBgDLG9VyHEWVDXm4p vtGu_YqWqMVa9K0YBkLmwOlaYVAG uh7x1 VVJvrihhVNr_a0JaXR7N4OmdfMyXiWgOumjCny_OoeILyDGSC_ZseaZIhDeysVKPEKUliYcWUp5e_tEIqGvV7q f9ofscnSRgjezQZbSniBJ4BB1AdNar_Xwrt_Og7Sn_UZlMkA==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/QOAkg5 AEizMq9AbYyL3WWYEd6OtasLAYlV2FuoWnCZHmQQ1roOilbklTwISbP4PZzjIzkEfJw2h8fNUh4Am1XkEWB4WOurvsP_N xLReYCLsv4PCWuj9Ug3suGQDLyECaUmmNsHfa8RqMjYgfrgdsE3zAIcM3fTpfOURTDgDnlXsDynObM rs37dpjFMjB523YR6JCyph3u9hFUwbppnoHY2OwKT8dvn5iDxyABhUHrCNeEk0KsjEX0c 5rTa7VYYLiGq8u18tdOhOqv5wKnE_u_PCdaw==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/5FQliR0j2ma8 yaWQWioIDSewvtWkH6X0jPYlFDxiT8eHQyfkmpoIeHSypsBwCpGhsw5nyDGaGLNt0OHt7aSRwKhbBbKVpj_3T_bFNnHvqbFuMtO_H8JK7Dg 0zkYmnyjgcueru8zo9pDuY3ojAab6b01RHahNhhuhXwuIYp74_Vr2pYTvv9UOHnkHgK WxmI42zbiG3BEdhT17Se4yAblZg8s_JG5YpqUKk8ceDAxXBw4jafB7H7o7rFM9tT0UCY8S7lrhCkRWaPdaPi0zyvXGIF2OJkw==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/Ms0_ sT5gGMkboyQuotm9FKJjvGrwvFZu356y20O17gtCKP2BJu7JIawBxddwJutFOM9rNMAT1aQ956OCAy 843gZKPN5W Bwgp_fZhXSTZms06RhAw6OkT26VY2za5DNn1KIV1RJ5rWobak1vIDxcc8g0sGXUCEARpZUI DrGqgPW_3 4_d7i0g5WR1zR2hnhZegFlyfPHFQ8GFG0ehFSUdKOze9A==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/3jML6PGzQGEIqcreXUTCFO3YY7bfpXhjtTFk8gn2izfjpst7NPXXDLJtucD9wRiPYUY9WvulBL2_xhSlFYP7SLs9cidpgXi8XQVhi_fQDkpnQsbzmWVJ2QM01UZshh5L LuGVF5Q69seoBsDYaAf0QURFfN30B6Rv5VVBtAOP qx zHmNAt6J6kuT4F4ooGG_6gqb146GlJiagcQ zjZoIWMML7SHSlOkABNaJH1GNM7 yYhx7ShnvQSd_APyNYFY_V7KRmD3z7N_FOeVt uwMfMYOJauw==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/qRq_hcxbpOK34do5q9IVPiz6avvUnO30ZgvBJ2lFh4S56P7OTs2FknuuMTQXRQUf 30bUIjCTChsWLxXKSWq9X4c6fi47CXeWoJLo01mcnV24kb8F6F9CeitEswrxSuyEho6_0yWoBScSpAXlNtjwJtxpwWipuUwFa9a6qOlkt_8HmBK7GjZuIki7INcqQuoye46 waeH4i6QNdn2 acAvOhxR8HaMKWMpKg6xDo9HpvUnL W2 G9VFPnoZQmGZgnqkMRP4GhOhVqsUZzJCIRiAXLY0DVg==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/aljusaEoroVmlTYWusy8IMIgp CumTc9WCxrPexpYv_ywTBOTawYgAWby1wkv4aMqsPQOm GWdi8R8qCtN uwlpyhaiVvutDCeE6Gw_U_Frff3CH80gRZRY7eWwBnhGcQygnN5XQAqew rKtsllilo76M5kHMLGAbvYIzKM9QeVgFc1 Ut8eRYnbMTbH99xsfTNtv_jTirJ1fNgqGCj7t3XnCOKctQ==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://cdn.bitlordservdownload.com/aJoiNRl6hXatZMzurPJtRmgF2Xs5Ng3px3xyW4RdoeG1SfNpxz7FshMSaC1gtlhGjC7OHC4ginjMyn0Q20kfgxWgyBr5VUD0WU8PjG_vyZrgsig3WTn5uZ30Hpbd_1cw7FQ3KSQpdDybO3I5QjMppRPWXI8jLkkbb44ObJY54nxrzAlfilFA7Lljdbh4zu0uOkaMFeLI-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/ofcUq6OyLLWGjGsj9mAwBW6kfmjyqNC4nRcScwKuE8XL_0fikUe8M7E3J8T Q8G7969YXk11pv5ZqoTVXWsL1 7yXSG17QXsBwkWeX nAki UOFwF88rvJ3n7jqlEvTYv5I1FbE8eaWbgoeJgMVkO_Ei1Ye8x0TNwFYfU0ZdDinRLOjp_dPiFVyU8Uh8ukL8m_cdBBBce5ssI4BviV0cF83JUnv_KQ==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/bbFTrmiFBjhKBpCneszNXwy3S242oXcJxKhQgxskdxkUxCxuWagVVYSqEzHXciT_1okU9Qnw2Vzh6cxwZkAFgejQwacgFuglLZWUUaLQ4MUAOFNqI5n6B8O0RcTpohrUHaCkyK1uFOR5l7yAe28D8Rm1vNqWfvrrJTsHoLu6akahirKX97_N7iue1YFlakLyZwBZRnZMxDzhzUMH6Y3allYlxpnpRPMWBi9veEWiPfTaBji_vMbwqIoiG2pAI0xUjwDXkfPkKWDKINy6sRMpiMqR3JVJeA==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/qLT7sjgT9vZhCo7IevzFGbFmr_WlVXGs7dwSP7Era0 f2lefjmMTlEhFKE_Oyszt9Iy0GL1x1U69V0usdgGSrTFO42HLWwJ_T TdA9ROPxvYqchfAG7p h3bbDwVSaszDoJMhXmq7xPcMQvRC2G8ojSSwGEGX_fEDf6F5ZxQsfeVvPQgr2n1gLIqGnnQSpxzVCqCguFjQS2L2l5OvZv zOKZDkaG41gWsRSYG9oHiRvx5nFY9zRqRTtMElP9eODNJ87TvGE 5OOaTuBgg1jD8DqP7Tt HA==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/aG8HxMbtSlo79Iq0iJShGX84_WHd3sfgt0MYWGI7ONNvc7Cm_7y6p90ZNJ19wOGcoqiI8_gx3EUDoX3TCQi0IGu7v jGasByvwAN5b0bOs w tdN31Hc2q9JWjBlfgMDdkavReiNIllnGuDTZN7CPpcluzm6Q1_yM3OZCpKLmZH7ex75g7 Y7L6ZLTlL8Mxck9lGK3eNUGSScnbEMyTL6q3ZUzMs2xqPIeVzryXFLOCIQWeewa_LaYLqsOfB6rx3AfvE6ygQ_pGRsEL0gjbDOM3DqWa07w==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD-e

http://www.safeguardupdate.com/rV3KyZo_hMZFb5wxTPsb5F6h7PWLRy2aIfIDixD_2D8q6d_J7mxiHwA3W6GkDElNWUJUCbZvG4lc jvAJN43Aa7Cqee9mglah3sjKwWeXIAIKwAQ8XsjqH6IyePQD7oR04qjONworriNneg887E40uhgLNpI2u7B4s Suvbmb28p50ldW0MjBHRTiiDBiUuA5n zRRHmhacnbkoOmoTymQ7ug6ZHKg==-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

Remove bitlordsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.