bitlordsetup.exe

Lil

House of Life

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application bitlordsetup.exe, “Lil Setup ” by House of Life has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.safeguardupdate.com and multiple other hosts.
Publisher:
House of Life  (signed and verified)

Product:
Lil

Description:
Lil Setup

MD5:
6748ab36758da219b816bbeae6711cd7

SHA-1:
420abd71116f786ede8749a3f2dc4eba6b27d6ab

SHA-256:
8302b3c59959c351781bfdbc4edcb98f0b84b8f49b050a129fb96c69d44f51c8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 6:14:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.1.5.15

File size:
1.3 MB (1,326,944 bytes)

Product version:
1.2.7

Copyright:
Fast Soft

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\bitlordsetup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/11/2016 4:00:00 AM

Valid to:
4/12/2017 3:59:59 AM

Subject:
CN=House of Life, OU=IT, O=House of Life, L=Sogndal, S=Sogndal, C=NO

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0E8FFE1E4086A8FB13C069E8E8571F82

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9808

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file bitlordsetup.exe has been seen being distributed by the following 16 URLs.

http://www.safeguardupdate.com/Y1QrRm5CQcJaNXwJlXAHqhOFfYFT0i3s4SXPO809AAlnc1bSf7cLK4T3s59YLv0y5uYY8p3c Lzog8TrDY wWBhKffMY8ZJX8D7YDF373yD1ufb3SOrDCjALoKGdpxZ90_vuNMJUo1AMB2iD7moZKwkaggOMgPDzfZ5hujKsh6ttr3j1Bh212jw3UhDIJ3r2Oebw4QKBtmIoSPDPV5k7xk2SIZ85SEJ7QR_FtLiUrDmOfwlvI0zzS8kPqe3BnsQ2tw19O3Ab-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/ZTrAMDvLuixeH8ZsoWL Sv r9Q4h2fiVa9cG65ZFVJ2uL9K65drjAuSQffJJfq6hcNzHyNIIXnSj7mOYcJmSTyxwQx_51 XORgJu8UkjgFOZG1LoRW2oDK1vVzz7ckdqDGS52tg6zLocZEAymAMxWKHRAdkY4pBFS8FyQzsxoS1GSYOtJQxtnQxFtpnQ6vzTSxS8T MxkmNbg8kQRUJH931suIsQZaoLa9Mlndk5SUDVlAzMubxQA2DiZF0ThZUDYbTJ26kS-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/LPYcAALtDykCymSXYcsNwnHCPwjq9jhC_4zobAH4QdX3sQRmWJOinlsUC1fEz MZiwPeRWobYXiSfD_kAcjFUFhFNGtAM4toF_1BRXT6SmlZt4ZelcsxUpDegcHj2EofgJWYS8Aaj8EELuYOzY0e2Wsll14kb7Ivty8fQFhcCzEi30zgT8HYENSQOPY7YfBiNTvYXV9aStTqH0_XHoQEc7I0u6KJg2tg2_rS6oactoR8kzgDGwtvNJng8b04H20NhIXC00dK-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/7 bgCUMC6t_3ekCvfmi_kLuFfutosqPunIaY4pW00qpCQOa WozzvzT3G4YMXzf5FqVBU6XbngxbBknvroahDwAT4frncfG_GZEywYBi7WYWeFLjKZrP55ZfqPCf9xhvaZo Dj7P0n ruB0rBFM6JNbnJ9Bf5bsbVT0lhkNEs8 ldf4HD3IK99VZRuv4Rq7Z602ALhHSzahg3uF wEw9Wrh8RgZTeG3U_GJriMdMeGWTKRIthE8RV55W5QBys6rusEqMgh6e-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/vchmTevp2FbnoH4euWDoa73VFOd2p4LVuKEr4wzua5jUdQ8nE7 F62F9fRqqzMgedgHfpJ3 maMT0tOr5rGT3Dki4fo9Bjut6 m_D8XtQJLURpSDPgWdroyAjw1a98Ob2BQH8SN_JjDEYFfJuhOWBfW5eZjEQ2y4vuAJ91zNwabOuuXMdf0u93xe3qpA 8Z2kjDy3xsFSIO_xr2ByCdz4o67_ifw1OotXn18K8pPK7OTPhFj5Jq6_qc 9lk1bzqxmZy_rF0e-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/P8GeE5aW6zAy1tTNbYrsGXIy8Wn3 sJhJodLr05rWmJ9J5RJVJazpoLTw4KpU3zTwvIQ dLwBfESPDs2Gp_ZXMhduhpJhMWzA8fOgkwam8URSZmnI UyZDBOXQaabdNPqZMPCVQ81sZm7cXzZWKlVYOtxgH8s0cxYUJONtfsZB3TcpTro8VEFJSiDQzo1QD6eWlFBYiw5jAlI_qgB5wfTp2sLvjd G9L1bfPQL90xVWpFHMoQanqZX1JHFEK0SVCmdSZjp2h-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/RSSCR8RoFLMV_o6jfg3WgQjt9sV0aown61dKbJi9OnevyqQ9S6tg7rgiTd2IiYKHEP5swx8lT6CGImROtMAtAeuuZJh4vl9JWXSlDlK9akrHLY0eoYjRUr4ODxJWWPvF33ABwxHSTm0Bjo5keasxGh63_2Jy6NRtElY4hU8V2V7sGkEEE22_YdofM_sa7rt_lrIo5julslXBI12RpAFJ7LcD1k6jUMPBLfU4pnG94F n5hUHUUvyKEWouLkdRAASkgQLZ6Un-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/FYcrB6QmdNuGwBmZsweCyBZt_bHlyXeEMpGuPOeoHbTgmu5mIpxnqect NC0_A7kAdGkD6MdPJg6f2ihWefrrAI7U9ifVJsaPlxLc9pGz5H36WldhKqpyJy0QlmEosoXO NRx b5s2me_ez63VEc4kAgjTM78ne9CUjWt_IUxvdkUxjUd39juPL1dS5j wGJKETuxKxZVVAMGp8mz2uv7VF8TxG IfvArPvZ O7Y2 7GjXY_bMJlCEGXtSAVvWSSSpG1fx90-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/4Qrn7TyMjGyWezw_0G8aNsADPygcUAybZuF5pLG275DhSGHrsrWl51vO2LAOZVODhDitJgGF7N9L3CLbAkKJxdz5yB_6axmaNKpYa0IGShjw8xltMVqoAOFtuzxca_26_aVUN8SOcE755oaRm601JNXObyNiLEc0M6aqAdOm4JdWfQdJOGDDKqjizvPexYIKFczK6lalVka50sMV2BqOu4PNn_bJrP5LRsQwi9c 8L90X6v2Rj 6o2rRExIR8m wMp _6dsP-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/mrHTcvL5gISIWpkinqUPlHorSgZAsfp4Oe88YmA1iMg9eEdQKTMXf trIDXfQFUs8Zonyh51 4lL2f4hfiaI3lYKoOurMg3AMWk0JhnfkQ61ztGgikZfHZE dqI VluFifFOfRk0g36dQZjZh9hhjhMxc1IZ2FOL1vH5w5msD3qogBf2v6QptHcwuUA7Pk59ECQjulTjjJvs e4wz1LtC9HxGNYAJPfNG9WUeBJ5JhZcdPMZHx0gRISv5LeFUDMkKaP0G1VF-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/2F6YHYGVK789hQL2FqSOtX2FOy9Td U9BnHTdNytCZ91G8EzeKTw8dCD2gLPQE HV4yXAZ0H3MtIY 63J2vGi6z8jqlTHXBemvF46dKfC3HvtLB7P0U2URntNkksw0OB0iRbClVN6qRm9C3JpCw3Y0HdWP2d1dxM8f26duqNpNvFae40OCcFOZc_d3yK5AfanmDqr2IbEssi5wIIJcH UeoFCWNwX5QJ635CQcRmyP9fryKCVrhGvPYAblm_tyj4S7a_ X1-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/8SfpqUacrzQxmTfw3jeox7vLZdtfPpzFV6gyU4h3M2fWlMmu54gU3VohEEazGm5D_l8XDGD0YfmDjEp3otvy6EWIAy2AEOG0dRmJA87OIs_ZdCCzrYHk jIuC02pKR2AxAJZ6awKHy4J9Lr272uuwZe4bYmT0kzoLeuRZ9Q16FqNpfKGcbckjzuDpjrKb73OxyPAewV1it4cspDfUtYV8R z0PEeZAmlBUHtxY6hcXDRi8iKmc3i864CpEVwtO2krgXCb1LC-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/Nf Jo9tTXZT9OSRc8DprhaCt7j WKFo9YNDR72iqyKSkvzq9pQ6qSxRosdaM6U_pNT83cWqldgZuodmBn2tZatVC9zmrscG0G9 6yxxUI6zNDvjw47n1By5f85zfYkwgLYBGBgpPxCf8owg88fIwLkPtn4SchYQvd4 5ydNTIqwX4Oy7SJhyGH4uHTBl0RcAVSbNYLHD7oMpv67Uc9a7B664HzNrQQejfZgkEy9OIBdL5mizOZMHqO0Ks6gaxAO7RErtGUvQ-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/JGURQgg3EU9oipqHigqqdbLrWJB5RV1pViszco27toFCjBXDDyy38TOMQfgm_0ojrqIElps4u5tnDpjdK4gsPo2y6P4WUZVDD87Sr2A5d7BijrjLAbp_lyPJx5b8Jt8O VDEYXjS Xqmnjspo6pYYy5PzjUk5YKJsAyFVbcOb82AEiYYFVPaBb__HmU4lXRFExrAXNaDkuFTa6rpmMgO01zie3_fDfdVtB6bUjGvZJPs6Rh5qUUuWbunUbEGVJpqU0RHjb5L-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/s mImad RGBs_Zb8MW5zB7QiBaalWhVbn1We_oKKiAwZXLAgpihs9AU3XKKx_RSno1LeHTPgnCiRaANsbQqQheat8zDyrk2EBQEiIUMfim98wOMhNkZ6YAfsQKMU3kldoqS5WfnO_zsn8f8BKvyltuHpQVg7JVjPoCvfR8vSgymUiSihH7aVniWqXUnLB6rhjbwKjdl5IXYiLZct1GThbPWBUtPLLF _3J0WNTI9eXotwxOqt15 xoLIqhbDvCMqAjP99cHz-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.safeguardupdate.com/uMXhneWJNsykR1TCiuKVRsALmnSNzogD6XhOTiBRtXZGonSS0ER7WxAFW8bKn2 4JTbbq6exTYvaVeX91J3biB_kGzkybgh6HGFjxPI7G0lfp8de1sOsKIaoLBbnpKHSzyzkZwY lFG5mD6gmgYg Pn0lK4nipqM6pZMH7xrYlS68yedZyldAVnALACUpIqdcHiyedQKyPM3FnVHitVXZz7yrkOIAVo7Co5aTMsQNI8ZjRofhR1MaiOS8MIkiw_Ipdz35uwS-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

Remove bitlordsetup.exe - Powered by Reason Core Security