» bitlordsetup.exe
Overview
Analysis
File Details
Downloads (22)

bitlordsetup.exe

Kipafufa

House of Life

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application bitlordsetup.exe, “Kipafufa Setup ” by House of Life has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.cleanchucklemeta.com and multiple other hosts.

File name:

bitlordsetup.exe

Publisher:

Tacoc (signed by House of Life)

Product:

Kipafufa

Description:

Kipafufa Setup

MD5:

52944ec6bd53af8a89cdf816091371b2

SHA-1:

e9cd1fdd68c2ede0642bec8973fc8980f641ba8b

SHA-256:

9df0da5f53e6e5b3513702dd4428162e85bd9d21c011f7bad62c1e3fd06cc287

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/17/2024 1:45:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore.HouseofL.Installer (M)

16.4.20.5

File size:

1005.8 KB (1,029,976 bytes)

Product version:

3.3.2

Wizard

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bitlordsetup.exe

Digital Signature

Signed by:

House of Life

Authority:

COMODO CA Limited

Valid from:

5/13/2015 5:00:00 PM

Valid to:

5/13/2017 4:59:59 PM

Subject:

CN=House of Life, OU=Property, O=House of Life, STREET=Oelnes, L=Sogndal, S=Outside United States, PostalCode=6856, C=NO

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7D10B220FDFA59C2BD4E1AF300EBA218

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:mreqgkcMDKTA/jrgFIYqjDg4RolixtuUChubrU3:mSzbTAvgFdmU4F8Tc0

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9231

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file bitlordsetup.exe has been seen being distributed by the following 22 URLs.

http://www.cleanchucklemeta.com/c?x=VHBQii5lUQ4tUIMe6sCPnOw2tlJUS AOnAosvFiJhgE=&c=PpUjbc tHXlJSSSz0lRoThPETTQo7KPK 3fB9sXzuRwoN il1h5TDS/EFSq391UP9k4TfItRXH3MhuJVavOIwM4cMOszddlfksrni84k4rystuFTHBG0XM8T5KCCz8j6&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=7zxW7NiStO rdjPQmNQNvZFN6qY85os3SUVQNMBHJFE=&c=k2ZiHMvmRZ6jvQAhffifuYS1Z GnrmmOu4BH4PpMahUU6O/9lsXWe5VNpW9BoDvCT9GvMvbA/ApDSKjpm7jiQ/AW7HAja2eoUakOWxnSBWBO gGEgCMXDG5Lpm9AO4uZ&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=fQGu8LaHwF/nXbf43T7hpx4rB2yfgf9mlKyWWRsUBjc=&c=Azu6bzmZL9VjPjQzlxcssA1U05V9 VFHYWQ7ymSFkLkCMBPKhTplhEVgvHPM 6mekZdCVnnzyvwe2PiueiM3SJBoOfSZbGmo4YbonGqNJIEH/uI7dKJ5R3vOnIN7PMj/&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=c5j/jym5Wh5BGRhX12nxdwtbMoDuTYgSd6WuxV7qOOc=&c=JMETIsQsNbrfJssQC1GV99LmrM460jQjK lhdug6F0/bKNGwdo6qKaRvBY0PPh7oBi9ENU0bhF3VY22YAaL2j1W4KWxTn/PiXZ3bCBtUrY a0eoVSqm4NnlRyJkMuvw &downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=1QXNVISn3DTwx3nL iz5XrNJ Ayz863vKDBM2zLrzMw=&c=E2skUoRxAFeAIFb3BJQrUaKky13XAPF5PM3KuMd llHQe5ZIZ1oNkbPY/TFQT2BNT46XtaG3xXwNVQHCaPGHt64e1y623Qf5EnYZXeNmJcMIIxnvjOjvxD4VxoQGpXv8&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=OAEyIGCnP1y2rHCUej7aNDyE/OpcmdlXXtkQTsmzTiE=&c=ywFe50saTR/o7NVZi97Yj9RiHmi3Hc3EfmEPelKLSjDV4Pq5jmDZBDc2K/cjxgXg5VtcBguaZMNUrRCz4Zzrwd/Lmd2TwpN56y1hxf3Grwe57luTPchz1u7JV2gK 7Q4&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=aFH6OR gtvvPhz5Celea/S91Y 4RouajnU P0rXNXtw=&c=YQjppaVZvNOzIFXk9jiot2/zxN0RrTMeNcosm0wPAmCcNr2ENTRGW7EPmPqgUZpOUXtjQWbLrGRIyt63r5r5ncwn8Z90NQhMDaWrXeW1GYaSwsCflaRroDUG2fWEk1XS&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=gVzNUq181k9L9jv/pizdlumGdR9 mnnupZSHHDWPrvc=&c=uApUrwDmmmGhtE3AWX714emJbs7xOGvXTV1LueWzscZe31UEZSbsI NK02Sxis38H8BhRkB2kTavTI7ey6vvTfBPpIJqTgvjVh/snTTS9NVua5BhmwK0C/fAF5zFHyzq&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=gK1FJnWLwCq3qsJejcBfSh5thK/8hL s7o234onBGqA=&c=Q7HfV1XKFOmsO 1Z3 bcj9jneSP11XPBCjLIdCyCbSkyfI8LbY2ulUeQ5EcLlIvBYqtFN9HYnwQiBmDAlgNtrqXwPirsgMI9 riW1GZN4QKq86engS7aXSUKndrYZ7H9&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=y8ECRCZvyH4/CllynDzH198ARIFVlMX5wo9ubK0TTtU=&c=1u79peLNfxG N7sJ19rEO8WIl9t7/etZkkHRHQYV1 wbRg4B3FfQG9b3mqwfoveXtu17d8aJiizNJq3JcJHL9j2T1A4VKcVQRhW3TPQQakGawMui0JkZ7OtaQTCRJYed&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=MgG01fWTcxwmJd2EMuuBBuASLO3luZ7RRuMeB30dBqc=&c=8u7Chh4kMaDTEmR38DGwyfuSavW0Bwwhbll1hlZjQOE2MhTmFNt 6E8Wp65nETm7WPTjZ6QVzvu85N03/Ms8kclQaje5bQNJh40lSfJTqQUgXTJIHIU ojQ0rUoa2GdB&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=cmNtZ5ftICYlZ4R9XfttThcReGbDpS7EZh vWOMywRU=&c=SWiGUIAnLtRR6JpcJp wz8tCdMQlWofHAEPxhsVXXpP5NVY88uZgsrabZwvixuoeri50KW5C av10LE3DNfQIuw3annvhqzYWaUo/jIXVP/iobZ6Uf3damvTgnbw8 ct&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=P XlkfkBFbKrasVv/uX2UMgU0ayk0KUEy7fbsJzlWWM=&c=KAiDRQfv/ljSxNPe4y0ZCVegmObHyDBNdr0Rzqq3fb6zaK4DN6pg0Na vkwsbVsnyNNArMjftNMkmryDqNP8uj6a2 L8TbnDp8xd6yc9b2JRZvK6OgDocCgBF3mwiJqu&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=nzF3za2ZJSzEf2CwnXaqmLC5pNh9/1KXhKo4uVNITO0=&c=sDnEyvnnQDlJobA5NRfy4MsqQ0FlTSzD4MlN3eIawfGsSn4UcCZvF329M0pG2G0PetgjtKOFkZ84HpBNY5kEuDQzeDGxw eRroZVfo6QohXqtmOnjR3Y6XX6Fq6k9w/Q&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=Oz5jslJvorQk4AIDvzaUyaMVtlGQefS3r3wfy9Ks8zs=&c=aA6mVd2hcULMY1N6Ccfj9sKGIGnzfv4WLRsTv5b0QbnbjEhgEfJPDtIYtTQPZHHcwHi0YkztqhehDJBQS2RWOhIYte5CiernH5PXZF5UwZEO4T91cDWkDEmDY QC9iCM&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=/THS8v4T4fLZ/jmA8jshr7zkqJadfpKaYZZwXZWB0 Q=&c=WlCAgfa6XeIrT1kefOw4NIAMLGBRxFPrwzVQT57femTHW sZuKnSX6KXz54OHCwDRyl4gB9nnVSut0pkgHgGkx5p7SARmAtjeHLRAYLmbOyGPZPE2D Mz5zPW3zv0elk&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=Z2YurhA8xB3zNgRUIoWmc 1yLxGtbN77zwaWm VGLxE=&c=FZ3no9tpCntvpNss9JWljjkgY67/bgcauftCLd1qDsM5Dy4nqhD9pf/puWRnrl27Eh0DKiQx7OxxUMt8BsoBfm2aPFNA/LccPOU9uWl u9tVXblJYo8pY 3J2JbxHaFP&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=B SbUnITj7xNa11zMNN28e0O7QtjK6MY6Cx2 qQGOds=&c=zstlJjG6z1slnNRQd1X ULXmCec1/EzSGrRlyJNbx741fckb9Q1xJ0CYbV5zRBPAqiDh1Bd37Iu2YwEsoovdF2OCzGSpxzbIiZ5ynsNfJ/4i8fRpSrN/IxZE c2Wh48N&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=3F49vSU5VsAyYhzYTH 2eMO04PI3e2jBKHLclnQLvxU=&c=mJXRfSZY8o6/88ysoCGtU6fV8BoAqnWsStd/DEbgLH9 4AuSQgohlvf5JJRjl/7RTP4cThYPNL9tCBaW38OPu5nmvZMCy9FSDJVRiyRA9szhIoSdH0Hnr37DyU dX6ih&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=3OIs0vjmAd7r54jd7YysJkTLtLIi8MJHVNyXUw7DpTk=&c=Y0HwvtVcKbLlHaITvjLOM4MVCEKaICDdp1GvsD9MKqUtZIIL703B2OKRM0/8CFdgVMiD1X3hiBqwsoMD2K3jjArc2JK2QdPU2CkUrbYp3kpato 79MGr0IuWAI2U/laV&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=PTS4d5u 1ft3mH2P7exYhrOxBf3I1M/IQL 9td0Nb7Y=&c= cR33NVWmf8DY8SY2aBp8OgGH/sQ0URn4/QsMJKqZ0LDE2ZIBmdqYrOVo61qUWkULeYAreFtm CyWqFFdnV9u5QlVcUJ2IwEeqByvIgoo18eOjh1H4IAx5VFf5DNIxgY&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.cleanchucklemeta.com/c?x=BlDagpun9wiHfFoxSvWwMkP7HXzd6YVL9HtbJsMRouE=&c=xQEVwX4lR85jCInkZ50beHfHxwdZJYfwH6oXlCVMo4Qtuy2nUdHJVM0FF1UUp80ebaohG7gSjPBh2ORXkHBLn0MocI1grNqZWcW6EKMK8zdJrxm7XNJS2yESfN/T5OIs&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

Remove bitlordsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.