bitlordsetup.exe

Borik

House of Life

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application bitlordsetup.exe, “Borik Setup ” by House of Life has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.heartchuckleapplication.com and multiple other hosts.
Publisher:
Larecakog   (signed by House of Life)

Product:
Borik

Description:
Borik Setup

MD5:
2d662a2437ef03ea2fb46d9499c5e2f7

SHA-1:
f8f87a9a086dffec9de19b09f5e401dc1131004d

SHA-256:
9d7ce261ad5f581cb4fa56afcfdaaeeae15d6e57e8e50afa2764872cf68fbee3

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 11:54:41 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.HouseofL.Installer (M)
16.7.7.15

File size:
991.6 KB (1,015,384 bytes)

Product version:
1.6

Copyright:
Program Lite

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bitlordsetup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
4/11/2016 5:30:00 AM

Valid to:
4/12/2017 5:29:59 AM

Subject:
CN=House of Life, OU=IT, O=House of Life, L=Sogndal, S=Sogndal, C=NO

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0E8FFE1E4086A8FB13C069E8E8571F82

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gKi883C3pv3es9W9jhX5YYxuA280Bb4gAAsItA:gD88Upv3eGmr8B80BEOsqA

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9261

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file bitlordsetup.exe has been seen being distributed by the following 50 URLs.

http://www.heartchuckleapplication.com/f0FuDnCharctBgLDkVEr4O_p1mPDfeyYa 0mkl_I9fQ2YaTv8texZREUJZ_dC9TDQY_Jn0FvosKkEu1NbUqYkRaFsoNXRad8fsZGFaSgR_rrXKRQbIqrLf8BHgy9EsagNnm7Fo6MxrJQhw3merREkWcmTMy3KOhFH3wEwNsSrXyj3M72ojFA48jQbXEJeRZ4tagz 9Kl-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/SHMtfVjqAUswcSYyb1htVeCmFQDDG3h0mgzKG4hx1F59vrUeGkytACM7EZcd9iXmHib1MB89EoFVAYRJ3t6razem4NGKJwPix6CNdZhKmiHcnzjNEDJpCDtCZuEpAzEreC3ynjC1b5VPABqq3JYaSqDkzsQQfqAfwIA84iUzOo8hCXskkKQlN99qK0ppSzpDO3aLbEuE-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/A8a2y_x5pSNhlwgk0xK072u5PEfRvSRwjnC8p0021U80yHlUBqBJYyosq51M8SFtOWC5i65cMB8Ey4tyow f7wLZDx_itgp7ac4avs C7zV2ayavWGQv_JZidF91NlV__pGRO5NesDVPDyLxKoysnlYdpnR1Q lYwQ_vTf81s8edvvMDLN0WAL_P3DsLnQ62LVcHh4QQ-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.universebytepackage.com/TaIRrmvtavPeV59DiPy4UHXZzKio1Ownhc3qtGjfkAtx9tlaI5MDA0A8lNVf1T_aRFoEIuGegmd890vldqPxtsUtHEhH7RKnoWQtf9WxzUGZ0BG c77EzYkHQvzoNdPQpfe 0k58P5mW52Ok0jONK1y6PX6oDETrZK5658HD7U9sKot5 aKWOcu1sEl4wwET o6gBAA6-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/6NgWeBI1iou9jYq7TMINI ly6oyWeLCiitBetdSBMZDj5h6Di a74s43m9HriyTjAMlQBpX6VH7V593lj_KrRT6R7TXBKM0bPKrcVhV_TxFmNFQ xiL6PcYoThJDQ kAHb vNeude_eshlnn0nYTyesMspATsKxxHThom9KlwsTy eGj1_RmK3STFjCMnr1Vslti2QFY-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/tqVOxu7c5tyZJxOF_sY9QZO8GQxCHUHtqTVUu3m6TemUusWX6lEAoadM1XR6Z143V FA4SolmBYYd1E08q7UFDjey5JAOODowyI Wb0SFNdu8lwXZNsvrmuARAAZn hZaTgbcuV aZk5xcDdFk2GaxG EViaur4XMcyXiF0CZrA4iLLzKZxZwhm_nLMxPZJyD40oWxZC-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/mhGpMO9oTLUtgxCTX9KROLr4Q2BZ3d_ScQh62_9RL19Q5sIS64uJCpzrmRvZAPHS8pQV 0aL EdI6K7k JXHqC GOcUxF8De9cuhiVYPjR_99FWqvyNu0g7AuWLurLovKK2DIvA bd69dgTll3HM9ahgJVzCxf8a8KX9BrfwLjRQ9DCd0tSk nzgT9gPvGjaTBkJk_xg-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/pDZ8vpVFSYeD2kHKIxi _AOsOj73FVY4vE45F3eDkt0liqF1waEPQ5ZDK_Cg3yUceRiGdIlahQXSXDTDrGLRGbtV8XJ2zVye8JP0vIkraeJWKX3PYqs14W_WEbOc9SKwGfAWo5mO_4A9R9J8MyhEnjvxkFa67vUHgW28CBUMh962TzrrkICXUj4pA4YMSN7G5pNWuZaH-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/4URnDOC9lXfIKVA1z8lIaxKnnX4Vx0 ZlsgYo6kTil1L31iJaQ4Fgvhmck_DfbU7uUPuStFDVQgjZ4vUvPmKo1Gj_mThHKtkTQ8KnedCi9Q Iq_y8GvGWbN6F9cDkS9fcLJOJT7AnhB0wMP76qZn8D21e2lcJxXbbvCSj3EzOZnIANQZ0DZyRSSxd4hrehRJvt7reIa4-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.factorysharemega.com/EKE KEVhmIuTHVNqKsPzdsqcW24OqEy6Dtt7TYSl3MVjjxBX12IebYZ6oFHqPuntVNx 2K5FZOY8guz8B6076qjBA3BeCi6CEj9D7CVX07I2wgE6f5PDMPY23nIidCG_Uu6g8FmmFuIQVhhCRS9rMUzAwq_NW8Wy_2swh9nkvSAGa5jgiMvb j8y5LiD1G53520dPWoT-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/ApshSngQymcbrViJxs47 zbtnpgKCQVrtCMVU4DXxeTIXpZdxE6sjkKvJwDaxDmOvRM3UdBzhToO4XaN43YXsDk4L4pFNYK3KQ zQQ5m9ZK_uwCD6Zo6sVxNs1tWsuKSmzXdyfdRDf6SWZjG5uM9970EgSgjra5OuTMobEJT5lqMyKSDIs9pJMM5YnjqGV4jU3CO1XZu-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.factorysharemega.com/ow4qeT5mTNeyEyAhHGaEsN_EiA8rcnAt9_CiJp2DNYac2YR46Xyzsu_75_W8vxWi30Bm7aFl9YnJbH_45_cQp9bqwD4wq3qLK_VZnpv4FdL_3Wb5rsIhGbNmTVU6yLKjsoSgAjef3Vliae95zt38B736Fi_vm fTSsVCYvhKe PeBOcMs45tw1etcmA_jcECN04oWE3V-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/LFjUmcUVB4_LRzSwFI jXvss_tFxjog6dyTnwSor6kd1 frnj1UD395OmPen6yDk7xsi7W 4jLPHvP_YKXBmoiaMaj6_QR4Rdv7GXzPjDJlPsihcDIUMK70nvr0cVKZpbo0qd3h_Nr3Ua PFw5_a6Ft2tUYF r g 70q_gbH6FyJSlPjiWyw8hpDABhpSvs2yTqJyuWJ-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/WU0ydKbXNQOjIPD4RdAoGkBysk Li7rPeNJdKA7IgjD7icWtXjstMfVJcGaIirtOVs2jhxSzJ2KQKUbkq2i TxujI1SZjwQySXF5CKDOkKHd0QHtmEtzXiRP tw2aSbsh2PhLra6ISBFXX539FMh8aW0R_4JNUxgNDUWdw7w9qQxw3LFoL5Bh7N6kNWk8gCpLIetWCvu-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/Gt1qSC1M3QO0 6s9TjfvWfn_2gJPqdFIeJcwkWwsFhaYGYcjkCwX5Vo0sXO7xcQWOOBej0yu1zYj8iMN1zvvDT7sJ53JEjutQYxcw2rdIcfTE4W8ImtvjpHmh72WXgGgWKVhj_59XLA8kUtppkEDOKuobwT2v59jfW6zC0PnolbAAnzN_hF8uNAKCPpSKxMFan5sUZIu-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/BXJT0IIv8pcPL1sNirdNwptnIpoldnOrKNGyiJQ2MtX2i_gwwQRl54q LopgHUxvcn2RL6WbkUNcmFmkDNeSNMxMcJU6668XK76Ar5dAq4QNyVQ4 c97OJaZFvkX6ezIK0hi6ouRjq0q5daQ8zyNEaJwdMevg8Kd36 qSOn_UbMg421rW6e_o529ACnlLAa6LEDeeueC-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/aolTiMfAAabLHmEHtQ YU 5WtKI7YXU_NCJpwPgf4k61t6BoOQgIHJLCWblYOvBcIXEaBXDp7ZP5ZciQ7zy1T9KKikINRTCfe70_wUalS00Wc49p3xBmQSJKuK3pbpywbYV7NHrYzxbONllXrOh6zn_mCE9DoPyTdXpAEPus4eQGcMbgOQvaKvRknMRDT4A69H2FLbzI-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.factorysharemega.com/kVlZa1tpQPBru8Ep1je2z5g B mcy7ypHSPgvChQ9GtidsArloN4OQiHH_X 4lk1lAPj0wv9IibTrpJg5tnmoANE7sHoWcZYB7j47LGJOG B4R5cPokhxAW2N4h3EVZvRDc OZsxSx31H M4 hj ntpFWUezvlP 66rJiWuPLJWwmZHYJ45aPd6gIDXFwKaiN7A_U2SP-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.universebytepackage.com/j1e45J95VzBhIwWlZc7fyNszrqOP9c 2NPEklCNjwSSbApIQJ8NiRic7V08Za9GcCMFHz0oLLA rNIcnOd tHfGedqNbHB4DcbZL07barlfs8IgbAUhNwz4qSD_00buIjqP4 LzJO_v47Dp858FCDVPv8qpHrrRgOqrq3oaQJFr9ZHfmXD2uLS8TYNfHcaq2W1HgC1t1-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/asUsxGTVz2yHda7hYX1nWypdY7KW8MMS40PVV8h9igcMnMCcIAlMXvL2kN2Duw_9KgTr8qEtOq4KuyJmhjHP9oRA_Dqt fKQTekYTpY_lcqPeoVlGvLlkOshm fZK7lZtA5kLYNbUTpM6IW2jeVzgvoOsdfFRNNP_L5Q876_ZII0xYAPwkzf2SXe DOdjIijRlF4DYwI-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/uYq02qrDgi8nxp3ceRVTkMXhpSV0vh 3Y_sFVxoHhkS xMwpuIhRBBaBCQDoK2cCJcGC4wAJwC9Q3DXBTq VcUisIngjfK L oi tcGGcFK0qWXsdm3i6 xIwcOaYVib5FxfOSlDWAljm5CObznlkUc2MhP4jsYgF4h6B6Uf7bSuVwaSyxnzASuml4lvoAkxaRnpw kJ-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.towersfarmgrab.com/iGEg9u8YaWb53DUqgdsbAXmIg1lDLOIb7lqZ9ntqmKm3Vkvk6x3EW4YStsbsVHbIS c5rRuMGNsn8aPzlfD1Cc9AP20SCEU8QFZxalS05vU1s6mh_JZrLWUEwoJdPbREPBpMsTfmHjQY9SgU5 uqr3118epsqc52PfVuY2K4v6DKUxpAmRw6VxgesdcxkBOSnc63LILE-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/0vj9YtKHcQTRmcOsQMSVr11f 9rkPgiAGaodDBFjHg0Qml5qlrKuf2Y63UVua7RZGGzfZzpzzjK6hH7r1gMvOrExUYqreIQg3KBAuVJUB9uj41HTMWKaPamVz6UB_ABIaMsbImnuLpxjPf6nb0WyX8 xDptQxZWxzUMqb9IVpb37ULd4O5areAFn2CW72xAS40JO5alG-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.apptodayrepository.com/vNjegRh8zm u5eXvvcSHlcCp7b9u5lH8VQU5k8zqSKIEqW2kkAgoouVDlqr6n967MpbsE0niDR_CeD_3navmne2XEnccMm4htPvXCOn pNRUzgrazVAjlCXlC3lnRkSpP 2mUnUfzGTjDm_dAeZ3dhKjR8Mya_QzqaJwUA6cksGJ7qbdNahJj2P5CjfFw4En0H06LKr7-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/ oAgQc4iVd8ZfPfPEF5d0mlTmejRPFL8hQPztx2cjbzrGjTXee_xNEwL3if0ngyQmuoGgacgnwTqnjioGduHH2dSHm8IYL_4cLLLjsnGLEbx_RaRZMF2WNfYdy21OFB8NvNXMDay6i_ERhfZBz5pqzTg2bMp0sXzSukUdQGvmOLCGL9T_CG9B D0aoCJodSwqpuTbA39-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/spWuiFd_CT0j1FRjAcf3YnwxdCzTjtnqj9BBVIUaTdhNj3X8tZpWCHlj8821GR8goZB5ARTCaFtCJKRDLGEG_m3WdK_eqcl72xw_pteXip5SFSAkMGbeHiRMH8M7DI9lB9OiWNU1P67zcl51_n12T6YmQGfXiexy4DhjkfvSOY9cg_4LRm2An4Ox549zJWwM0Gm8HOA6-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.bitsstockfiles.com/c?x=ihbf5Qd YfgXkv10zkmTC6lq3hXOP Y26asSsdOWdIw=&c=F2kwHGSBN71U7/lNfn/vk4WTaM2sHUl8ZlZ wK9dvWnHw7DAkuKIUNymqSJyRh4CW ipvVyC7QkERL0wpZSGqp7GGMxBIJ7A4nIY5CGmVRDGSynfQTwd20jYz9YBdiOjJu0JO l8O5RHmG4JLyt Memw7bR4HJQKf0kVXohDXuc=&e=0&downloadAs=BitlordSetup.exe&fallback_url=http://www.bitlord.com/.../BitLordSetup.exe

http://www.heartchuckleapplication.com/Udzd3VlhLIIvwhKNtRclLwBsCv4CxMDVgYhlMqsvmf3Jq72Zfw0tzH1MSbRkhzrLLYGa4C2StBJpYq8ofCuCmi3aRQBlJ6Cou5k0UgVtXYyjR1H 6EabZ3hmVwPZddWbhBDV64LIZP2BHcw2Qa2Ad1AXS9e05bI gruc6JRten9oS d94eE2RStL4huS2WJZn whJEON-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/EKfa8b3WF8OxQnFo9ArFunAVSW2mhu3Ki3zi4gjP1PWStlOl3RfrFZD7yLcBr2VZ_1QwRpN TvjmJTYoSasI2AvzZYcA8Spy0R7I0XIGCyhhYBj8D3y5_9NhmS52dcD2PxVB0zqnngatBDh7NYESUt2Maum1oTCYgc8ySb6U5yyedNkQQCariylwKYBkQVCYGxBs7v4Q-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

http://www.heartchuckleapplication.com/lO8b6JK3UbTcq6tGcyqKktu0y0BHSYz7Gnbr8P1qxtOaucJBvEKOZhtDi4HayIZ9duCicPOtT2p7zjbKkAMZz1P1Ka81IlzIc XmACAK2wwA_eY st9qyvfnFX2ZTRlIoA8TrQ4ZSyOT9Vn83aCeaRipKJDDwe_BP4YQymkgj4KSokQes57uS1bjxHAg_bxd46fqAvM-CxeAaHR0cDovL3d3dy5iaXRsb3JkLmNvbS93aW5kb3dzL0JpdExvcmRTZXR1cC5leGUD

Latest 30 of 498 download URLs

Remove bitlordsetup.exe - Powered by Reason Core Security