» ilivid-download-manager.exe
Overview
Analysis
File Details
Downloads (10)

ilivid-download-manager.exe

iLivid

Bandoo Media, Inc.

The application ilivid-download-manager.exe by Bandoo Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.bundletagchuckle.com and multiple other hosts.

File name:

Publisher:

Bandoo Media Inc (signed by Bandoo Media, Inc.)

Product:

iLivid

Description:

iLivid Install

Version:

5.0.0.4705

MD5:

29d7a8279a51243a958c0eabd05e4161

SHA-1:

7f3d61ce1ecf143fe7c083a6389bcf2966f99c5a

SHA-256:

95f13528061e81ae78a92e57ce923d926f7b660c04d6360980171609d0ed4f84

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:

11/23/2024 3:15:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bandoo.BandooMedia.Installer (M)

16.2.2.16

File size:

1.8 MB (1,923,880 bytes)

Product version:

5.0.0.4705

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ilivid-download-manager.exe

Digital Signature

Signed by:

Bandoo Media, Inc.

Authority:

Thawte, Inc.

Valid from:

2/9/2014 1:00:00 AM

Valid to:

2/24/2015 12:59:59 AM

Subject:

CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0254DA8BDA7284120701E659BC8B7D92

File PE Metadata

Compilation timestamp:

5/30/2013 9:09:15 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:ZdC4SCKd0X26c/lgGypWxgYrCz1fROlc3sJv1ovmv8zB7vP64O8RV1evegh5Qy:y408261GypJJOlMsNYdS4O8fghCy

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

29.5 KB (30,208 bytes)

The file ilivid-download-manager.exe has been seen being distributed by the following 10 URLs.

http://www.bundletagchuckle.com/Lov1TdjkGirndEwSo1WuzunuzKjIDMHUkkrbUURoSHPxUa8uGX8XeWaQlw8Zc8aOmRNLE7npMFRTA73MN7SBbEnj1BwNljUQ3bzs8wD1gjbX10COEMWNoScmo0tTA4o8 KC6en52sVK3pQFXJ_FVnLUj3RxoajkGEzTq1ht4csGDwSbNapjway5KbXd1bbLkr5yCGeeUoPvUhyj_DiIXNAUsWmo4wLRdbRaT3SHhqtl43V8x5ipeFLTFZcNUblCvxxHFWky24cq4gUi7OrikrvHAaeO1g83UGuSif NlCa xNwQtwyCr8o8nLpR 6mZCw_Gg tQBz3GhaAtL31pPO6Sqnvut2Wz2M2bmh xxqFzUNcU1oIPg uHCsJ7vMGu7OW0O1jn1daDTdkRtOPGx9qBq1A_oAeVpa3dzWXWpVY95yOtkiKGgVTABnBV93KQYvl AKxT8e7MI9IaXWC4wUv5F9AezZ5gCdIdZadIqepZRf6OlV8m_YJyKJItyuKnY34rNgNwe-G14AAGRgnq2tSc7ib9iAA5c0kUEH8AnObPsyv9_3EvANLed59XvRKHN42Zfv0oOKIPeEhv8gv96iQW e1YHtJ3h5Dh6veKXe2gQMIkrQDIFgGE0A-e

http://www.clearheartgift.com/MzqoYfEAzEYyE_6Td7jxI7tFpM43fY17eXKDvjS50xtdVfE7Y3iMIkbAoN7pH4ucGsFH8M6cJTwP7HLID3LJZ5riQOpkZNdC4f5lSNk3r8czUpn4Alaa_h3r5pR08T9EavURysNHDj_MmRLt4RvZvsbFeeuIkgG5KUHCrHYRfAo12XB8_GDCmHu22wRbnMxtCU2yYiBCTeTGCbA8maYXPk3_O4Nrnj8siYITLWgnsuK EJXhH8zHbPqsudBFeN 6eXV7Co2yZFJVgiZ9n6pDOuPPukn3sdeGh NLYI3zbOgpt4gjG15F5xOapwnJV_hVqirsf2mEY2AhzN2eobuoSu167tiNxoPT MHhNfeGp_7BsvLr3NVSJrM_KFk_D5lyG08NZulMzmA05qEyaqCsrokd4rLSYfSV0t_u3Yl44Zid93HUxAnGbrscC4au7T6sQVsqWTyTLmbIFVpKrZKvlnMXU0cLOv_0_AUyPw qTw4T7SxcCmlPgIoovRlDZnsF557xKBLiBgT6N4F0nhIxOhL9EOmsBKwo3PUR1Mm9kl0zsTG_7k=-G10AAGTymtmsgnaj KIHjSjYgAOXwo0G8AnObAO9MXqjbp6XcgwaPsfd2N1dCZFA7Ymqt7LHaaCLs2F7RVP_arzKoovnRzSgMlRoraQmXAM=-e

http://www.giftchuckleflash.com/654Of hjwxx5nY170vTUPSPoRxC0tJC32 gYHErCk7fFHoe6ahosUXT6YKvWBEYA3mNy2A6aM9ADwf4P3f0e48OjGMMr08VKk_XAcUdsp3I mec5WyzHJQhDGcQE4ABjWfMGUe5SyVtiFpPPTl65DhS5pGhmJgGd9kc57MdaLAUCiOYHMCOwAWiTojW1rvBISupkILV9ql0OWlxjqH_S4yOC0Z9Uom7cniPyqcA8omwHYurJVHvPo8xwTKyRjaaCXsAhHFn01L22Yw59GC8w370z7K3I3H3n Uxp3S8MEBu1FGYbqeaVq_qqpZVXf9zdyt KnRfYLekSiBUpVou1Qyy1O6OTcDyWDdfVU8QqX4FdHK62fhfFly7psfTHUrz0QXtBwaJJ5N oXqALRToMUDDDzObe2lHw LWWLK3t42a5uMfZiZ5dcJuD7JZmVPbhP5A10jN6Mzf9txQJWkh8Ti2fJdZjNDV4nhfJ23c1HMVMysyjnSHlbgwcdI4k8HXv_AcwIMTUt2KMvEVKRz6WIkDKlqLddfZTAIfCZhQcJMnUBNPrqnV KgKhxmcfkp9e_eWNhKZ4-G14AAGRwXmtrutnu9AgINuDAJU1k0AF8gjPbvvT3vS8B32hY162ei4af4mEe3qGGipB7ouZvjOvWrjDId8b3C75N paK7K3Pqg40GsUKRGJpIgg=-e

http://www.giftchuckleflash.com/nuclCHOQgnMXrvLuBSjhtt80dIFb0HH_3iOBioZ_TQ4pgAa 9HOe5q7Mi_xiYF4VQeKrIIn1sQ4HcMFT0UUI6BoLpia0PdM8caaV2R1H83 mzR0PTHyode1OQFbphDC_5IP2TeqjNeaaF_a5ohKI5AREWzIlErYe0ZH0VP5_QHUm4z4oAxf8hN1isG2_5trQTt8i94mxr7PyidS3SHLnJV8Qo7HPfZXo0pLgAkM1X8Hd9SIQWap1_vDHito4eRn_LEwgLrIf_9 8Uer4APHisf7qYwCWMCnl0c09GyVyCR2qfDM_iYS6b0ItxfkuKqKG68O pTkXtWfK3GMw5esY OqSiSntr_Z_zM0Wh 0KYmjDqhrDiX2s7WY8w53nf34XeodVK4r1r4mm8kqesqTMI_JiiL 8PjdrzN9oWAAip25pkweSvjOLeT4BfetXwYBiI_75VbLTNGQIiW2SmAAWjfsxTwk_WBDbE_daRVfTbMsHCl6ZvN jiHGOEwQzWT7cF8YN1SHWw5DATanOyxeXeYxm01xMQqrmbCAGX81P5Hu krUZJ2JNeVNf9izDtADZVAKTyHbB-G14AAGRgnq2tSezECRtw4JImMugAPsGZbV m9_taAr6h TjObisaVgbP2_ydO1AR5J5Q_ _l11tk2uBGMo pBs3xVmpNmmPdVaAXUYLGWJzCUAI=-e

http://www.quicktowndl.com/WVl6OTRQVzUyU1NVeVJqZzVNMVowYWxoNmJFWmlibGRWU1RkR2NuTXlXbUpQZUVRNGJFZ2xNa1psVlhwNlMxUlJWRVYzSlRORUptTTlZemc0YUV4UE5tdzBaRFZpZURnNVFXTTFTekUzVEdFeFJWUTRVMmRhU2tWbVZqTkZWVFJFWTJ0R2NIZEZNalpWTUVjNGFFb2xNa0kxUjI5b2FXeEVjU1V5Um5BMFlqTkNaVXhVYkRkV09Hb2xNa1phU3paaVdFOXFXVGg1WTBoaFYwcFZTemhvUWpsUFVVeFZWVkF3T1V4dlUwTnRKVEpHWm5KQ2JXOW1VeVV5UWtaYVpWbzJaemR1Y1d4NFZXY2xNa0p6WWpWUVpXbGtWMlJ6U0hWVk1GSkJKVE5FSlRORUptVTlNQ1ptWVd4c1ltRmphMTkxY213OWFIUjBjSE1sTTBFbE1rWWxNa1p6WldOMWNtVXVhVzV1YjJSc0xtTnZiU1V5UmtaU0pUSkdhV3hwZG1sa0xXUnZkMjVzYjJGa0xXMWhibUZuWlhJdVpYaGxKVE5HYzNRbE0wUmlla0ZyWDFOMlRHWTFRbXB0WkdGcGFHNWZka3gzSlRJMlpTVXpSREUwTmpNNE5qVTJOamdtWkc5M2JteHZZV1JCY3oxcGJHbDJhV1F0Wkc5M2JteHZZV1F0YldGdVlXZGxjaTVsZUdVPQ==

http://www.giftchuckleflash.com/Dy52h5uKZMh yJv13G52pDxTlnPdKPV664 ZVdyAgR4L8vAoxjNTfDvJhdGPmZW8dRyvmehGiBO4RdkWnI2bfvY9lV0alckmwoC4hmZpV7hGEIMIKWGrHErLat156 v0ck0NqslToaUUmpiWpeiBYsqk05Jr3p2p82xEGWUKkdxnVhou8qaM4huTuDB0FsstiiX_7gZ9Ikam8lANSJi0AbMfbmim9dL81rbqqxOYECF9_H os0X_tRktTeapYESW5Mx6HrMPbzAkutZkz wv8AH6zVTmqhxtGuS6pF7EFqLaM pcfBDKljacyzX7m4kwaQypAcqa5gzSVVf8RQWlLx3pckvZp25dQauC_SrihGA7MRSIg2g8mb_2utPMvIL1C3jIa8ArAwHGH_r04IAVzxXlAUD7AjiQvRz8pMnjyGZRVCwAqLBSNizG0Y5PPnXEsTUPXYkHjiuaEAJ04nL xp6lORR5f9_R8u3ZOR_UxMewV_L5qfHTXOjCrF7NCs3XpkaXe7XXvRz1EbdGSsUpUjwzS_t3WE5cAlj_ryRS5HPljyG jMzlSvGurhnyWLdcz1FmPRhG-G14AAGRqXmvfPKntloQKCDbgwCVNZNABfIIz2770970vAd9oWNetnouGHeJhHt6hhoqQe6Lmb6zrNrI 4endDl xlzkUs4i6Tv2BxqC8KAs84wQZ

http://www.giftchuckleflash.com/WVl6OTRQVlZuVGpkdFMxWmlZbkEzV2poVWRXUkdibEZXZFRKcE0xUnVhWFU1TUd4Q1JXOUlSMlUyVlZrbE1rSlpTU1V6UkNaalBWUkdaVWNsTWtKSlYyRmxaMmR0UzNabVp6VTVhSGd5U0U1SlJVZHJiRkJ6SlRKQ1YyeEZWREl4SlRKR1EzWm1SemQxWlROaFFYcFFNbGRFUlVSdVFuQTRSblJhWWtReWRWUkdhVUl4TVNVeVFsRjJhM0o1TTJwSloxUldkekJJVlhnNE1EWTRNMHB2ZFRGdmJUaGpNM2d3SlRKR2JtUTRNeVV5UWxNbE1rSkRjMFZHYkZkbFVsTlhOblZ1WldKWlppVXlSbTVJV1hWcGRVNVViRXcwVFZsaU1FOXNaV2NsTTBRbE0wUW1aVDB3Sm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3Y3lVelFTVXlSaVV5Um5ObFkzVnlaUzVwYm01dlpHd3VZMjl0SlRKR1JsSWxNa1pwYkdsMmFXUXRaRzkzYm14dllXUXRiV0Z1WVdkbGNpNWxlR1VsTTBaemRDVXpSSFZ4Uld0Nk5GTldUelZoWWkxVFpHZDFVM0ZpWDBFbE1qWmxKVE5FTVRRMk56QXlPVFF6TWlaa2IzZHViRzloWkVGelBXbHNhWFpwWkMxa2IzZHViRzloWkMxdFlXNWhaMlZ5TG1WNFpRPT0=

http://www.giftchuckleflash.com/WVl6OTRQV2Q2YVV4cU1FczVRV0pqUzNKbFRsRnFVR1JQWVhOMk1UWnBXbTlCT1dOUVNHRXlVa1JzY0NVeVFtSjBieVV6UkNaalBXSnNXVWhVTkc4bE1rWlZTWFk0TjFodk9UTkRORlJ5VkRCUldtSnZSbWRZYjNRMmNEUjBXaVV5Um05bk5qWkhiVkJwUlV0b1kyTlZkVTFMUVNVeVFsVkVaa2gwVVVGMWFGcHpSRVZuVnlVeVFtTm9TbEJsUW1aNmJUZFhablp1YWtWaVoxVk1lVkZHZG5wSVVsVjRWRVp2ZG5BM2RHZFBRbFZ6VVNVeVFrSnpibFJNTmxwME1rOTFaazF2YzNWWGFIUlBNRk5TZENVeVJucEdTMUZtUjJWNlFTVXpSQ1V6UkNabFBUQW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQnpKVE5CSlRKR0pUSkdjMlZqZFhKbExtbHVibTlrYkM1amIyMGxNa1pWVXlVeVJtbHNhWFpwWkMxa2IzZHViRzloWkMxdFlXNWhaMlZ5TG1WNFpTVXpSbk4wSlRORVRVOVdPVEJaYWpCS1dWYzJTak5ETkhCek5EUlhaeVV5Tm1VbE0wUXhORFkzTURNNU5UY3lKbVJ2ZDI1c2IyRmtRWE05YVd4cGRtbGtMV1J2ZDI1c2IyRmtMVzFoYm1GblpYSXVaWGhs

http://www.bitssigncurrent.com/c?x=i4oMPWzdqZrtszUmW0AaLX7rIiq1DNpKGy8UU1Su5Vw=&c=enTHxikh8ejda5ujIQ/7GkyILbY fgGmH6AAuODTVnPb ys5XjpPAh9oxKhJDHmvdTPi9/H5t5mnMkNr/zTL/lykCxzLcbE8nzvqH4bmfl akrlxuruDabTOdab402edrP5nj78bbF3aF4nLjO VZyiaiB8Ye2Bl7loy0sNWPeA=&e=0&fallback_url=https://secure.inndl.com/.../ilivid-download-manager.exe

http://www.bitssigncurrent.com/WVl6OTRQV29sTWtJeFl6ZE9iekJ1VFhSS1dsbG5SVWh4UWpGTlFUWnphRXRGYmpneFpsUjZlWEZ0VW1NMk1VRk5NQ1V6UkNaalBXaGhVSHBMWld0SWRFUktlU1V5UmtReE1HNUJkbUZ5YUVnMlRuVnRVVVIzVFdad2IwdHdlR2RzWVc5clRIRllVMmRGWjJSTlRtWnROMDRsTWtaQ2IyVmhaVzlIWXpadFdqUlZZVUkwY21kbU5HNUJlRFpwT1dORGJqZG9aWFZtYTJzbE1rSnNialZvYTFKd1VrWjFVbGQyTkRSbk5sZEtkazVSYkZSdGVIVkpTR1ZXZEVOalRqTlJNbEZzZERKcWNGZzROV3hzYmpaNmNrNVZRU1V6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEJ6SlROQkpUSkdKVEpHYzJWamRYSmxMbWx1Ym1Sc0xtTnZiU1V5UmtaU0pUSkdhV3hwZG1sa0xXUnZkMjVzYjJGa0xXMWhibUZuWlhJdVpYaGxKVE5HYzNRbE0wUmpUM1p6YjFKQlNDMWtPR1ZzZGtaVk9UTkRPVGwzSlRJMlpTVXpSREUwTlRreU9UUTVOelFtWkc5M2JteHZZV1JCY3oxcGJHbDJhV1F0Wkc5M2JteHZZV1F0YldGdVlXZGxjaTVsZUdVPQ==

Remove ilivid-download-manager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.