ilividsetup-r1386-n-bi.exe

iLivid

Bandoo Media, Inc

The application ilividsetup-r1386-n-bi.exe by Bandoo Media, Inc has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.cdn.sharelive.net and multiple other hosts. While running, it connects to the Internet address host-213.158.175.72.tedata.net on port 80 using the HTTP protocol.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc)

Product:
iLivid

Description:
iLivid Install

Version:
5.0.0.4599

MD5:
58714a75106f990c96031ea12c3ce8bd

SHA-1:
3bbe36d49709d958e8f0b8e580ad2a1ece0b8460

SHA-256:
62181e248559ad2ccf8901a9783590fb0bb0df2ba94f8aeff9b2446dbc19cf84

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
12/25/2024 4:28:40 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3452

Baidu Antivirus
Adware.Win32.iLivid
4.0.3.1465

Dr.Web
Adware.Bandoo.13
9.0.1.0156

ESET NOD32
Win32/iLivid (variant)
8.9901

Malwarebytes
PUP.Optional.Bandoo
v2014.06.05.08

Reason Heuristics
PUP.Optional.Installer.W
14.6.5.20

Trend Micro House Call
TROJ_GEN.F47V0605
7.2.156

VIPRE Antivirus
Trojan.Win32.Generic
29988

File size:
1.6 MB (1,681,208 bytes)

Product version:
5.0.0.4599

Copyright:
Copyright (c) 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ilividsetup-r1386-n-bi.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/8/2014 7:00:00 PM

Valid to:
11/2/2014 6:59:59 PM

Subject:
CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
74B45E4BF603EDCA78C252159948CF7A

File PE Metadata
Compilation timestamp:
5/30/2013 3:09:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:VyC4S2Wc0nJrchopYt5JewF/fYaipPJXqJCjZU6BgUaMlTtiNQkv0Zemve:b4W6hopYfJcadCtngULxCRmve

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file ilividsetup-r1386-n-bi.exe has been seen being distributed by the following 40 URLs.

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r612-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r701-n-bi.exe

http://download.cdn.expressdownload.net/cdn/r/.../iLividSetup-r1799-n-bc.exe

http://download.free-video-downloader.net/iLividSetup.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r400-n-bi.exe

Latest 30 of 40 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to host-213.158.175.72.tedata.net  (213.158.175.72:80)

Remove ilividsetup-r1386-n-bi.exe - Powered by Reason Core Security