» ilividsetup-r1386-n-bi.exe
Overview
Analysis
File Details
Downloads (40)
Network (1)

ilividsetup-r1386-n-bi.exe

iLivid

Bandoo Media, Inc

The application ilividsetup-r1386-n-bi.exe by Bandoo Media, Inc has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.cdn.sharelive.net and multiple other hosts. While running, it connects to the Internet address host-213.158.175.72.tedata.net on port 80 using the HTTP protocol.

File name:

Publisher:

Bandoo Media Inc (signed by Bandoo Media, Inc)

Product:

iLivid

Description:

iLivid Install

Version:

5.0.0.4599

MD5:

58714a75106f990c96031ea12c3ce8bd

SHA-1:

3bbe36d49709d958e8f0b8e580ad2a1ece0b8460

SHA-256:

62181e248559ad2ccf8901a9783590fb0bb0df2ba94f8aeff9b2446dbc19cf84

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:

11/2/2024 3:22:17 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3452

Baidu Antivirus

Adware.Win32.iLivid

4.0.3.1465

Dr.Web

Adware.Bandoo.13

9.0.1.0156

ESET NOD32

Win32/iLivid (variant)

8.9901

Malwarebytes

PUP.Optional.Bandoo

v2014.06.05.08

Reason Heuristics

PUP.Optional.Installer.W

14.6.5.20

Trend Micro House Call

TROJ_GEN.F47V0605

7.2.156

VIPRE Antivirus

Trojan.Win32.Generic

29988

File size:

1.6 MB (1,681,208 bytes)

Product version:

5.0.0.4599

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ilividsetup-r1386-n-bi.exe

Digital Signature

Signed by:

Bandoo Media, Inc

Authority:

Thawte, Inc.

Valid from:

2/8/2014 7:00:00 PM

Valid to:

11/2/2014 6:59:59 PM

Subject:

CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

74B45E4BF603EDCA78C252159948CF7A

File PE Metadata

Compilation timestamp:

5/30/2013 3:09:15 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:VyC4S2Wc0nJrchopYt5JewF/fYaipPJXqJCjZU6BgUaMlTtiNQkv0Zemve:b4W6hopYfJcadCtngULxCRmve

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

29.5 KB (30,208 bytes)

The file ilividsetup-r1386-n-bi.exe has been seen being distributed by the following 40 URLs.

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r612-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r701-n-bi.exe

http://download.cdn.expressdownload.net/cdn/r/.../iLividSetup-r1799-n-bc.exe

http://download.free-video-downloader.net/iLividSetup.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r400-n-bi.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r0-n.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1860-n-bc.exe

http://download.cdn.expressdownload.net/cdn/r/.../iLividSetup-r1949-n-bi.exe

http://download.cdn.downloadsetup.net/cdn/r/.../iLividSetup-r120-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r725-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1856-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1873-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r772-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1763-n-bc.exe

http://download.cdn.downloadsetup.net/cdn/r/.../iLividSetup-r1631-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1074-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1572-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r267-n-bi.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1124-n-bc.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r1228-n-bc.exe

http://download.cdn.downloadsetup.net/cdn/r/.../iLividSetup-r484-n-bc.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r1734-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1734-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1723-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r267-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r868-n-bc.exe

http://download.cdn.sharelive.net/cdn/r/.../iLividSetup-r1558-n-bc.exe

http://download.cdn.expressdownload.net/cdn/r/.../iLividSetup-r1610-n-bc.exe

http://download.expressdownload.net/iLividSetup.exe

http://download.cdn.expressdownload.net/cdn/r/.../iLividSetup-r1236-n-bc.exe

Latest 30 of 40 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to host-213.158.175.72.tedata.net (213.158.175.72:80)

Remove ilividsetup-r1386-n-bi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.