» ilividsetup-r362-n-bf.exe
Overview
Analysis
File Details
Programs (1)
Downloads (241)

ilividsetup-r362-n-bf.exe

iLivid

Bandoo Media Inc

The application ilividsetup-r362-n-bf.exe by Bandoo Media Inc has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program 360Amigo System Speedup PRO by 360Amigo. The file has been seen being downloaded from lp.ilivid.com and multiple other hosts.

File name:

Publisher:

Bandoo Media Inc (signed and verified)

Product:

iLivid

Description:

iLivid Install

Version:

4.0.0.2901

MD5:

468bbe0dc83496cad49597a47341c786

SHA-1:

a3e1c3254e599505a71c7842af34c87496b94827

SHA-256:

ee5b93ed7822b58b03e1effcfd4958ecb91b0160c733bb86c8a39d27c019d053

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:

11/27/2024 12:02:04 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Bandoo.12

9.0.1.0359

ESET NOD32

Win32/Toolbar.SearchSuite

7.9310

Malwarebytes

PUP.Optional.Bandoo

v2013.12.25.11

Reason Heuristics

PUP.Optional.Installer.BandooMedia.V

14.2.20.18

File size:

1.4 MB (1,488,280 bytes)

Product version:

4.0.0.2901

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ilividsetup-r362-n-bf.exe

Digital Signature

Signed by:

Bandoo Media Inc

Authority:

Thawte, Inc.

Valid from:

9/18/2012 5:00:00 PM

Valid to:

10/5/2014 4:59:59 PM

Subject:

CN=Bandoo Media Inc, O=Bandoo Media Inc, L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

32B24D9C6170CB3DA53A710307649B95

File PE Metadata

Compilation timestamp:

4/10/2010 5:19:38 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:CzZnC4SUyCYhkkasvNmpQf5kZaSQ98Vb09oAJXse6XKQDIYLnscG6S:C84+3kJamGlS66bA7JXseQIYLsx

Entry address:

0x3415

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, B3, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, B2, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, A0, 32, 47, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, C0, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.2775

Packer / compiler:

Nullsoft install system v2.x

Code size:

26 KB (26,624 bytes)

The file ilividsetup-r362-n-bf.exe has been discovered within the following program.

360Amigo System Speedup PRO by 360Amigo

360Amigo System Speedup is a tool of Windows that works quickly in identifying the problem and fix it if there are some mistakes that result in slow system performance.

www.360amigo.com

56% remove it

The file ilividsetup-r362-n-bf.exe has been seen being distributed by the following 50 URLs.

http://lp.ilivid.com/download?appid=400&subid=3096693337.146556.a443b95e83.691

http://lp.sharelive.net/download?appid=400&subid=1836754080-166231-1368207609.7052-1239

http://lp.sharelive.net/download?appid=400&subid=1556167037-146559-1368839781.5967-2265

http://download.cdn.sharelive.net/cdn/r/.../iLvSetup-r679-n-bc.exe

http://lp.ilivid.com/download?appid=400&subid=1473387203.146564.1fe1c3b6b1.691

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r405-n-bf.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r140-n-bi.exe

http://lp.ilivid.com/download?appid=400&subid=1581305106.178089.0bf085feba.4118

http://lp.ilivid.com/download?appid=400&subid=1248668527-146551-1369622458.1663-691

http://lp.ilivid.com/download?appid=400&subid=3639470288.146551.e10b215215.691

http://www.adshost2.com/cr?b=31776&p=13098&c=13052&l=PL&h=00eb15d277f74fa059659c29302b0ab9&t=1369960547654&u=http://.../download?appid=621&subid=MTMwOTh8MzE3NzZ8UEx8M3wx|1dfa4b7878f72bed89796b5b46c765e3

http://lp.ilivid.com/download?appid=400&subid=3321595024.146667.92477f7830.691

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r706-n-bi.exe

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r0-n-bi.exe

http://41.223.201.246/.../iLividSetup.exe

http://lp.ilivid.com/download?appid=400&subid=3252723614.178739.4698e74565.4118

http://lp.ilivid.com/download?appid=400&subid=1267409018-167005-1369284957.3-1446

http://lp.ilivid.com/download?appid=400&subid=1111850685-167005-1368830859.4084-1446

http://lp.ilivid.com/download?appid=400&subid=2986925442.146559.0d64ba72fe.691

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r707-n-bi.exe

http://lp.ilivid.com/download?appid=540

http://download.cdn.ilivid.com/cdn/r/.../iLividSetup-r420-n-bf.exe

http://lp.sharelive.net/download?appid=400&subid=1826291324-146551-1368946191.7749-691

http://lp.sharelive.net/download?appid=400&subid=1473551487-146564-1368302814.602-691

http://lp.ilivid.com/download?appid=400&subid=1053187582.146557.05f4729ca2.691

http://lp.ilivid.com/download?appid=575

http://lp.ilivid.com/download?appid=400&subid=1194957814-146551-1369620351.6674-691

http://lp.ilivid.com/download?appid=400&subid=1246204386.190363.db8437c7f4.4134

http://lp.ilivid.com/download?appid=400&subid=1499726594.146562.54229d6e10.691

http://download.cdn.sharelive.net/cdn/r/.../iLvSetup-r267-n-bc.exe

Latest 30 of 241 download URLs

Remove ilividsetup-r362-n-bf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.