Setup.exe

iLivid

Bandoo Media, Inc.

The file Setup.exe by Bandoo Media has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from dc734.4shared.com.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc.)

Product:
iLivid

Description:
iLivid Install

Version:
5.0.2.4813

MD5:
4b6df6c8ec3061ee3bc17f169903a1e8

SHA-1:
44deb16a009ff50f2b11d1ae9e6873cea668d5d8

SHA-256:
cc93cbeeb9bf42ad039503feeceacfbb45911b49f9a64180b9719d787531d2c1

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
12/28/2024 1:07:56 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.SearchSuite
2015.04.21

avast!
NSIS:ILivid-B [PUP]
2014.9-150526

AVG
Generic
2016.0.3097

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Bandoo.194
9.0.1.0146

ESET NOD32
Win32/Toolbar.SearchSuite potentially unwanted
9.11504

F-Prot
W32/SearchSuite.B.gen
v6.4.7.1.166

G Data
Win32.Adware.Bandoo
15.5.25

K7 AntiVirus
Adware
13.202.15652

Kaspersky
not-a-virus:WebToolbar.Win32.SearchSuite
14.0.0.1982

Malwarebytes
PUP.Optional.Bandoo
v2015.05.26.03

NANO AntiVirus
Riskware.Win32.Bandoo.dgnlaz
0.30.20.1219

Reason Heuristics
PUP.Bandoo.Installer
15.5.26.15

Rising Antivirus
PE:AdWare.Win32.BearShare.b!1075356890
23.00.65.15524

VIPRE Antivirus
Trojan.Win32.Generic
39522

Zillya! Antivirus
Adware.SearchSuite.Win32.368
2.0.0.2145

File size:
1.6 MB (1,712,640 bytes)

Product version:
5.0.2.4813

Copyright:
Copyright (c) 2015

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
11/26/2014 7:00:00 PM

Valid to:
2/23/2016 6:59:59 PM

Subject:
CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3DECB3F6069817010107782EABF518FB

File PE Metadata
Compilation timestamp:
2/24/2012 2:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:D6C4SAmwW9AFXPYMq/m+VO2kQEFAtURxnSHmxTX++6WF8uWH5YGydyg0T/:14e9Ubi1cXQObnNRXXlWH5idyg0T/

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.3913

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file Setup.exe has been seen being distributed by the following URL.

Remove Setup.exe - Powered by Reason Core Security