setup.exe

Converter

Bundlore LTD

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe, “Converter Setup ” by Bundlore has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer. The file has been seen being downloaded from dfb.mediaconvertdownload.com and multiple other hosts.
Publisher:
Bundlore LTD  (signed and verified)

Product:
Converter

Description:
Converter Setup

MD5:
481320088fca850db5228556921ab836

SHA-1:
fa44a4592f585ecc3008f28ce6e1ebda6ffa77c5

SHA-256:
36e8fa543f7993a94e1df9590ab5bbd2ccfe8ce169871b9df878c86e22d8ad7f

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 4:45:53 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Conduit
8.9517

Reason Heuristics
PUP.Installer.Bundlore.F
14.8.7.20

VIPRE Antivirus
Bundlore
27194

File size:
759.5 KB (777,768 bytes)

Product version:
0.1

Copyright:
Copyright © Search Setup (Converter_m42)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/4/2012 8:00:00 PM

Valid to:
7/5/2014 7:59:59 PM

Subject:
CN=Bundlore LTD, O=Bundlore LTD, STREET=Beit Oved 9, L=Tel Aviv, S=Israel, PostalCode=67211, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0C7A8094C56AAFE39F3CA37C7F65AC84

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UQFaO8CL8+iDh+/sfticylMzkS6f/6OHXVTDYO57E8xMGylJNJCB:UQFv8i8f7ccyjS637FTDYA7EvlJSB

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9724

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file setup.exe has been seen being distributed by the following 3 URLs.

Remove setup.exe - Powered by Reason Core Security