video_downloader.exe

Bundlore LTD

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application video_downloader.exe, “Video Codec setup” by Bundlore has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Bundlore Downloader installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d51.newplaymedia.com and multiple other hosts.
Publisher:
Video Codec  (signed by Bundlore LTD)

Product:
Video Codec

Description:
Video Codec setup

Version:
1.14

MD5:
3859303fcabb0a8a7be59f3fc31ce6ce

SHA-1:
fbb84c5c3a77da819cd555d49075f6457a267fe0

SHA-256:
4f87e38b64a523bd816d9c8f5dca4728039250d7143bd15cda612d8793b8aaf1

Scanner detections:
10 / 68

Status:
Adware

Explanation:
May bundle various unwanted software without adequate user consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 6:33:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Bundlore.D.1
7.11.124.62

AVG
MultiBundle.H
2015.0.3542

Baidu Antivirus
Adware.Win32.Bundlore
4.0.3.1437

Dr.Web
Adware.Downware.354
9.0.1.066

ESET NOD32
Win32/Adware.Bundlore
8.9266

Reason Heuristics
PUP.Installer.Bundlore.Q
14.8.7.20

Rising Antivirus
NS:Malware.Install!1.9F21
23.00.65.14305

Trend Micro House Call
TROJ_GEN.R0CBH07JN13
7.2.66

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Bundlore
25230

File size:
408.8 KB (418,592 bytes)

Copyright:
© Video Codec (video_codec_I017_AUTO_SIGNED_WITHPOST)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bundlore Downloader (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\video_downloader.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/14/2011 2:00:00 AM

Valid to:
7/14/2012 1:59:59 AM

Subject:
CN=Bundlore LTD, O=Bundlore LTD, STREET=Beit Oved 9, L=Tel Aviv, S=Israel, PostalCode=67211, C=IL

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C2EDB982F61E28983414A8928629883D

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:PykekqXTbtEMwRpBO3MW1w3f4HblJG7F+yMkS:QPaMwRraM58bPGZ72

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file video_downloader.exe has been seen being distributed by the following 4 URLs.

Remove video_downloader.exe - Powered by Reason Core Security