Although lots of surveys and reports have been done on iLivid by lots of malware analyzers, I decided to inspect iLivid independent of previous research.
I have read lots of reports about iLivid but when I proceed to survey I download iLivid from iLivid.com its official domain. So, I have the following questions from my observation:
1)I did not observe any malicious behavior from what I have read from reports e.g: browser hijacking , changing DNS setting , changing homepage , installing additional add-ons,.... and mainly I can say I didn't see any malicious behavior. So, I guessed maybe there is a difference between the version of iLivid from its official domain and the version which users get infected through tricky invented links. Maybe the former is safe and the latter is the malicious one. Is this possible and a reasonable guess?
main question: if there are safe and unsafe versions of iLivid, how can I infect my system with iLivid???!!
2) Is it natural for malware to behave differently depending on the context? Because when I observed report, a wide variety of bad job were reported.
3) iLivid introduces itself as a product of Banadoo media inc. There are some other apps that introduce themselves as product of this company. I have not found anything about this company. All apps from this company are ill-reputed and suspicious in the reports. I think it is just nominal company and do you know something about this company?
4) When I run Babylon and IDM.exe while iLivid is running iLivid two unrelated .dll module one from Babylon which is Captlib.dll
and another from IDM.exe
which is dmmkb.dll
. I don't know how to analyse this behaviour. Please help if you can!