00000000

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The file 00000000 by Somoto has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.  (signed and verified)

Version:
1.0.0.1

MD5:
522ca56f9c8388b2a1d5408587451f96

SHA-1:
c80717236b7c20671eae67c1d622ab8053c595ee

SHA-256:
889ae99f91e07c4f41ae88ec51de337346e7e74ea69d33f614d31f6f65704ea6

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/24/2024 5:17:16 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/Somoto
2014.12.25

avast!
Win32:Somoto-R [PUP]
2014.9-141225

AVG
Generic
2015.0.3250

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.141225

Dr.Web
Trojan.Packed.28357
9.0.1.0359

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.2743

McAfee
Artemis!522CA56F9C83
5600.6906

Qihoo 360 Security
Win32/Virus.Downloader.192
1.0.0.1015

Quick Heal
Adware.NSIS.BetterInstaller.A
12.14.14.00

Reason Heuristics
PUP.Somoto.I
14.12.25.7

Sophos
Somoto BetterInstaller
4.98

Trend Micro House Call
Suspicious_GEN.F47V1224
7.2.359

File size:
420.9 KB (430,992 bytes)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\profile 2\file system\000\t\00\00000000

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/2/2014 5:30:00 AM

Valid to:
7/3/2015 5:29:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ZsxFvbL7bEB1FQrd3DWI1wdr1ZqsmB9e1hNOVPKtb2rOB6EwbZ3bjv0/5reotPXP:oFvzo2114qfe1/mnu6Ea3bjYsOPH

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9408

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 00000000 has been seen being distributed by the following 50 URLs.

http://fsoft4down.com/.../FLVPlayer_downloader-N2JWvX8sY.exe

http://fsoft4down.com/.../FLVPlayer_downloader-N5WtGqzIH.exe

http://fsoft4down.com/.../Avast!Antivirus2015_downloader-N1os96TXG.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-NbnAtn6zB.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-N2Qk9zkLJ.exe

http://www.leozinhocds.com.br/.../_CD_Raca_Negra_As_Melhores_2014Setup-Q0Jj6FcW2.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-N2ygMCCEx.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-NcuCkfk53.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-N97M39NmC.exe

http://fsoft4down.com/.../FLVPlayer_downloader-N9P0b9EMd.exe

http://fsoft4down.com/.../FreeZip_downloader-Nd9snyMGf.exe

http://www.leozinhocds.com.br/.../_CD_Projota_Foco_Forca_e_Fe_2014Setup-QbGugUnzy.exe

http://www.win-install.info/.../FileZillaClient_downloader-Q9XkaOOKB.exe

http://fsoft4down.com/.../FLVPlayer_downloader-NddM3XxzY.exe

http://fsoft4down.com/.../HDPlayer_downloader-N1e7J09XV.exe

http://www.download.net.pl/.../TheSims3_downloader-Q6SFQZ2NM.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-N6aXrstBW.exe

http://www.phdowns.com/.../ATIVADOR_Windows_7_DEFINITIVO_Todas_as_Versoes_32_64_Bits_PH_DownsSetup-Q9dbRECye.exe

http://baixandogratis.net/.../Download_Nao_da_mais_Ela_me_faz_Mariana_Nolasco_Mp3Setup-QeL5rqj6Z.exe

http://omusicasparabaixar.com/.../_downloader-QfY9tPqdE.exe

http://www.download.net.pl/.../EasyCDClone_downloader-QadzDqZud.exe

http://www.sosertanejo10.com/.../Baixar-CD-Top-Sertanejo-2014_downloader-Qdu5zmbti.exe

http://www.novatogames.org/.../Vampire-The-Masquerade:-Bloodlines-(PC)_downloader-Q1hYl39Wv.exe

http://sub.diedda.info/NbDc9fcN6a1589ebd812b0aa1695f202257d1753f0kRufqe3tx7YToyOntzOjI6InRzIjtpOjE0MjAzOTA2NTA7czoxOiJmIjtzOjcyOiIvaG9tZS93d3cvYXNzZXRzL2JldHRlcl9pbnN0YWxsZXIvaW5zdGFsbGVycy9jbGkvc2V0dXBfMTQxNDcwODAzODgxMy5leGUiO30=

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-NdeezpNtE.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-NaVu8xNxj.exe

http://www.phdowns.com/.../ATIVADOR_Windows_7_DEFINITIVO_Todas_as_Versoes_32_64_Bits_PH_DownsSetup-Q0BHxNgez.exe

http://fsoft4down.com/.../NickKaraokev_downloader-N4nacjNJC.exe

http://powerbr.in/.../Media-Player_downloader-Q5YeGk1Ni.exe

http://fsoft4down.com/.../FileDownloadedSuccessfully_downloader-N5Qzc0JqQ.exe

Latest 30 of 128 download URLs

Remove 00000000 - Powered by Reason Core Security