» 00000001
Overview
Analysis
File Details
Downloads (1)

00000001

The file 00000001 has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent. The file has been seen being downloaded from fileplenty.com.

File name:

00000001

Version:

1.0.0.1

MD5:

34882e1e0f9a2fcb8196f7f01ca06ce7

SHA-1:

adf6d3fc8c9a19e774e16960399c8ab9c3d36b29

SHA-256:

fed6f611a583b0d1dd961031dd9e28037900416f82c41d016ec3810ea2beeb41

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

11/27/2024 2:11:07 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Somoto

4.0.3.15225

Bkav FE

HW32.Packed

1.3.0.6379

Clam AntiVirus

Win.Adware.Somoto

0.98/21511

ESET NOD32

Win32/Somoto.G potentially unwanted

9.11177

NANO AntiVirus

Riskware.Win32.Downware.digcac

0.30.0.65070

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Quick Heal

Adware.NSIS.BetterInstaller.A

2.15.14.00

File size:

401.7 KB (411,354 bytes)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\application data\google\chrome\user data\default\file system\032\t\00\00000001

File PE Metadata

Compilation timestamp:

12/17/2010 6:14:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

12288:pA0i50GJVYwtWqS5QtY4MHfxiGl276OitzYjEVxh5:pAfyGJCwtvSjRHoGl276O8zYjEVxh5

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83... 
[+]

Code size:

28.5 KB (29,184 bytes)

The file 00000001 has been seen being distributed by the following URL.

http://fileplenty.com/.../FileDownloaded20Successfully_downloader-N6nereAmG.exe

Remove 00000001 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.