00000005

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The file 00000005 by Somoto has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.easy-pdf-converter.com.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
d1abf17591e224af54f34c785db2517a

SHA-1:
a9f61ab8ef1ebedecfc79609ebe0296c8c6fd374

SHA-256:
dd6032a8a0ab748e8604a7520dca964ac5bb8832be08f1cab7133397ae937ac0

Scanner detections:
7 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/4/2024 5:03:21 PM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Adware.Somoto
0.98/19414

Dr.Web
Trojan.Packed.28357
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Somoto
14.09.22

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

Reason Heuristics
PUP.Somoto.I
14.9.22.8

VIPRE Antivirus
Threat.4150696
33120

File size:
220 KB (225,288 bytes)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\file system\001\t\00\00000005

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/2/2014 8:00:00 AM

Valid to:
7/3/2015 7:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 5:14:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:x22ihA0m3BJX0ojTJXlRUNEEDDLwqgtTfRWDHUxxzXJboqFTbpprg+C7sMX1AArQ:SA0m3D0ovJXl43+RwDKxz58gTg7VUQG

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7519  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file 00000005 has been seen being distributed by the following URL.

Remove 00000005 - Powered by Reason Core Security