» adobe_flash_setup_downloader-q4okzwjsk.exe
Overview
Analysis
File Details

adobe_flash_setup_downloader-q4okzwjsk.exe

Somoto Ltd

The application adobe_flash_setup_downloader-q4okzwjsk.exe by Somoto has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.

File name:

Publisher:

Somoto Ltd (signed and verified)

Version:

1.0.0.1

MD5:

04daf5568d571650ca4386decd5f4e75

SHA-1:

e61d07fe1293b46d4230e5b47f4079c2169aa1cb

SHA-256:

0e16a0f905fe8f9544694441e41c3cda1c3e43fd01f06ae74499eecd12adf8c6

Scanner detections:

9 / 68

Status:

Potentially unwanted

Explanation:

Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:

11/15/2024 9:58:28 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Malware-gen

150203-1

Baidu Antivirus

Adware.Win32.Somoto

4.0.3.15210

Clam AntiVirus

Win.Adware.Somoto

0.98/20051

ESET NOD32

Win32/Somoto.G potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:Downloader.Win32.Agent

15.0.0.543

NANO AntiVirus

Riskware.Win32.Downware.digcac

0.30.0.65070

Quick Heal

Adware.NSIS.BetterInstaller.A

2.15.14.00

Sophos

Generic PUA OG

4.98

VIPRE Antivirus

Threat.4150696

36694

File size:

406.5 KB (416,296 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobe_flash_setup_downloader-q4okzwjsk.exe

Digital Signature

Signed by:

Somoto Ltd

Authority:

VeriSign, Inc.

Valid from:

7/9/2014 2:00:00 AM

Valid to:

7/10/2015 1:59:59 AM

Subject:

CN=Somoto Ltd, O=Somoto Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

740F9B128416DE31F570E595F4099D2A

File PE Metadata

Compilation timestamp:

12/17/2010 10:14:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

12288:wA0i50G58u4eOQWE/VkdODpGFaAv62VorrkmdR1LoN8WQz:wAfyGOx5dQqaAvJurkmdjq8J

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83... 
[+]

Code size:

28.5 KB (29,184 bytes)

Remove adobe_flash_setup_downloader-q4okzwjsk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.