adobe_flash_setup_downloader-q4okzwjsk.exe

Somoto Ltd

The application adobe_flash_setup_downloader-q4okzwjsk.exe by Somoto has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd  (signed and verified)

Version:
1.0.0.1

MD5:
04daf5568d571650ca4386decd5f4e75

SHA-1:
e61d07fe1293b46d4230e5b47f4079c2169aa1cb

SHA-256:
0e16a0f905fe8f9544694441e41c3cda1c3e43fd01f06ae74499eecd12adf8c6

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
12/25/2024 1:25:27 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Malware-gen
150203-1

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.15210

Clam AntiVirus
Win.Adware.Somoto
0.98/20051

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.543

NANO AntiVirus
Riskware.Win32.Downware.digcac
0.30.0.65070

Quick Heal
Adware.NSIS.BetterInstaller.A
2.15.14.00

Sophos
Generic PUA OG
4.98

VIPRE Antivirus
Threat.4150696
36694

File size:
406.5 KB (416,296 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_setup_downloader-q4okzwjsk.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/9/2014 2:00:00 AM

Valid to:
7/10/2015 1:59:59 AM

Subject:
CN=Somoto Ltd, O=Somoto Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
740F9B128416DE31F570E595F4099D2A

File PE Metadata
Compilation timestamp:
12/17/2010 10:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
12288:wA0i50G58u4eOQWE/VkdODpGFaAv62VorrkmdR1LoN8WQz:wAfyGOx5dQqaAvJurkmdjq8J

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

Remove adobe_flash_setup_downloader-q4okzwjsk.exe - Powered by Reason Core Security