» adobe_flash_setup_downloader-qebve5qw6.exe
Overview
Analysis
File Details
Downloads (1)

adobe_flash_setup_downloader-qebve5qw6.exe

Somoto Ltd

The application adobe_flash_setup_downloader-qebve5qw6.exe by Somoto has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent. The file has been seen being downloaded from myupdateonline.com.

File name:

Publisher:

Somoto Ltd (signed and verified)

Version:

1.0.0.1

MD5:

13d55bdf786fbd85eef9867b0b1fed00

SHA-1:

16e3d1a59f0961978c26787a9e16c5408c5dd963

SHA-256:

394619ae71b4ca30153254a87746a5dbf62d0290deda85b71f316bf5580d3d84

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:

11/15/2024 5:36:20 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-141229

Baidu Antivirus

Adware.Win32.Somoto

4.0.3.141229

Clam AntiVirus

Win.Adware.Somoto

0.98/21511

ESET NOD32

Win32/Somoto

8.10811

NANO AntiVirus

Riskware.Win32.Downware.digcac

0.28.6.63850

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Quick Heal

Adware.NSIS.BetterInstaller.A

12.14.14.00

Trend Micro House Call

Suspicious_GEN.F47V1125

7.2.363

File size:

406.6 KB (416,344 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobe_flash_setup_downloader-qebve5qw6.exe

Digital Signature

Signed by:

Somoto Ltd

Authority:

VeriSign, Inc.

Valid from:

7/8/2014 8:00:00 PM

Valid to:

7/9/2015 7:59:59 PM

Subject:

CN=Somoto Ltd, O=Somoto Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

740F9B128416DE31F570E595F4099D2A

File PE Metadata

Compilation timestamp:

12/17/2010 4:14:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

12288:gA0i50Gpb8YFxgc0CmlYnrUt7gODnmOOOO+L1g35:gAfyGVxD0CQ/gO62OUQ

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83... 
[+]

Entropy:

7.8983 (probably packed)

Code size:

28.5 KB (29,184 bytes)

The file adobe_flash_setup_downloader-qebve5qw6.exe has been seen being distributed by the following URL.

http://myupdateonline.com/download.php?conversion_id=14168730327112&site_id=595&app_id=4&lp_id=107&v=smt&stub_id=35&v_id=43a28bd865a16354fdb9ac375f05b7fa&dist_id=231&channel=adc_flsept&pbsid=1416873031806_1416872204095_114_45019_153628355_1

Remove adobe_flash_setup_downloader-qebve5qw6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.