adobe_flash_setup_downloader-qebve5qw6.exe

Somoto Ltd

The application adobe_flash_setup_downloader-qebve5qw6.exe by Somoto has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent. The file has been seen being downloaded from myupdateonline.com.
Publisher:
Somoto Ltd  (signed and verified)

Version:
1.0.0.1

MD5:
13d55bdf786fbd85eef9867b0b1fed00

SHA-1:
16e3d1a59f0961978c26787a9e16c5408c5dd963

SHA-256:
394619ae71b4ca30153254a87746a5dbf62d0290deda85b71f316bf5580d3d84

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
12/25/2024 12:54:40 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-141229

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.141229

Clam AntiVirus
Win.Adware.Somoto
0.98/21511

ESET NOD32
Win32/Somoto
8.10811

NANO AntiVirus
Riskware.Win32.Downware.digcac
0.28.6.63850

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
Adware.NSIS.BetterInstaller.A
12.14.14.00

Trend Micro House Call
Suspicious_GEN.F47V1125
7.2.363

File size:
406.6 KB (416,344 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adobe_flash_setup_downloader-qebve5qw6.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/8/2014 8:00:00 PM

Valid to:
7/9/2015 7:59:59 PM

Subject:
CN=Somoto Ltd, O=Somoto Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
740F9B128416DE31F570E595F4099D2A

File PE Metadata
Compilation timestamp:
12/17/2010 4:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
12288:gA0i50Gpb8YFxgc0CmlYnrUt7gODnmOOOO+L1g35:gAfyGVxD0CQ/gO62OUQ

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.8983  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file adobe_flash_setup_downloader-qebve5qw6.exe has been seen being distributed by the following URL.

Remove adobe_flash_setup_downloader-qebve5qw6.exe - Powered by Reason Core Security