cmucsoko.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The file cmucsoko.exe by Somoto has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
fd41e16253850c65e5a46c7f97557c6b

SHA-1:
1dde74d6c5b97da994640d8653addd3482c9c7c3

SHA-256:
c375b574c5681daa56c769f84b31854b11e652e2fd1ef3d7625961174b3fdddb

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/23/2024 9:50:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
452

Avira AntiVirus
APPL/Somoto.Gen2
7.11.170.48

AVG
Generic
2016.0.2930

Baidu Antivirus
Adware.Win32.Agent
4.0.3.151110

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1570

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Comodo Security
Application.Win32.Somoto.CK
19375

Emsisoft Anti-Malware
Application.Bundler.Somoto
8.15.11.10.08

ESET NOD32
Win32/Somoto
9.10343

F-Secure
Application.Bundler.Somoto.J
11.2015-10-11_3

IKARUS anti.virus
PUA.Downloader.Somoto
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1143

McAfee
Somoto-BetterInstaller
5600.6586

MicroWorld eScan
Application.Bundler.Somoto.J
16.0.0.942

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.61861

nProtect
Trojan-Clicker/W32.Agent.225280.AZ
14.08.31.01

Panda Antivirus
PUP/MultiToolbar.A
15.11.10.08

Qihoo 360 Security
Win32/Application.6bb
1.0.0.1015

Reason Heuristics
PUP.Somoto.Bundler (M)
15.11.10.8

Sophos
Generic PUA BN
4.98

SUPERAntiSpyware
PUP.Somoto/Variant
9516

VIPRE Antivirus
Trojan.Win32.Generic
32704

File size:
220 KB (225,280 bytes)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\appdata\local\temp\cmucsoko.exe.part

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/1/2014 8:00:00 PM

Valid to:
7/2/2015 7:59:59 PM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 4:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:aA0m3D0oO+6BP1nUxt8G+YSjytpI/xSEiP28+9:aA0iD0oOB1Uxt8lYS2t6/OI

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7513  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file cmucsoko.exe has been seen being distributed by the following 4 URLs.

http://easy-file-converter.com/.../FLVPlayerSetup-Nf2DtiIyl.exe

Remove cmucsoko.exe - Powered by Reason Core Security