download_minecraft_1_7_9_pirata_completo_ph_downssetup-i0kmuoqbw.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application download_minecraft_1_7_9_pirata_completo_ph_downssetup-i0kmuoqbw.exe by Somoto has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Somoto BetterInstaller installer. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
73e93bb2553d188bfa5485ab396d70ef

SHA-1:
004947e04655dd3e1deb50977677dd75784ad8f8

SHA-256:
2aa3403a4687acd73d998a31b3e74a10601cbd77f1d5c5a8b9a0d343974294c7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 2:04:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Somoto.Bundler (M)
16.3.9.23

File size:
220 KB (225,272 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\downloads\download_minecraft_1_7_9_pirata_completo_ph_downssetup-i0kmuoqbw.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/1/2014 9:00:00 PM

Valid to:
7/2/2015 8:59:59 PM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 7:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:iA0m3D0ohWbu1btuCmxw8/Zu6j5Xpu1A5nIlGH69:iA0iD0ohWNTxOU5SlD9

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

The file download_minecraft_1_7_9_pirata_completo_ph_downssetup-i0kmuoqbw.exe has been seen being distributed by the following URL.