home

flvplayer_downloader-n423d5nqt.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application flvplayer_downloader-n423d5nqt.exe by Somoto has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
ee36014673076bea520d5201c8554402

SHA-1:
16c26000ed1f827fa64631b759c6c782ecfb416d

SHA-256:
4822a693fb5595a668f91c3e3a5bc5a8cdd0b0d4a81649a5cc992c3bd6568f26

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
11/4/2024 5:04:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
861

Avira AntiVirus
APPL/Somoto.Gen2
7.11.170.84

AVG
Generic
2015.0.3339

Baidu Antivirus
Adware.Win32.Agent
4.0.3.14927

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1350

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Comodo Security
Application.Win32.Somoto.CK
19389

Emsisoft Anti-Malware
Application.Bundler.Somoto
8.14.09.27.05

ESET NOD32
Win32/Somoto
8.10348

F-Secure
Application.Bundler.Somoto.J
11.2014-27-09_7

IKARUS anti.virus
PUA.Downloader.Somoto
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3189

Malwarebytes
PUP.Optional.Somoto
v2014.09.27.05

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.810

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.61942

Panda Antivirus
PUP/MultiToolbar.A
14.09.27.05

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Somoto.EE
14.9.27.5

Sophos
Generic PUA BG
4.98

SUPERAntiSpyware
PUP.Somoto/Variant
10335

Trend Micro House Call
TROJ_GEN.R0C1H07I114
7.2.270

VIPRE Antivirus
Trojan.Win32.Generic
32734

File size:
220 KB (225,312 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\flvplayer_downloader-n423d5nqt.exe

Digital Signature
Signed by:
Somoto Ltd.

Authority:
Thawte, Inc.

Valid from:
7/2/2014 3:00:00 AM

Valid to:
7/3/2015 2:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 11:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:522ihA0m3BJX0oYS8kDLTPJlfGZAJFPJfQQJOZ29Ssmpmm3znc/JFmDe6k5jeGq:6A0m3D0oYDkDHPJlfnPJpJOVc3ie6hD

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

The file flvplayer_downloader-n423d5nqt.exe has been seen being distributed by the following URL.

http://www.easy-pdf-converter.com/.../FLVPlayerSetup-Nca62oy59.exe

Remove flvplayer_downloader-n423d5nqt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.