flvplayersetup.exe

FLV Player

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application flvplayersetup.exe by Somoto has been detected as adware by 42 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.  (signed and verified)

Product:
FLV Player

Version:
1.0.0.0

MD5:
2d10a980cc1539c4ca29387e82267b4d

SHA-1:
527dbdb7e31aad1b48fe29ee578df1aaa13e8926

SHA-256:
80452f92bbdf1767e18c2be73930101aef6622fa1e5e98f5b59bfa532641fc0d

Scanner detections:
42 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 10:03:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Parite.B
911

Agnitum Outpost
Win32.Parite.B
7.1.1

AhnLab V3 Security
Win32/Parite
2014.07.18

Avira AntiVirus
W32/Parite
7.11.30.172

avast!
Win32:Somoto-J [PUP]
2014.9-131124

AVG
Win32/Parite
2015.0.3389

Baidu Antivirus
Virus.Win32.Parite.$b
4.0.3.1487

Bitdefender
Win32.Parite.B
1.0.20.1095

Bkav FE
W32.Clodad0.Trojan
1.3.0.4613

Boost by Reason
Trojan.Adw.Installer.Somoto.O
13.11.24.9

Clam AntiVirus
Heuristics.W32.Parite.B
0.98/19168

Comodo Security
Virus.Win32.Parite.gen
18880

Dr.Web
Adware.Somoto.16
9.0.1.0347

Emsisoft Anti-Malware
Win32.Parite
8.14.08.07.04

ESET NOD32
Win32/Somoto
8.9705

Fortinet FortiGate
W32/Parite.B
8/7/2014

F-Prot
W32/Parite.B
v6.4.6.5.141

F-Secure
Win32.Parite.B
11.2014-07-08_5

G Data
Win32.Parite
14.8.24

IKARUS anti.virus
Virus.Parite
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11833

Kaspersky
Virus.Win32.Parite
14.0.0.3442

Malwarebytes
PUP.Optional.Somoto.A
v2014.04.23.01

McAfee
W32/Pate.b
5600.7045

Microsoft Security Essentials
Threat.Undefined
1.179.317.0

MicroWorld eScan
Win32.Parite.B
15.0.0.657

NANO AntiVirus
Virus.Win32.Parite.bgvo
0.28.2.60881

Norman
Pinfi.A
11.20140807

nProtect
Virus/W32.Parite.C
14.07.17.01

Panda Antivirus
PUP/MultiToolbar.A
14.04.23.01

Qihoo 360 Security
Virus.Win32.Parite.H
1.0.0.1015

Quick Heal
W32.Perite.A
8.14.14.00

Reason Heuristics
PUP.Installer.Somoto.O
14.8.7.17

Rising Antivirus
PE:Win32.Parite.b!16043
23.00.65.14805

Sophos
Somoto BetterInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10436

Trend Micro House Call
TROJ_GEN.F47V0717
7.2.328

Trend Micro
PE_PARITE.A
10.465.07

Vba32 AntiVirus
Virus.Win32.Parite.b
3.12.26.3

VIPRE Antivirus
Threat.46249
31208

ViRobot
Win32.Parite.A
2011.4.7.4223

XVirus List
Win32.Detected
2.8.7

File size:
273.2 KB (279,752 bytes)

Product version:
1.0.0

Copyright:
Somoto Ltd.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\flvplayersetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/19/2011 8:00:00 PM

Valid to:
9/19/2014 7:59:59 PM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., STREET=PO Box 58096, L=Tel Aviv, S=--, PostalCode=61580, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00841D099D16B738F34172FEEFE1D2574F

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ye34CQgRTXRKeCuPh6D1VyDEnJqR7rxObPzl7cj33Qc3UT:wcTXRKevPqGAJqRxObhW33Qv

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8786

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file flvplayersetup.exe has been seen being distributed by the following 2 URLs.

Remove flvplayersetup.exe - Powered by Reason Core Security