install_sopcast3.5.0.exe

Meta Installer LLC

This is the Vittalia Filewon Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application install_sopcast3.5.0.exe by Meta Installer has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Vittalia DM installer. According to Microsoft Security Essentials, the software bundles and installs the Lolliport adware program (in many cases without a user's knowledge). It usually gets on your PC as an installer for a free game or application. This software bundler installs other potentially unwanted software, including Adware:Win32/Lollipop, at the same time as other software.
Publisher:
Meta Installer LLC  (signed and verified)

MD5:
43efba97fc387e5f62d6bc2ff7742abb

SHA-1:
81823e2c5322f9c4ebdb3345b7f96fe8aac2c79c

SHA-256:
20511eb0c2d88803ddf8db9ce7ca4a5f51c9100d78db68aa1751586066298ecd

Scanner detections:
24 / 68

Status:
Adware

Explanation:
This software bundler installs other potentially unwanted software, including Adware:Win32/Lollipop during isntallation without a user's consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/27/2024 7:52:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Tool.Lolliport.74
7.11.117.240

AVG
MultiBundle.C
2015.0.3516

Baidu Antivirus
AdWare.Win32.Lollipop
4.0.3.1443

Comodo Security
ApplicUnwnt.Win32.Lollipop.A
17387

Dr.Web
Adware.Downware.441
9.0.1.093

ESET NOD32
Win32/Adware.Lollipop
8.9132

McAfee
Artemis!43EFBA97FC38
5600.7172

Microsoft Security Essentials
SoftwareBundler:Win32/Lolliport
1.163.1557.0

Reason Heuristics
PUP.MetaInstaller.S
14.8.7.21

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14401

SUPERAntiSpyware
Adware.Lollipop/Variant
10688

VIPRE Antivirus
Iminent
24022

File size:
788.4 KB (807,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Vittalia DM (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\install_sopcast3.5.0.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
2/5/2013 3:58:42 PM

Valid to:
2/16/2014 7:59:09 PM

Subject:
CN=Meta Installer LLC, O=Meta Installer LLC, L=Wilmington, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27F0D47D5B2679

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:4DcSjaVQVbougim4B0mRBKTtd8jVWIPS+hIxSo/6iH4M/jznwHKcrIDLsunz0c:jTGVlgkqmOd8HuS66iHzYHKqc3wc

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file install_sopcast3.5.0.exe has been seen being distributed by the following URL.

Remove install_sopcast3.5.0.exe - Powered by Reason Core Security