home

nsk433a.tmp

Somoto Ltd

The file nsk433a.tmp by Somoto has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.
Publisher:
Somoto Ltd  (signed and verified)

Version:
1.0.0.1

MD5:
b652e70b814196264bcb900eea6060dc

SHA-1:
1d89abca41a0dbb3c96fcb6ebff160e71b6e1605

SHA-256:
346a2cc4c16bc43840399697e0693f081dc7cb5eaf8eb3d601eb42f4bff4de21

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 3:29:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.AG
517

AhnLab V3 Security
PUP/Win32.Somoto
2015.08.18

Avira AntiVirus
PUA/Somoto.Gen2
8.3.1.6

Arcabit
Application.Bundler.Somoto.AG
1.0.0.425

AVG
AdLoad.S
2016.0.2995

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.1596

Bitdefender
Application.Bundler.Somoto.AG
1.0.20.1245

Bkav FE
W32.HfsAdware
1.3.0.7062

Clam AntiVirus
Win.Adware.Somoto-2
0.98/21511

Dr.Web
Adware.Somoto.139
9.0.1.0249

ESET NOD32
Win32/Somoto.G potentially unwanted
9.12107

F-Prot
W32/Trojan2.OUSK
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2015-06-09_1

K7 AntiVirus
Unwanted-Program
13.2016911

Kaspersky
not-a-virus:HEUR:Downloader.NSIS.Somoto
14.0.0.1468

Malwarebytes
PUP.Optional.Somoto.C
v2015.09.06.08

MicroWorld eScan
Application.Bundler.Somoto.AG
16.0.0.747

NANO AntiVirus
Riskware.Nsis.Adware.dshbbp
0.30.24.3079

Panda Antivirus
PUP/Somoto
15.09.06.08

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Somoto.Installer (M)
15.9.6.8

Trend Micro House Call
ADW_TOMOS.SMN
7.2.249

Trend Micro
ADW_TOMOS.SMN
10.465.06

VIPRE Antivirus
Trojan.Win32.Generic
42966

File size:
420.8 KB (430,904 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nsk433a.tmp

Digital Signature
Signed by:
Somoto Ltd

Authority:
Symantec Corporation

Valid from:
6/24/2015 6:00:00 AM

Valid to:
8/23/2016 5:59:59 AM

Subject:
CN=Somoto Ltd, O=Somoto Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
02FED381427052F6E66365A4627FB0ED

File PE Metadata
Compilation timestamp:
12/6/2009 4:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:OsxFOpPXkLASfYXmh/2EEZX3xX4iox9xlflvIoglTxQB2NLDHfrH0EFc9S0+uJFj:TFOpPXIASQqdO6lTCD/rUI6SduJFj

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9413

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file nsk433a.tmp has been seen being distributed by the following 2 URLs.

http://cdn.roastfiles.info/download/60/50001/.../setup.exe

http://sub.spirlymo.com/installers/bi_downloader/.../setup.exe

Remove nsk433a.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.