nspa365.tmp

Better Installer

Somoto Ltd.

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file nspa365.tmp has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.

Product:
Better Installer

Version:
1.0

MD5:
3a87bf4655e0f2930ec8de8545f24d12

SHA-1:
e4d3b7ba1f9b62caebb9187b920b7d612e07e0b0

SHA-256:
2e63762050c7cb6bc81f489fe17021104cb1ab47bb7724b307a75b1a2026853c

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 12:39:26 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
APPL/Somoto.Gen2
7.11.152.198

Dr.Web
Adware.Somoto.8
9.0.1.023

ESET NOD32
Win32/Somoto (variant)
9.9883

Fortinet FortiGate
Riskware/Somoto
1/23/2015

G Data
Win32.Application.Somoto
15.1.24

Malwarebytes
PUP.Optional.Somoto.A
v2015.01.23.01

NANO AntiVirus
Trojan.Win32.Somoto.cumknu
0.28.0.60100

Reason Heuristics
PUP.Installer.Somoto
15.1.23.1

Sophos
Somoto BetterInstaller
4.98

File size:
116.1 KB (118,910 bytes)

Product version:
1.0

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\nspa365.tmp

File PE Metadata
Compilation timestamp:
12/6/2009 11:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:nQpQ5EP0ijnRTXJD1AeDhyD0eT7936N7Vty2UIMvn0E3GfM/wG7hd8BbC2Nkdaz4:nQIURTXJDNw9q5Vt8OEoG7hub99s7ZT

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7483

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file nspa365.tmp has been seen being distributed by the following 2 URLs.

Remove nspa365.tmp - Powered by Reason Core Security