potload_downloader-i3zanowrm.exe

The application potload_downloader-i3zanowrm.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
MD5:
3ae0cadabfee70d7b63841cacebef84a

SHA-1:
07ff6a44775a3ec2d2dcfe0beb30c1d75ac14feb

SHA-256:
3e1505fc290c0868166f69258b96f3d836f0f266f57e0058fd93417b64317bdb

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/6/2024 1:57:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.W
5714246

Avira AntiVirus
PUA/Somoto.weianob
8.3.1.6

Arcabit
Application.Bundler.Somoto.W
1.0.0.425

avast!
Somoto-Q [PUP]
150602-1

Bitdefender
Application.Bundler.Somoto.W
1.0.20.800

Clam AntiVirus
Win.Adware.Somoto
0.98/20553

Comodo Security
Application.Win32.Somoto.CK
22386

Dr.Web
Trojan.Packed.27732
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Somoto.W
10.0.0.5366

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Prot
W32/SomotoBetterInstaller.B.
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2015-09-06_3

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Somoto.A
v2015.06.09.12

McAfee
Program.Somoto-BetterInstaller
17.6.569.0

MicroWorld eScan
Application.Bundler.Somoto.W
16.0.0.480

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.30.24.1636

nProtect
Trojan-Clicker/W32.Agent.229352
15.06.08.01

Quick Heal
Adware.NSIS.BetterInstaller.A
6.15.14.00

VIPRE Antivirus
Trojan.Win32.Generic
40954

File size:
224 KB (229,352 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\potload_downloader-i3zanowrm.exe

File PE Metadata
Compilation timestamp:
12/17/2010 9:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:mA0m3D0odv9JdtF+Sp7CeY2D+K7W/giavn7yy2sOae/c:mA0iD0oxvdtSJKyIiW6rLc

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7430  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file potload_downloader-i3zanowrm.exe has been seen being distributed by the following URL.

Remove potload_downloader-i3zanowrm.exe - Powered by Reason Core Security