softonicassistant.exe

Softonic International SA

The application softonicassistant.exe by Softonic International SA has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SoftonicAssistant’. This file is typically installed with the program Softonic Assistant by Softonic International S.L..
Publisher:
Softonic International SA  (signed and verified)

Version:
0.2.3.0

MD5:
4775fb88a992612c926e1b438699bbb2

SHA-1:
e803a0a587a4bf353cb999c78872ea4f12f3b7b5

SHA-256:
5a6f39366e7f8068b7ae86a4fc728524ae4bcd1480d1f0d69e96d7a6e5bb882a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 3:34:16 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.11772
9.0.1.05190

Reason Heuristics
PUP.Softonic.Bundle (L)
16.2.25.18

File size:
1.8 MB (1,846,216 bytes)

Product version:
0.2.3.0

Copyright:
Copyright (C) 2014

Original file name:
Softonic.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\softonicassistant\softonicassistant.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/14/2014 5:00:00 AM

Valid to:
10/15/2015 4:59:59 AM

Subject:
CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D29D6E70680A46F4373C81F530344D9

File PE Metadata
Compilation timestamp:
2/18/2016 3:55:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:suQd6gms27BRkvDozirksnfdzwOML7h3V7xgXHe2MfW//FdH0IHtpbhlU/wu:suQd6gms2YLBER/e+2MfW1J0Ytpbbswu

Entry address:
0x10B9CF

Entry point:
E8, 8D, F9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 09, FA, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 17, 22, 00, 00, 85, C0, 74, 0A, E8, 0E, 22, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 54, C8, 59, 00, 00, 74, 05, E9, 32, FA, 00, 00, 57, 8B, F9...
 
[+]

Entropy:
6.7201

Code size:
1.3 MB (1,319,424 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SoftonicAssistant

Command:
"C:\users\{user}\appdata\local\softonicassistant\softonicassistant.exe"


The file softonicassistant.exe has been discovered within the following programs.

Softonic Assistant  by Softonic International S.L.
47% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s3-eu-west-1.amazonaws.com  (54.231.134.51:443)

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (52.216.17.187:443)

TCP (HTTP):
Connects to static-ip-188-138-17-135.inaddr.ip-pool.com  (188.138.17.135:80)

TCP (HTTP):
Connects to cache.google.com  (212.0.195.90:80)

TCP (HTTP):
Connects to c937e974.virtua.com.br  (201.55.233.116:80)

TCP (HTTP):
Connects to 88.255.178.107.bc.googleusercontent.com  (107.178.255.88:80)

TCP (HTTP):
Connects to 209-88-193-135.barak.net.il  (209.88.193.135:80)

Remove softonicassistant.exe - Powered by Reason Core Security