home

update_checker.exe

FilesFrog.com Update Checker

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application update_checker.exe by Somoto has been detected as adware by 13 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SDP’. This file is typically installed with the program FilesFrog Update Checker by Somoto Ltd. which is a potentially unwanted software program.
Publisher:
Somoto  (signed by Somoto Ltd.)

Product:
FilesFrog.com Update Checker

Version:
4, 3, 0, 0

MD5:
cbb55c7bed11fe4f995159bca9904a29

SHA-1:
e3f8b8fe0bbc22cbb743c688ed79e0bf73fccfe5

SHA-256:
1292bfc8c0cfc3ac2779d9a9a1dc43bba674bfcb2cd6a2ff332a7471bf11a2c2

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/27/2024 5:24:35 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Somoto.itz
7.11.107.78

avast!
Win32:Somoto-J [PUP]
2014.9-131120

AVG
Skodna.Generic_c
2014.0.3628

Bkav FE
W32.Clod74d.Trojan
1.3.0.4613

Boost by Reason
Optional.Startup.Somoto.O
188838

Dr.Web
Adware.Somoto.18
9.0.1.0358

ESET NOD32
Win32/Somoto (variant)
7.9160

Malwarebytes
PUP.Optional.FilesFrog.A
v2013.12.24.12

NANO AntiVirus
Trojan.Win32.Somoto.cqxbee
0.28.0.57029

Reason Heuristics
PUP.Startup.Somoto.O
14.8.7.17

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10436

Trend Micro House Call
TROJ_GEN.F47V1017
7.2.324

Trend Micro
ADW_TOMOS
10.465.12

File size:
204.1 KB (208,952 bytes)

Product version:
4.4.0

Copyright:
2012

Trademarks:
Somoto Ltd.

Original file name:
update_checker.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\filesfrog update checker\update_checker.exe

Digital Signature
Signed by:
Somoto Ltd.

Authority:
COMODO CA Limited

Valid from:
9/19/2011 5:00:00 PM

Valid to:
9/19/2014 4:59:59 PM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., STREET=PO Box 58096, L=Tel Aviv, S=--, PostalCode=61580, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00841D099D16B738F34172FEEFE1D2574F

File PE Metadata
Compilation timestamp:
10/15/2013 12:49:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:0ZYfYfc9tuswPQmHWgNr7mJfzKIsMdyjzSHZDDB6m+4HqVvQOhHFWUrJ9Z:0sYfcDKQUB7mROMjxlHqVoORB

Entry address:
0x126C2

Entry point:
E8, AA, 80, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 64, 16, 43, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 53, 0D, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 44, 28, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0...
 
[+]

Entropy:
6.5546

Code size:
136 KB (139,264 bytes)

Scheduled Task
Task name:
SomotoUpdateCheckerAutoStart

Trigger:
Logon (Runs on logon)

Action:
update_checker.exe \auto


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SDP

Command:
C:\Documents and Settings\{user}\Application data\filesfrog update checker\update_checker.exe \auto


The file update_checker.exe has been discovered within the following program.

FilesFrog Update Checker  by Somoto Ltd.
FilesFrog Update Checker a software updater program which runs in the background of Windows and automatically starts up when your PC boots.
www.filesfrog.com
86% remove it
 
Powered by Should I Remove It?

Remove update_checker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.