updatecheckersetup.exe

FilesFrog Update Checker

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application updatecheckersetup.exe by Somoto has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.
Publisher:
Somoto Ltd.  (signed and verified)

Product:
FilesFrog Update Checker

Version:
4.3.0.1

MD5:
83087f025194693dff3a0f22e6a4ae96

SHA-1:
fb57d4eacb3375ce4d5ae91eb2a69f00004e3f31

SHA-256:
c657ab90d55f3c3623c98eabaacc0d9fe6eacb43819dd24eb80a3b9900d97128

Scanner detections:
15 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/12/2024 7:11:20 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Somoto.itz
7.11.108.198

avast!
Win32:Somoto-J [PUP]
2014.9-130804

AVG
Skodna.Generic_c
2014.0.3615

Bkav FE
W32.Clod9b1.Trojan
1.3.0.4613

Boost by Reason
Optional.Somoto.S
188838

Comodo Security
ApplicUnsaf.Win32.FileFrog.w
17415

Dr.Web
Adware.Somoto.16
9.0.1.0329

ESET NOD32
Win32/Somoto
7.9153

Malwarebytes
PUP.Optional.Somoto.A
v2013.11.25.09

NANO AntiVirus
Trojan.Win32.Somoto.cqxbee
0.28.0.57029

Reason Heuristics
PUP.Installer.Somoto.S
14.8.7.17

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10436

Trend Micro House Call
ADW_SOMOTO
7.2.358

Trend Micro
ADW_SOMOTO
10.465.24

XVirus List
Win.Detected
2.3.31

File size:
191.8 KB (196,376 bytes)

Product version:
4.3.0.1

Copyright:
Somoto Ltd.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\updatecheckersetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/19/2011 5:00:00 PM

Valid to:
9/19/2014 4:59:59 PM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., STREET=PO Box 58096, L=Tel Aviv, S=--, PostalCode=61580, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00841D099D16B738F34172FEEFE1D2574F

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:OQIURTXJL8fmFYt7lNJ5QylLniTkItYblN5D1qJEzGFnYZFh7E2V0K8hqiO5PBA:Os18fllr5vlCkIOBnD1WEy9qFv0RUa

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7719

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file updatecheckersetup.exe has been seen being distributed by the following URL.

Remove updatecheckersetup.exe - Powered by Reason Core Security