wadmanager1_downloader-i4mo7nruk.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application wadmanager1_downloader-i4mo7nruk.exe by Somoto has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
0b5650b9885bdb55900c7c4b41d5c11e

SHA-1:
8dfa6b3ea270e6da3908580c1b88f19ec4bb61f1

SHA-256:
18a37c7b77b1afa0f28ae59d122c3c5b8dafaa378e11157b3c91e6739292e14c

Scanner detections:
24 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/28/2024 12:51:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
467

AhnLab V3 Security
Win-PUP/Somoto
2014.09.23

Avira AntiVirus
APPL/Somoto.Gen2
7.11.173.218

AVG
Generic
2016.0.2945

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.151026

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1495

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Comodo Security
Application.Win32.Somoto.CK
19585

Dr.Web
Trojan.Packed.28357
9.0.1.0299

Emsisoft Anti-Malware
Application.Bundler.Somoto
8.15.10.26.01

ESET NOD32
Win32/Somoto
9.10448

F-Secure
Application.Bundler.Somoto.J
11.2015-26-10_2

K7 AntiVirus
Unwanted-Program
13.183.13451

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1220

MicroWorld eScan
Application.Bundler.Somoto.J
16.0.0.897

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.62286

nProtect
Trojan-Clicker/W32.Agent.225248
14.09.22.01

Panda Antivirus
Trj/Chgt.G
15.10.26.01

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Somoto.Bundler (M)
15.10.26.1

Sophos
Generic PUA IN
4.98

SUPERAntiSpyware
PUP.Somoto/Variant
9547

Trend Micro House Call
TROJ_GEN.F0C2H00IK14
7.2.299

VIPRE Antivirus
Trojan.Win32.Generic
33346

File size:
220 KB (225,248 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\downloads\wadmanager1_downloader-i4mo7nruk.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/2/2014 1:00:00 AM

Valid to:
7/3/2015 12:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 9:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:522ihA0m3BJX0oZNQwPbFeGaBlyXqYti5VNVfmC5B9OD7Nfosf3BD:6A0m3D0oNbFpaLXYQ5Vru0BC7xZf3BD

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7516  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file wadmanager1_downloader-i4mo7nruk.exe has been seen being distributed by the following URL.

Remove wadmanager1_downloader-i4mo7nruk.exe - Powered by Reason Core Security