home

00000000

Mocal

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file 00000000 by Mocal has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Mocal  (signed and verified)

Version:
1.0.0.1

MD5:
c2adbac0cdf2f89d62cdea0bf8bc8a31

SHA-1:
19d368106c282a58032907737b2de92a5fbee3c2

SHA-256:
6ad6d4d26bee160326087519a59a21300cad2bddba98825ba12954192bc4cc65

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 2:19:35 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-151029

AVG
AdLoad.R
2016.0.2941

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.151029

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Somoto.128
9.0.1.0302

ESET NOD32
Win32/Somoto.G potentially unwanted
9.11581

K7 AntiVirus
Unwanted-Program
13.203.15813

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.1200

McAfee
Artemis!C2ADBAC0CDF2
5600.6597

NANO AntiVirus
Riskware.Nsis.Adware.dpwuzb
0.30.24.1357

Panda Antivirus
Generic Suspicious
15.10.29.09

Qihoo 360 Security
Win32/Virus.Downloader.ffa
1.0.0.1015

Quick Heal
Adware.NSIS.BetterInstaller.A
10.15.14.00

Reason Heuristics
PUP.Somoto.Mocal.Bundler (M)
15.10.29.21

Sophos
Somoto BetterInstaller
4.98

Trend Micro House Call
TROJ_GEN.R00UC0OBI15
7.2.302

Trend Micro
TROJ_GEN.R00UC0OBI15
10.465.29

VIPRE Antivirus
Trojan.Win32.Generic
39970

File size:
422.1 KB (432,280 bytes)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\file system\003\t\00\00000000

Digital Signature
Signed by:
Mocal

Authority:
COMODO CA Limited

Valid from:
6/10/2014 2:00:00 AM

Valid to:
6/11/2015 1:59:59 AM

Subject:
CN=Mocal, O=Mocal, STREET=Bendstr. 18, L=Aachen, S=NRW, PostalCode=52066, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0765B6A8C03E3F98B22046A6D2373518

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:5sxFwrIyd58Uff8kWrcBisnAxctBytfapmwuzBaKLZdbB7VwgAT7SLEkciZLdHwi:IFIIybtdPBtJtBOfNFa4nxVRAi5ZBZ

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 00000000 has been seen being distributed by the following 3 URLs.

http://www.schriftarten-fonts.de/.../Mutlu_downloader-Q7iuRV3F3.exe

http://www.policedecriture.com/.../BeautifulES_downloader-QcXigtE6B.exe

http://www.schriftarten-fonts.de/.../HelenaScriptES_downloader-Q0AUIemdT.exe

Remove 00000000 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.