home

00000003

Somoto Limited

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file 00000003 by Somoto Limited has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.
Publisher:
Somoto Limited  (signed and verified)

MD5:
a7ddbea19cc500a87cb6a8544fb44691

SHA-1:
5b2af02c0a08fed1affde46e3933bece3e8d0792

SHA-256:
258c68f7789307b3a32eff95a7f2e90309692cdca7b4e73561bdf7d30281bc1a

Scanner detections:
14 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/23/2024 7:33:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
867

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1315

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Comodo Security
Application.Win32.Somoto.CK
18610

Dr.Web
Trojan.Packed.27732
9.0.1.0263

Emsisoft Anti-Malware
Application.Bundler.Somoto
8.14.09.20.08

ESET NOD32
Win32/Somoto
8.9976

F-Secure
Application.Bundler.Somoto.J
11.2014-20-09_7

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3221

Malwarebytes
PUP.Optional.Somoto.A
v2014.09.20.08

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.789

Reason Heuristics
PUP.SomotoLimited.I
14.9.20.20

Sophos
Generic PUA FL
4.98

Trend Micro House Call
Suspicious_GEN.F47V0620
7.2.263

File size:
224 KB (229,336 bytes)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\file system\012\t\00\00000003

Digital Signature
Signed by:
Somoto Limited

Authority:
DigiCert Inc

Valid from:
11/11/2013 12:00:00 AM

Valid to:
11/16/2015 12:00:00 PM

Subject:
CN=Somoto Limited, O=Somoto Limited, L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05805984E5838EE41CFD82C4057379F9

File PE Metadata
Compilation timestamp:
12/17/2010 9:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:2A0m3D0o2Eld0Vx1JeB54b2dvdT2uZ6mi/:2A0iD0o2VBovh2ucmi/

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7426  (probably packed)

Code size:
28.5 KB (29,184 bytes)

Remove 00000003 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.