home

aimfix_downloader-i3z1ruztu.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application aimfix_downloader-i3z1ruztu.exe by Somoto has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
92a072bf101b967161e8aa336caf6d4d

SHA-1:
5423605780402e3110c81b2c584b2dbba2015f24

SHA-256:
e0d565ccc68230cbe16dab50c03b65779c4700f87d1e6553a83dd7decc08e709

Scanner detections:
19 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/19/2024 6:33:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
870

Avira AntiVirus
APPL/Somoto.Gen2
7.11.173.4

AVG
Generic
2015.0.3348

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.14917

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1300

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Comodo Security
Application.Win32.Somoto.CK
19544

Emsisoft Anti-Malware
Application.Bundler.Somoto
14.09.17

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.Somoto.J
11.2014-17-09_4

K7 AntiVirus
Adware
13.183.13407

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.780

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.62151

nProtect
Trojan-Clicker/W32.Agent.225264
14.09.17.01

Panda Antivirus
PUP/MultiToolbar.A
14.09.17.02

Reason Heuristics
PUP.Somoto.BB
14.9.17.11

SUPERAntiSpyware
PUP.Somoto/Variant
10354

VIPRE Antivirus
Threat.4150696
33120

File size:
220 KB (225,264 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\downloads\aimfix_downloader-i3z1ruztu.exe

Digital Signature
Signed by:
Somoto Ltd.

Authority:
Thawte, Inc.

Valid from:
7/2/2014 2:00:00 AM

Valid to:
7/3/2015 1:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 10:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:qA0m3D0or7DfevlcDOgofJzDh7z5BRqE4B:qA0iD0or/fevlcigoRzVdiBB

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

The file aimfix_downloader-i3z1ruztu.exe has been seen being distributed by the following 3 URLs.

http://fsoft4down.com/.../FLVPlayer_downloader-N4HYWtyzX.exe

http://fsoft4down.com/.../FLVPlayer_downloader-N0etnTPVb.exe

http://www.download.net.pl/.../AIMFix_downloader-I3z1RUZTU.exe

Remove aimfix_downloader-i3z1ruztu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.