home

ais149013_downloader-idjaz1ese.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application ais149013_downloader-idjaz1ese.exe by Somoto has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
cf9198949f5dd7ac0164bc7e2de7428b

SHA-1:
d88e81465d60cf4fe6d96cc50b554513c2a247bc

SHA-256:
c43fb7af601ca4c3191fd46fd505be411a641c7d9ca4643ee882b04fc99f70c6

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 10:10:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.W
5570222

AhnLab V3 Security
Win-PUP/Somoto
2015.05.28

Avira AntiVirus
PUA/Somoto.Gen
8.3.1.6

avast!
Somoto-R [PUP]
150525-2

AVG
Generic
2016.0.3096

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.15528

Bitdefender
Application.Bundler.Somoto.W
1.0.20.740

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Somoto
0.98/21511

Comodo Security
Application.Win32.Somoto.CK
22250

Dr.Web
Adware.Somoto.132, Trojan.Packed.28357
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Somoto.W
10.0.0.5366

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Prot
W32/SomotoBetterInstaller.B.
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2015-28-05_5

K7 AntiVirus
Unwanted-Program
13.204.16053

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

MicroWorld eScan
Application.Bundler.Somoto.W
16.0.0.444

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.30.24.1636

nProtect
Trojan-Clicker/W32.Agent.228032
15.05.27.01

Panda Antivirus
PUP/MultiToolbar.A
15.05.28.05

Quick Heal
Adware.NSIS.BetterInstaller.A
5.15.14.00

Reason Heuristics
PUP.Somoto.Bundler
15.5.28.1

Sophos
PUA 'Somoto BetterInstaller'
5.14

SUPERAntiSpyware
PUP.Somoto/Variant
9849

Trend Micro House Call
ADW_TOMOS.SMN
7.2.148

Trend Micro
ADW_TOMOS.SMN
10.465.28

VIPRE Antivirus
Threat.4150696
40552

File size:
222.7 KB (228,032 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Digital Signature
Signed by:
Somoto Ltd.

Authority:
Thawte, Inc.

Valid from:
7/2/2014 7:00:00 AM

Valid to:
7/3/2015 6:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 4:14:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:EA0m3D0oxvkgtHijOLpblWxMtD3+ykMNlf8K+OsjQt5M7:EA0iD0ofHmOL/DgMwK+OgQXM7

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7546  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file ais149013_downloader-idjaz1ese.exe has been seen being distributed by the following URL.

http://www.solidfiles.com/.../AIS149013_downloader-IdJaz1Ese.exe

Remove ais149013_downloader-idjaz1ese.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.