» biclient.exe
Overview
Analysis
File Details
Network (48)

biclient.exe

Better Installer

Somoto Ltd.

This is part of the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application biclient.exe, “Better Installer Host” has been detected as adware by 19 anti-malware scanners. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.

File name:

biclient.exe

Publisher:

Somoto Ltd.

Product:

Better Installer

Description:

Better Installer Host

Version:

2.0.0.0

MD5:

c66293ccd7cbe84b1b8f393ca5e4e6d7

SHA-1:

c24089d407e6280b79bec86532e9de0118e4de71

SHA-256:

ffbae29e2f233767fd42909720497165ce3552427ef93efb2fc714fb4204755f

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:

4/19/2024 12:48:26 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Somoto.Gen2

7.11.121.112

avast!

Win32:Somoto-F [PUP]

2014.9-130803

Bkav FE

W32.Clod3e8.Trojan

1.3.0.4613

Boost by Reason

Optional.Somoto.I

188163

Comodo Security

Application.Win32.Somoto.d

17558

Dr.Web

Adware.Downware.1184

9.0.1.0215

ESET NOD32

Win32/Somoto

7.9190

Fortinet FortiGate

Adware/Somoto

8/3/2013

F-Prot

W32/SomotoBetterInstaller.A

v6.4.7.1.166

G Data

Win32.Application.Somoto

14.4.22

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.4045

Malwarebytes

PUP.Optional.Somoto.A

v2013.11.25.05

McAfee

Artemis!92C732231B79

5600.7166

NANO AntiVirus

Trojan.Win32.Agent.cruvhh

0.28.0.57029

Reason Heuristics

PUP.Installer.Somoto.I

14.3.1.0

Sophos

Somoto BetterInstaller

4.91

Vba32 AntiVirus

Downloader.Agent

3.12.24.3

virobot

JS.A.Iframe.224256

13.08.03

File size:

219 KB (224,256 bytes)

Product version:

2.0.0.0

Original file name:

BetterInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\biclient.exe

File PE Metadata

Compilation timestamp:

10/29/2012 5:47:13 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:bn9mtkIrxidB8D+WS6nj+fgOclZDeVxn/pkcgVLbQJR+6QWZb54vVsSIVT6:aXxK2jmXcEVVvgVLbQbZWc

Entry address:

0x17F41

Entry point:

E8, 37, 6C, 00, 00, E9, 79, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B... 
[+]

Entropy:

6.3123

Code size:

136.5 KB (139,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-159-198.sin3.r.cloudfront.net (54.192.159.198:80)

TCP (HTTP):

Connects to server-54-192-159-130.sin3.r.cloudfront.net (54.192.159.130:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.72.235:80)

TCP (HTTP):

Connects to static-ip-188-138-5-102.inaddr.ip-pool.com (188.138.5.102:80)

TCP (HTTP):

Connects to server-54-192-159-203.sin3.r.cloudfront.net (54.192.159.203:80)

TCP (HTTP):

Connects to server-54-192-159-163.sin3.r.cloudfront.net (54.192.159.163:80)

TCP (HTTP):

Connects to server-54-192-159-14.sin3.r.cloudfront.net (54.192.159.14:80)

TCP (HTTP):

Connects to server-54-230-157-38.sin3.r.cloudfront.net (54.230.157.38:80)

TCP (HTTP):

Connects to server-54-230-157-35.sin3.r.cloudfront.net (54.230.157.35:80)

TCP (HTTP):

Connects to server-54-192-59-129.gru1.r.cloudfront.net (54.192.59.129:80)

TCP (HTTP):

Connects to server-54-192-159-48.sin3.r.cloudfront.net (54.192.159.48:80)

TCP (HTTP):

Connects to server-54-192-159-188.sin3.r.cloudfront.net (54.192.159.188:80)

TCP (HTTP):

Connects to server-54-192-159-148.sin3.r.cloudfront.net (54.192.159.148:80)

TCP (HTTP):

Connects to server-52-85-173-124.fra6.r.cloudfront.net (52.85.173.124:80)

TCP (HTTP):

Connects to server-52-85-173-108.fra6.r.cloudfront.net (52.85.173.108:80)

TCP (HTTP):

Connects to server-52-84-177-66.gru50.r.cloudfront.net (52.84.177.66:80)

TCP (HTTP):

Connects to server-54-230-202-185.fra50.r.cloudfront.net (54.230.202.185:80)

TCP (HTTP):

Connects to server-54-230-191-229.maa3.r.cloudfront.net (54.230.191.229:80)

TCP (HTTP):

Connects to server-54-230-191-21.maa3.r.cloudfront.net (54.230.191.21:80)

TCP (HTTP):

Connects to server-54-230-191-109.maa3.r.cloudfront.net (54.230.191.109:80)

Remove biclient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.