home

diploma_downloader-ibwaslq9u.exe

Mocal

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application diploma_downloader-ibwaslq9u.exe by Mocal has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Mocal  (signed and verified)

MD5:
693bdebc2cf4310f09e0fab9be0804a9

SHA-1:
52778e604785fbbe7b69e344cc5de0e1505f4fd1

SHA-256:
956be956ab24be2aec1c3d1a17d62e4bdd29b29dc9fdd2495dc8fd1e40b9739d

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/18/2024 2:46:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
916

Avira AntiVirus
APPL/Somoto.Gen
7.11.165.4

AVG
Generic
2015.0.3394

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1070

Clam AntiVirus
Win.Adware.Somoto
0.98/19168

Emsisoft Anti-Malware
Application.Bundler.Somoto
8.14.08.02.12

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.Somoto.J
11.2014-02-08_7

IKARUS anti.virus
PUA.Downloader.Somoto
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

McAfee
Somoto-BetterInstaller
5600.7050

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.642

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.61148

Reason Heuristics
PUP.Mocal.CC
14.8.10.11

Sophos
Somoto BetterInstaller
4.98

SUPERAntiSpyware
PUP.Somoto/Variant
10446

VIPRE Antivirus
Threat.4150696
31208

File size:
222.3 KB (227,672 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Common path:
C:\users\{user}\downloads\diploma_downloader-ibwaslq9u.exe

Digital Signature
Signed by:
Mocal

Authority:
COMODO CA Limited

Valid from:
6/10/2014 2:00:00 AM

Valid to:
6/11/2015 1:59:59 AM

Subject:
CN=Mocal, O=Mocal, STREET=Bendstr. 18, L=Aachen, S=NRW, PostalCode=52066, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0765B6A8C03E3F98B22046A6D2373518

File PE Metadata
Compilation timestamp:
12/17/2010 10:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:u22ihA0m3BJX0oZHf2yjGcZco+37t3Ob0RD2a4tKmrLal7cZGvW0O2FQHntiMyND:hA0m3D0ot7GpJ3J3BKM5cZh1CNbUI

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

The file diploma_downloader-ibwaslq9u.exe has been seen being distributed by the following URL.

http://www.schriftarten-fonts.de/.../Diploma_downloader-IbwAslQ9u.exe

Remove diploma_downloader-ibwaslq9u.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.