etypesetup.exe

Better Installer

DSNR

The application etypesetup.exe by DSNR has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent. The file has been seen being downloaded from newversion.etype.com.
Publisher:
Somoto Ltd.  (signed by DSNR)

Product:
Better Installer

Version:
1.0

MD5:
ee13a94f2b410bb6d2e7e933ef77887c

SHA-1:
29fefb03e803e6430d7d0eaa47324a3691ca13f8

SHA-256:
f1668b0851ca074893ff8fa2924910269fcfcfc3cbbd627f6b67acfbb748cdaa

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
11/20/2017 11:38:22 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
APPL/Somoto.Gen2
7.11.127.60

Bkav FE
W32.Clodf50.Trojan
1.3.0.4923

Dr.Web
Adware.Somoto.3
9.0.1.0100

ESET NOD32
Win32/Somoto (variant)
8.9339

K7 AntiVirus
Unwanted-Program
13.175.10963

K7 Gateway Antivirus
Unwanted-Program
13.175.10963

Malwarebytes
PUP.Optional.Somoto.A
v2014.04.10.02

Reason Heuristics
PUP.Installer.DSNR.K
14.4.10.14

Sophos
Somoto BetterInstaller
4.97

File size:
122.5 KB (125,408 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\etypesetup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/11/2011 2:00:00 AM

Valid to:
4/13/2012 2:59:59 AM

Subject:
CN=DSNR, OU=DSNR labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DSNR, L=Raanana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7ABEF8DB40CF3009880C8181B134DEDC

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:ZQIURTXJo9P1DVZbIIqdZ5qI/Sma5xH73gdxS7rJWM4:Zs29P1DPb14qI/na5B7uUI

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7450

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file etypesetup.exe has been seen being distributed by the following URL.

Remove etypesetup.exe - Powered by Reason Core Security