home

etypesetup.exe

eType

DSNR

The application etypesetup.exe, “Powered by BetterInstaller” by DSNR has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
DSNR  (signed and verified)

Product:
eType

Description:
Powered by BetterInstaller

Version:
1.2.0.0

MD5:
eb7592ed8f364f48dd43b6cc21462f09

SHA-1:
4bcd02452fe2d7768ec7044760ea63a220e8c28b

SHA-256:
72ca80b33d8d42a561b6f0bf4824687a5a6dae4e2776d2e6518f4823b1129e54

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 8:11:39 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Somoto
7.1.1

Avira AntiVirus
APPL/Somoto.Gen2
7.11.180.122

avast!
Somoto-B [PUP]
141003-0

AVG
DSNR
2015.0.3314

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.141022

Dr.Web
Adware.Somoto.8
9.0.1.05190

ESET NOD32
Win32/Somoto.A potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Somoto
10/22/2014

F-Prot
W32/SomotoBetterInstaller.A
4.6.5.141

G Data
Win32.Application.Somoto
14.10.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.184.13741

Kaspersky
not-a-virus:AdWare.Win32.BetterInternet
15.0.0.494

Malwarebytes
PUP.Optional.Somoto
v2014.10.22.06

McAfee
Artemis!D79B88BAB323
5600.6970

NANO AntiVirus
Riskware.Win32.BetterInternet.dajrhs
0.28.2.62841

Norman
Sality.A[gs]
11.20141022

Reason Heuristics
PUP.Installer.DSNR.K
14.10.22.6

Sophos
Somoto BetterInstaller
4.98

VIPRE Antivirus
Threat.4783461
33706

Zillya! Antivirus
Adware.BetterInternet.Win32.1230
2.0.0.1962

File size:
137.7 KB (140,968 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\etypesetup.exe

Digital Signature
Signed by:
DSNR

Authority:
VeriSign, Inc.

Valid from:
4/16/2012 5:00:00 AM

Valid to:
4/13/2013 4:59:59 AM

Subject:
CN=DSNR, OU=DSNR labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DSNR, L=Raanana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D1A5C63FA2465BBB324D0AE2902288A

File PE Metadata
Compilation timestamp:
12/6/2009 3:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:dQIURTXJW8LNKHP2DQLQL9Vd1K2idsrzs:dsU8BKHtL8SCI

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.6823

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove etypesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.