» filedownloaded20successfully_downloader-n3c6sfnn6.exe
Overview
Analysis
File Details

filedownloaded20successfully_downloader-n3c6sfnn6.exe

The application filedownloaded20successfully_downloader-n3c6sfnn6.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.

File name:

Version:

1.0.0.1

MD5:

97598479b3725727eb06787f03fba9ca

SHA-1:

76190e2d961746c0cc12f683a06f54341fc9cec3

SHA-256:

578e48a4a82bd93dc496601a6153adcfebc3efae171494ae4306ad040bb1272c

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/23/2024 11:24:40 AM UTC (today)

Scan engine

Detection

Engine version

AVG

AdLoad.R

2016.0.3001

Baidu Antivirus

Adware.Win32.Somoto

4.0.3.15830

Bkav FE

HW32.Packed

1.3.0.6379

Clam AntiVirus

Win.Adware.Somoto

0.98/21511

Dr.Web

Adware.Somoto.128

9.0.1.0242

ESET NOD32

Win32/Somoto.G potentially unwanted

9.11293

K7 AntiVirus

Trojan

13.200.15209

Quick Heal

Adware.NSIS.BetterInstaller.A

8.15.14.00

Trend Micro House Call

TROJ_GEN.R047C0OBP15

7.2.242

Trend Micro

TROJ_GEN.R047C0OBP15

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

38268

File size:

401.8 KB (411,427 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\filedownloaded20successfully_downloader-n3c6sfnn6.exe

File PE Metadata

Compilation timestamp:

12/17/2010 4:44:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

12288:pA0i50GNcgIIQn6G6hBvcpdkPMlokmYnlhqaP6:pAfyGWB6G6bcpW0okmml8

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83... 
[+]

Code size:

28.5 KB (29,184 bytes)

Remove filedownloaded20successfully_downloader-n3c6sfnn6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.