home

filedownloaded20successfully_downloader-n7rx25ahe.exe.zip

The file filedownloaded20successfully_downloader-n7rx25ahe.exe.zip has been detected as a potentially unwanted program by 21 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from sub.yorkshatb.com.
MD5:
fcba150332a8cc8e32b2bf06e6d1bcd4

SHA-1:
0f4f980a522f32ee83df2bd4007eac2d0ae90e84

SHA-256:
11278442b855bd4281caed7045e8b32330b8abbe4e7bb4db1a672914cdc5c803

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
4/19/2024 12:12:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.AH
5805642

Arcabit
Application.Bundler.Somoto.AH
1.0.0.425

avast!
NSIS:Adware-ZI [PUP]
2014.9-150902

AVG
Downloader
2016.0.2999

Bitdefender
Application.Bundler.Somoto.AH
1.0.20.1225

Clam AntiVirus
Win.Adware.Somoto
0.98/20865

Emsisoft Anti-Malware
Application.Bundler.Somoto.AH
10.0.0.5366

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Prot
W32/SomotoBetterInstaller.F.
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2015-02-09_4

K7 AntiVirus
Trojan
13.2017086

Kaspersky
not-a-virus:HEUR:Downloader.NSIS.Somoto
14.0.0.1488

McAfee
Trojan.Artemis!D620970CF34F
18.0.204.0

MicroWorld eScan
Application.Bundler.Somoto.AH
16.0.0.735

NANO AntiVirus
Trojan.Win32.Agent.dtledk
0.30.24.3283

Panda Antivirus
Trj/CI.A
15.09.02.11

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Sophos
Generic PUA CO (PUA)
4.98

Trend Micro House Call
TROJ_GE.D65EBAC1
7.2.245

Trend Micro
TROJ_GE.D65EBAC1
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
43380

File size:
376.4 KB (385,450 bytes)

Common path:
C:\users\{user}\downloads\filedownloaded20successfully_downloader-n7rx25ahe.exe.zip

The file filedownloaded20successfully_downloader-n7rx25ahe.exe.zip has been seen being distributed by the following URL.

http://sub.yorkshatb.com/N7rx25AhE6fd35525d24699709785b31f4869ae905KdmFeLNZTzYToyOntzOjI6InRzIjtpOjE0Mzg4NjM2NTQ7czoxOiJmIjtzOjcyOiIvaG9tZS93d3cvYXNzZXRzL2JldHRlcl9pbnN0YWxsZXIvaW5zdGFsbGVycy9jbGkvc2V0dXBfMTQzODc5Nzc0MDUxNC5leGUiO30=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.