home

freemahjonggamessetup-nfz5w8eof.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application freemahjonggamessetup-nfz5w8eof.exe by Somoto has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Somoto Ltd.  (signed and verified)

MD5:
ee19d80a4f9f018a477952f5a4ba1ed1

SHA-1:
6df7deade05c07cfcb1b958f4582079b00e3ac4c

SHA-256:
c6954ff2ec709ca49e0ce9dddc091f68ce76e2e7661b934e48c6f9442523485a

Scanner detections:
23 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 10:58:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
873

Avira AntiVirus
APPL/Somoto.Gen2
7.11.172.30

AVG
Generic
2015.0.3351

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.14915

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1290

Clam AntiVirus
Win.Adware.Somoto
0.98/19367

Comodo Security
Application.Win32.Somoto.CK
19518

Emsisoft Anti-Malware
Application.Bundler.Somoto
14.09.15

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.Somoto.J
11.2014-15-09_2

IKARUS anti.virus
PUA.Somoto
t3scan.1.7.8.0

K7 AntiVirus
Adware
13.183.13379

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

McAfee
Artemis!EE19D80A4F9F
5600.7007

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.774

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.61942

nProtect
Trojan-Clicker/W32.Agent.225280.AZ
14.09.15.01

Panda Antivirus
PUP/MultiToolbar.A
14.09.15.10

Qihoo 360 Security
Win32/Application.6bb
1.0.0.1015

Reason Heuristics
PUP.Installer.Somoto.FF
14.9.15.9

Sophos
Generic PUA GN
4.98

SUPERAntiSpyware
PUP.Somoto/Variant
10358

VIPRE Antivirus
Threat.4150696
32938

File size:
220 KB (225,280 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Digital Signature
Signed by:
Somoto Ltd.

Authority:
Thawte, Inc.

Valid from:
7/2/2014 2:00:00 AM

Valid to:
7/3/2015 1:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A0C39D0252522A9C448352858ACAACB

File PE Metadata
Compilation timestamp:
12/17/2010 10:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:aA0m3D0oVZsqcMtuEDz+RvRG8YEntE6C0x98:aA0iD0oVTcSuYCXlYktC0I

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

The file freemahjonggamessetup-nfz5w8eof.exe has been seen being distributed by the following 3 URLs.

http://fileplenty.com/.../RoadRash2002Game_downloader-NfuSLIe5F.exe

http://fileandmore.com/.../FLVPlayerSetup-NaoOXwyuL.exe

http://fileandmore.com/.../FreeMahjongGamesSetup-Nfz5w8EoF.exe

Remove freemahjonggamessetup-nfz5w8eof.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.