home

freemediaplayersetup-9a1fhvq.exe

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application freemediaplayersetup-9a1fhvq.exe, “Powered by BetterInstaller” by Somoto has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.  (signed and verified)

Description:
Powered by BetterInstaller

Version:
2.1.0.0

MD5:
d6fb2ded901af39f817fdb90262e5a44

SHA-1:
8c84433bf8d302bbfb372040d511140ba8f56330

SHA-256:
a0aea208a56f80ed3e43c45d20f895bc70f12122442c0ede8fa39a16cf21b3e1

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/10/2024 6:17:20 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Somoto-F [PUP]
2014.9-140722

AVG
BTInternet.G
2015.0.3405

Clam AntiVirus
Adware.Somoto-1
0.98/18155

Dr.Web
Adware.Somoto.8
9.0.1.0203

ESET NOD32
Win32/Somoto
8.8713

F-Prot
W32/SomotoBetterInstaller.A
v6.4.7.1.166

Malwarebytes
PUP.Optional.Somoto
v2014.07.22.02

nProtect
Adware/W32.BT.167544
13.08.22.01

Reason Heuristics
PUP.BetterInstaller.Somoto.CC
14.8.7.17

Sophos
Somoto BetterInstaller
4.91

VIPRE Antivirus
BetterInstaller
20758

File size:
163.6 KB (167,544 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Language:
Neovisno o jeziku

Common path:
C:\users\{user}\downloads\freemediaplayersetup-9a1fhvq.exe

Digital Signature
Signed by:
Somoto Ltd.

Authority:
COMODO CA Limited

Valid from:
9/20/2011 2:00:00 AM

Valid to:
9/20/2014 1:59:59 AM

Subject:
CN=Somoto Ltd., O=Somoto Ltd., STREET=PO Box 58096, L=Tel Aviv, S=--, PostalCode=61580, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00841D099D16B738F34172FEEFE1D2574F

File PE Metadata
Compilation timestamp:
12/17/2010 10:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:222ihA0m3BJf0A+LSq9ZDcuZkyADrwOQE9T57QxrW6N:pA0m3T0A+eq9ZDSDrRQE9urWk

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Code size:
28.5 KB (29,184 bytes)

Remove freemediaplayersetup-9a1fhvq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.