home

install-500-free.exe

Better Installer

DreamQuest Software LLC

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application install-500-free.exe by DreamQuest Software has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
Somoto Ltd.  (signed by DreamQuest Software LLC)

Product:
Better Installer

Version:
1.0

MD5:
8999f58c3b7dc7c971026df25832f0fa

SHA-1:
58386727ae2eb05a8fb9a678fb9fb9c43f7f68d0

SHA-256:
2ed419f75446ffb3af1696c5cf996cde6b2ac16b7bcdf146f6e168377a760408

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 9:54:35 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Generic
7.1.1

Avira AntiVirus
APPL/Somoto.Gen2
7.11.147.88

Dr.Web
Adware.Somoto.3
9.0.1.0273

ESET NOD32
Win32/Somoto (variant)
8.9757

Fortinet FortiGate
Riskware/Somoto
9/30/2014

G Data
Win32.Application.Somoto
14.9.24

Malwarebytes
PUP.Optional.Somoto.A
v2014.09.30.12

NANO AntiVirus
Trojan.Win32.Somoto.cumknu
0.28.0.59608

Reason Heuristics
PUP.Installer.DreamQuestSoftware.Q
14.9.30.0

Sophos
Somoto BetterInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Somoto
10329

File size:
143.8 KB (147,272 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\install-500-free.exe

Digital Signature
Signed by:
DreamQuest Software LLC

Authority:
The USERTRUST Network

Valid from:
6/8/2009 7:00:00 AM

Valid to:
6/8/2012 6:59:59 AM

Subject:
CN=DreamQuest Software LLC, O=DreamQuest Software LLC, STREET=PO Box 270303, L=Louisville, S=CO, PostalCode=80027, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
0CA971882D080AD782FD695F89099C54

File PE Metadata
Compilation timestamp:
12/17/2010 4:14:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:CiOcDQGF3BJf0dAi/vXSNwpxjvR9COcCXdSddSUVZMMbCsJYb:90GF370dAi/vXmwp39x3dSddZVbCA

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 8B, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 36, 43, 00, 00, 6A, 00, E8, 9F, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, AB, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, E4, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, E9, 2A, 00, 00, 83, C4, 18, E8, F2, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, D4, 2A, 00, 00, 57, 6A, 00, E8, 2D, 42, 00, 00, 83...
 
[+]

Entropy:
7.5264

Code size:
28.5 KB (29,184 bytes)

The file install-500-free.exe has been seen being distributed by the following URL.

http://software-files-a.cnet.com/s/software/12/19/94/.../Install-500-Free.exe

Remove install-500-free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.