» install-checkers-free.exe
Overview
Analysis
File Details
Downloads (1)

install-checkers-free.exe

Better Installer

DreamQuest Software LLC

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application install-checkers-free.exe by DreamQuest Software has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. The file has been seen being downloaded from software-files-a.cnet.com.

File name:

Publisher:

Somoto Ltd. (signed by DreamQuest Software LLC)

Product:

Better Installer

Version:

1.0

MD5:

7916f3081a5c774c5a3d363f00586557

SHA-1:

3f19b5c02ca1fcfa9ee9e655c288212f8a064cb5

SHA-256:

cde6e64c61a306a5e1fc6002459b3686087ca1eedb6f56693c2a3c3948037952

Scanner detections:

5 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 5:40:31 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Somoto.8

9.0.1.0207

ESET NOD32

Win32/Somoto (variant)

9.8430

MicroWorld eScan

Win32/Somoto.A

16.0.0.621

Reason Heuristics

PUP.Somoto.Bundler (M)

15.7.26.20

SUPERAntiSpyware

Trojan.Agent/Gen-Somoto

9729

File size:

143.8 KB (147,296 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Somoto BetterInstaller

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\beths don't delete\install-checkers-free.exe

Digital Signature

Signed by:

DreamQuest Software LLC

Authority:

The USERTRUST Network

Valid from:

6/7/2009 6:00:00 PM

Valid to:

6/7/2012 5:59:59 PM

Subject:

CN=DreamQuest Software LLC, O=DreamQuest Software LLC, STREET=PO Box 270303, L=Louisville, S=CO, PostalCode=80027, C=US

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

0CA971882D080AD782FD695F89099C54

File PE Metadata

Compilation timestamp:

12/17/2010 2:14:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

3072:fiOcDQGF3BJf0dhOhSe5lyTKHuG46uHnIvRiZY:q0GF370dJYC6uHXZY

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 8B, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 36, 43, 00, 00, 6A, 00, E8, 9F, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, AB, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, E4, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, E9, 2A, 00, 00, 83, C4, 18, E8, F2, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, D4, 2A, 00, 00, 57, 6A, 00, E8, 2D, 42, 00, 00, 83... 
[+]

Entropy:

7.5252

Code size:

28.5 KB (29,184 bytes)

The file install-checkers-free.exe has been seen being distributed by the following URL.

http://software-files-a.cnet.com/s/software/12/19/94/.../Install-Checkers-Free.exe

Remove install-checkers-free.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.