home

lemmings(lemmings)_downloader-i18nje0bk.exe

Whirlwind Internet

The application lemmings(lemmings)_downloader-i18nje0bk.exe by Whirlwind Internet has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.dosgamesarchive.com.
Publisher:
Whirlwind Internet  (signed and verified)

MD5:
1dc92618c81e26aac4eb4548dabb45f7

SHA-1:
875ac91b8d8b3ae66a0259056a77d2857567a072

SHA-256:
ce333fd04c6d0747977cf3711e8ac26f517143a53280fd4dc74279d433d5f738

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 7:24:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
834

Avira AntiVirus
APPL/Somoto.Gen
7.11.180.214

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1480

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Emsisoft Anti-Malware
Application.Bundler.Somoto
14.10.23

ESET NOD32
Win32/Somoto.G potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.Somoto.J
11.2014-23-10_5

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.494

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.888

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.62841

SUPERAntiSpyware
PUP.Somoto/Variant
10282

VIPRE Antivirus
Threat.4150696
33706

File size:
220.3 KB (225,600 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\lemmings(lemmings)_downloader-i18nje0bk.exe

Digital Signature
Signed by:
Whirlwind Internet

Authority:
COMODO CA Limited

Valid from:
8/27/2014 1:00:00 AM

Valid to:
8/28/2015 12:59:59 AM

Subject:
CN=Whirlwind Internet, O=Whirlwind Internet, STREET=Vluchtoord 7, L=Uden, S=Noord-Brabant, PostalCode=5406 XP, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3CAF96493FE7D209FC7ACE4B4FF88BDE

File PE Metadata
Compilation timestamp:
12/17/2010 9:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:PA0m3D0onJ0FzhahX32yJGEDzozYbz3XY+JJ9Xa:PA0iD0on+thUn2+GEDzozkjXYmV

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7520  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file lemmings(lemmings)_downloader-i18nje0bk.exe has been seen being distributed by the following URL.

http://www.dosgamesarchive.com/.../Lemmings(lemmings)_downloader-I18NJE0Bk.exe

Remove lemmings(lemmings)_downloader-i18nje0bk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.