» mutlu_downloader-i742ufsor.exe
Overview
Analysis
File Details
Downloads (1)

mutlu_downloader-i742ufsor.exe

Mocal

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application mutlu_downloader-i742ufsor.exe by Mocal has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. The file has been seen being downloaded from www.schriftarten-fonts.de.

File name:

Publisher:

Mocal (signed and verified)

MD5:

9d8a13c68ddfbc81275e6b3301f9de12

SHA-1:

de42d87a0cfedfc51c6ac28e5d07aa3e4cebf6b1

SHA-256:

272877bd092ef1aad1be4ed0d6f392a76c90e0f6c8d9527067a9baa34934c068

Scanner detections:

5 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 3:30:10 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Somoto

0.98/19293

ESET NOD32

Win32/Somoto.G potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.494

Reason Heuristics

PUP.Mocal.AA

14.8.10.11

VIPRE Antivirus

Threat.4150696

32210

File size:

222.3 KB (227,672 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Somoto BetterInstaller

Common path:

C:\users\{user}\downloads\mutlu_downloader-i742ufsor.exe

Digital Signature

Signed by:

Mocal

Authority:

COMODO CA Limited

Valid from:

6/10/2014 2:00:00 AM

Valid to:

6/11/2015 1:59:59 AM

Subject:

CN=Mocal, O=Mocal, STREET=Bendstr. 18, L=Aachen, S=NRW, PostalCode=52066, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0765B6A8C03E3F98B22046A6D2373518

File PE Metadata

Compilation timestamp:

12/17/2010 10:14:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:hA0m3D0oK8RIurbiQmH4o6PXfm/F7ZQ+L8TNKtRj/XaH:hA0iD0oK8RIurbiQ9oAVICwtxE

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83... 
[+]

Code size:

28.5 KB (29,184 bytes)

The file mutlu_downloader-i742ufsor.exe has been seen being distributed by the following URL.

http://www.schriftarten-fonts.de/.../Mutlu_downloader-I742UFSOr.exe

Remove mutlu_downloader-i742ufsor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.