home

nsg64fc.tmp

Somoto Israel Ltd.

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file nsg64fc.tmp by Somoto Israel has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from sub.lollipopseven.com.
Publisher:
Somoto Israel Ltd.  (signed and verified)

Version:
1.0.0.1

MD5:
212533f1a31d262716af17018e530b30

SHA-1:
db26e5b85a38f307de5f0b5f7f8f627763424870

SHA-256:
93d5e3d3a7d0dac70f9989d5ac1dbe8b16d0d819b4ea719b21623eb6338ade7d

Scanner detections:
21 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/5/2024 3:32:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.AG
461

Avira AntiVirus
PUA/Somoto.Gen2
3.6.1.96

AVG
AdLoad.S
2016.0.2939

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.151031

Bitdefender
Application.Bundler.Somoto.AG
1.0.20.1520

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Somoto.130
9.0.1.0304

ESET NOD32
Win32/Somoto.G potentially unwanted
9.11495

F-Secure
Application.Bundler.Somoto
11.2015-31-10_7

K7 AntiVirus
Trojan
13.202.15640

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.1192

McAfee
RDN/Generic.dx!djq
5600.6595

MicroWorld eScan
Application.Bundler.Somoto.AG
16.0.0.912

NANO AntiVirus
Trojan.Win32.Somoto.dnumll
0.30.16.1110

Norman
Suspicious_Gen4.HXCPQ
11.20151031

Panda Antivirus
PUP/MultiToolbar.A
15.10.31.12

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Somoto.SomotoIsrael.Bundler (M)
15.10.31.12

Trend Micro House Call
TROJ_GEN.R02EC0EBL15
7.2.304

Trend Micro
TROJ_GEN.R02EC0EBL15
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
39462

File size:
417.9 KB (427,944 bytes)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\nsg64fc.tmp

Digital Signature
Signed by:
Somoto Israel Ltd.

Authority:
Somoto Israel Ltd.

Valid from:
1/28/2015 3:45:34 PM

Valid to:
1/28/2016 4:05:34 PM

Subject:
CN=Somoto Israel Ltd., OU="", O=Somoto Israel Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Somoto Israel Ltd., OU="", O=Somoto Israel Ltd., L=Tel Aviv, S=Israel, C=IL

Serial number:
66193B5EACC01CB140D8D920D06C3660

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:sFz+X8DVg0NmjhuYcG9x5JvjCerts2FhnMyix:sFSyHE6Y9eyFhMys

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file nsg64fc.tmp has been seen being distributed by the following URL.

http://sub.lollipopseven.com/installers/bi_downloader/.../setup.exe

Remove nsg64fc.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.