home

setup.exe

Somoto Ltd

The application setup.exe by Somoto has been detected as a potentially unwanted program by 27 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.
Publisher:
Somoto Ltd  (signed and verified)

Version:
1.0.0.1

MD5:
e219ca80d6a8ba370fbf311add34a723

SHA-1:
95384889d286965d124054cdf52e926994d110d4

SHA-256:
0f27b835476fd4cf112606363149f7faf831e2bd324b019e887cda405fcce99a

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 7:11:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.AG
551

AhnLab V3 Security
PUP/Win32.Somoto
2015.08.02

Avira AntiVirus
PUA/Somoto.Gen2
8.3.1.6

Arcabit
Application.Bundler.Somoto.AG
1.0.0.425

AVG
AdLoad.S
2016.0.3029

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.1582

Bitdefender
Application.Bundler.Somoto.AG
1.0.20.1070

Bkav FE
W32.HfsAdware
1.3.0.6979

Clam AntiVirus
Win.Adware.Somoto-2
0.98/21511

Dr.Web
Adware.Somoto.139
9.0.1.0214

ESET NOD32
Win32/Somoto.G potentially unwanted
9.12030

F-Prot
W32/Trojan2.OUSK
v6.4.7.1.166

F-Secure
Application.Bundler.Somoto
11.2015-02-08_1

K7 AntiVirus
Adware
13.207.16756

Kaspersky
not-a-virus:HEUR:Downloader.NSIS.Somoto
14.0.0.1642

Malwarebytes
PUP.Optional.Somoto.C
v2015.08.02.01

McAfee
Artemis!E219CA80D6A8
5600.6685

MicroWorld eScan
Application.Bundler.Somoto.AG
16.0.0.642

NANO AntiVirus
Riskware.Nsis.Adware.dshbbp
0.30.24.2668

Panda Antivirus
Trj/CI.A
15.08.02.01

Qihoo 360 Security
Win32/Virus.Downloader.594
1.0.0.1015

Reason Heuristics
PUP.Somoto.Installer (M)
15.8.2.13

Rising Antivirus
PE:Trojan.Win32.Generic.18E9343C!417936444
23.00.65.15731

Sophos
Generic PUA JF
4.98

Trend Micro House Call
ADW_TOMOS.SMN
7.2.214

Trend Micro
ADW_TOMOS.SMN
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
42538

File size:
420.8 KB (430,904 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\bog5ydfp\setup.exe

Digital Signature
Signed by:
Somoto Ltd

Authority:
Symantec Corporation

Valid from:
6/24/2015 7:00:00 AM

Valid to:
8/23/2016 6:59:59 AM

Subject:
CN=Somoto Ltd, O=Somoto Ltd, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
02FED381427052F6E66365A4627FB0ED

File PE Metadata
Compilation timestamp:
12/6/2009 5:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:TFSbfR69JhDQZzVjqTrgfPbKG/t5JJmKBy:TFSbfRAKZzVjYiTKGRoYy

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://sub.spirlymo.com/installers/bi_downloader/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.