home

skinpack-8-win7-ver1_downloader_downloader-2hh7le9d.exe

Somoto Israel

This is part of the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application skinpack-8-win7-ver1_downloader_downloader-2hh7le9d.exe by Somoto Israel has been detected as adware by 13 anti-malware scanners. This is a setup program which is used to install the application. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.
Publisher:
Somoto Israel  (signed and verified)

MD5:
ea72b0c74ee11d2ae6e8814cf92a0aa4

SHA-1:
e495a3df89172daf93fb103150cf71e5c0e24bcf

SHA-256:
ac1168e148517d942ad076ce8a7fa1f7db46053e28e061d27c89ea3bed397671

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
4/26/2024 11:59:06 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Agent
2014.02.04

Clam AntiVirus
Trojan.Agent-267630
0.98/18155

Dr.Web
Trojan.MulDrop4.11744
9.0.1.035

ESET NOD32
Win32/Somoto
8.9374

F-Prot
W32/Sefnit.C
v6.4.7.1.166

K7 AntiVirus
Trojan
13.175.11028

Malwarebytes
PUP.Optional.Somoto.A
v2014.02.04.08

McAfee
Artemis!EA72B0C74EE1
5600.7229

nProtect
Adware/W32.Agent.237016
14.02.03.01

Panda Antivirus
Adware/MultiToolbar
14.02.04.08

Reason Heuristics
PUP.SomotoIsrael.t
14.8.7.17

Trend Micro House Call
TROJ_GEN.F47V0202
7.2.35

VIPRE Antivirus
Trojan.Win32.Generic
26090

File size:
231.5 KB (237,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\skinpack-8-win7-ver1_downloader_downloader-2hh7le9d.exe

Digital Signature
Signed by:
Somoto Israel

Authority:
COMODO CA Limited

Valid from:
7/8/2013 3:00:00 AM

Valid to:
7/9/2018 2:59:59 AM

Subject:
CN=Somoto Israel, O=Somoto Israel, STREET=Habarzel 32, L=Tel Aviv, S=--, PostalCode=69700, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
74F2E607D2905C0E3EA9C8AB59942D25

File PE Metadata
Compilation timestamp:
12/17/2010 11:14:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:XJ380o+GMY0Zql+OR+PF4n21h7YU1iwk1gAPl:XF80o+G7/BaFK2/LAL1N

Entry address:
0x380C

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 87, 4D, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 2A, 4A, 00, 00, 6A, 00, E8, 9B, 4D, 00, 00, 6A, 08, A3, 28, F9, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, D8, F9, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, 4C, A2, 40, 00, E8, E0, 4C, 00, 00, 83, EC, 0C, 68, 4D, A2, 40, 00, 68, 08, FA, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, E6, 49, 00, 00, 52, 52, 50, 68, 00, 80, 43, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 29, 49, 00, 00, 83...
 
[+]

Entropy:
7.7625  (probably packed)

Code size:
30 KB (30,720 bytes)

The file skinpack-8-win7-ver1_downloader_downloader-2hh7le9d.exe has been seen being distributed by the following URL.

http://skinpacks.com/.../SkinPack-8-win7-ver1_Downloader_downloader-2hH7lE9D.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.