home

softonicassistant.exe

Softonic International SA

The application softonicassistant.exe by Softonic International SA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SoftonicAssistant’.
Publisher:
Softonic International SA  (signed and verified)

Version:
0.2.2.0

MD5:
95a551db952f00eb57e95366afb9bc49

SHA-1:
6debd64e359c76152c84f8e3982398e872f95ec9

SHA-256:
b3e794b6960d0f1fc01d17b2bc8ed707b1c2c00f3a3bfddace20ffe651489a98

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/18/2024 5:47:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softonic (M)
16.8.15.7

File size:
1.8 MB (1,835,976 bytes)

Product version:
0.2.2.0

Copyright:
Copyright (C) 2014

Original file name:
Softonic.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\softonicassistant\softonicassistant.exe

Digital Signature
Signed by:
Softonic International SA

Authority:
VeriSign, Inc.

Valid from:
10/13/2014 8:00:00 PM

Valid to:
10/14/2015 7:59:59 PM

Subject:
CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D29D6E70680A46F4373C81F530344D9

File PE Metadata
Compilation timestamp:
3/25/2015 6:03:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:3llNbRcsm29q5X2JaXynvP6k5KiH+oUsrafRPQu4xWCQA4pdXAFG7TUDj:3lraiQoUsraRK8pdwF2TUH

Entry address:
0x109E2F

Entry point:
63, 61, 72, 61, 74, 2F, 67, 78, 5F, 62, 61, 63, 63, 61, 72, 61, 74, 2E, 69, 6E, 69, 09, 38, 38, 34, 38, 09, 59, 4D, 50, 55, 4D, 78, 52, 45, 73, 31, 30, 5A, 32, 58, 42, 38, 36, 72, 6D, 56, 74, 37, 39, 4B, 44, 49, 6C, 62, 64, 71, 52, 38, 39, 62, 65, 38, 79, 78, 6C, 34, 35, 68, 55, 3D, 0D, 0A, 66, 69, 6C, 65, 3D, 78, 63, 2F, 62, 61, 63, 63, 61, 72, 61, 74, 2F, 68, 61, 6E, 64, 5F, 73, 63, 6F, 72, 65, 2F, 68, 61, 6E, 64, 5F, 63, 6F, 75, 6E, 74, 5F, 61, 63, 74, 69, 76, 65, 5F, 61, 72, 72, 6F, 77, 2E, 70, 6E, 67...
 
[+]

Entropy:
7.0836

Code size:
1.3 MB (1,312,256 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SoftonicAssistant

Command:
"C:\users\{user}\appdata\local\softonicassistant\softonicassistant.exe"


Remove softonicassistant.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.