» softonicassistant.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

softonicassistant.exe

Softonic International SA

The application softonicassistant.exe by Softonic International SA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SoftonicAssistant’. This file is typically installed with the program Softonic Assistant by Softonic International S.L..

File name:

Publisher:

Softonic International SA (signed and verified)

Version:

0.2.3.0

MD5:

4775fb88a992612c926e1b438699bbb2

SHA-1:

c8dfe7f1546a2491d1ae77297848f91e73845087

SHA-256:

5a6f39366e7f8068b7ae86a4fc728524ae4bcd1480d1f0d69e96d7a6e5bb882a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/25/2024 7:58:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softonic (M)

16.10.2.13

File size:

1.8 MB (1,846,216 bytes)

Product version:

0.2.3.0

Original file name:

Softonic.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\softonicassistant\softonicassistant.exe

Digital Signature

Signed by:

Softonic International SA

Authority:

VeriSign, Inc.

Valid from:

10/14/2014 5:30:00 AM

Valid to:

10/15/2015 5:29:59 AM

Subject:

CN=Softonic International SA, O=Softonic International SA, L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4D29D6E70680A46F4373C81F530344D9

File PE Metadata

Compilation timestamp:

2/18/2016 4:25:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:suQd6gms27BRkvDozirksnfdzwOML7h3V7xgXHe2MfW//FdH0IHtpbhlU/wu:suQd6gms2YLBER/e+2MfW1J0Ytpbbswu

Entry address:

0x10B9CF

Entry point:

E8, 8D, F9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 09, FA, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 17, 22, 00, 00, 85, C0, 74, 0A, E8, 0E, 22, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 54, C8, 59, 00, 00, 74, 05, E9, 32, FA, 00, 00, 57, 8B, F9... 
[+]

Entropy:

6.7201

Code size:

1.3 MB (1,319,424 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SoftonicAssistant

Command:

"C:\users\{user}\appdata\local\softonicassistant\softonicassistant.exe"

The file softonicassistant.exe has been discovered within the following programs.

Softonic Assistant by Softonic International S.L.

47% remove it

Remove softonicassistant.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.