home

softonicdownloader_for_command-conquer-red-alert-3.exe

Application Installer

Softonic International

This is the Download Manager localized to Spanish that bundles the original software from the Softonic.com web site along with additional offers, mostly ad-supported browser extensions and utilities. While the original product is most likely clean, the Softonic Downloader is considered a PUP. The application softonicdownloader_for_command-conquer-red-alert-3.exe by Softonic International has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the Softonic Downloader installer.
Publisher:
Softonic International  (signed and verified)

Product:
Application Installer

Version:
1.41.6.14

MD5:
8ca4087e5f5f28f68268495f2343c58e

SHA-1:
992d38d85ca6383d6fbb345187abd9cdc56d853f

SHA-256:
5a7fe179431975c7b7c27f010deef8b570be3f71a9ba82d6c13f5c0b3da5232b

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Softonic Downloader is a download and install manager that provides users to the Softonic web site the ability to download 3rd-party software. During the installation the installer will show sponsored offers such as adware type toolbars and web browser extensions as well as other potentially unwanted applications. This type of software is typically known as an adware co-bundler. The downloader does not modify the original software.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 12:56:02 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Softonic
7.1.1

AVG
Adware BundleApp_r.AS
2014.0.4040

Baidu Antivirus
Hacktool.Win32.Downloader
4.0.3.141017

Dr.Web
Adware.Downware.8646
9.0.1.05190

ESET NOD32
Win32/SoftonicDownloader.G potentially unwanted application
7.0.302.0

G Data
Win32.Adware.Softonic
14.10.24

K7 AntiVirus
Unwanted-Program
13.184.13704

Kaspersky
not-a-virus:Downloader.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.Softonic
v2014.10.17.08

NANO AntiVirus
Trojan.Win32.Agent.dfyzyn
0.28.2.62671

Reason Heuristics
Bundler.PPI.Softonic.s
14.10.17.8

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Downloader.Agent.Win32.225218
2.0.0.1958

File size:
358.9 KB (367,472 bytes)

Product version:
1.41.6.14

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softonic Downloader

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\softonicdownloader_for_command-conquer-red-alert-3.exe

Digital Signature
Signed by:
Softonic International

Authority:
VeriSign, Inc.

Valid from:
7/3/2013 3:00:00 AM

Valid to:
10/3/2015 2:59:59 AM

Subject:
CN=Softonic International, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Softonic International, L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67C1FF44C765ABDA26027A6DCA52BA11

File PE Metadata
Compilation timestamp:
9/15/2014 9:20:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:rirUyO+UoiFJMDMj78q7uY/4i5XzLGdwXYKV0t3l5oNaC1/Rifd9nZt1fS8AoSpC:Gf4Juq780uY/4c+dHKWt3l5oNJRi7DZp

Entry address:
0xF7250

Entry point:
60, BE, 00, 90, 4A, 00, 8D, BE, 00, 80, F5, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 27, 59, 0F, 00, 57, 83, C3, 04, 53, 68, 48, E2, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9604  (probably packed)

Code size:
316 KB (323,584 bytes)

The file softonicdownloader_for_command-conquer-red-alert-3.exe has been seen being distributed by the following URL.

http://command-conquer-red-alert-3.en.softonic.com/universaldownloader-launch

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.