» softonicdownloader_for_teamviewer-portable.exe
Overview
Analysis
File Details
Downloads (1)

softonicdownloader_for_teamviewer-portable.exe

Softonic Downloader

Softonic

The application softonicdownloader_for_teamviewer-portable.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softonic Downloader installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from teamviewer-portable.en.softonic.com.

File name:

Publisher:

Softonic

Product:

Softonic Downloader

Version:

1.40.7.0

MD5:

338187739c43eb4aea78b7ccda418a4e

SHA-1:

4666106e20226d438865f005918188bb9e195039

Scanner detections:

1 / 68

Status:

Potentially unwanted

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/16/2024 11:10:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softonic.Bundler.Meta (L)

16.5.26.7

File size:

454.3 KB (465,240 bytes)

Product version:

1.40.7.0

Original file name:

SoftonicDownloader.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softonic Downloader

Language:

Spanish (International Sort)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\softonicdownloader_for_teamviewer-portable.exe

File PE Metadata

Compilation timestamp:

4/23/2014 2:21:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:1Z99wWh1s2WXiWXXGUImcyGmooSZ2vw8j:rhQ2WXiWkTpJs

Entry address:

0x52DD40

Entry point:

C7, C0, FB, EF, B0, C6, 51, 0F, AF, F7, F2, F7, C3, 71, 82, 19, 1B, C7, C3, 47, 7F, 6E, E7, 3C, 7E, 81, F2, 78, 1E, 00, 00, BB, 5C, 21, C5, FC, 28, CD, 89, FF, F6, C7, F0, 83, E1, 00, 0F, B6, D6, B6, 68, C6, C6, B2, C6, C6, B1, 89, CD, 3D, B2, 7F, 2D, 89, 81, C1, 01, 00, 00, 00, 71, 08, 69, F9, 8D, CF, 97, 99, 8B, DD, F2, FF, C8, 1C, DC, 88, F0, 81, F9, 3F, 07, 00, 00, 0F, 8C, CB, FF, FF, FF, F3, C6, C6, 1B, F7, C5, 00, 8A, D1, 45, F7, C0, 5F, A5, 60, B4, 3A, D1, E8, 00, 00, 00, 00, 8D, 1D, 42, 90, FB, 5B... 
[+]

Entropy:

7.9713 (probably packed)

Code size:

336 KB (344,064 bytes)

The file softonicdownloader_for_teamviewer-portable.exe has been seen being distributed by the following URL.

http://teamviewer-portable.en.softonic.com/universaldownloader-launch

Remove softonicdownloader_for_teamviewer-portable.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.