home

softonicsrv.exe

Softonic Toolbar

Montera Technologeis LTD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application softonicsrv.exe by Montera Technologeis has been detected as adware by 2 anti-malware scanners. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.
Publisher:
Softonic.com  (signed by Montera Technologeis LTD)

Product:
Softonic Toolbar

Version:
1.8.20.0

MD5:
dd1d195840cf2833357bcbf6291b8e90

SHA-1:
431ca401e93a36c4fb726d12b16b4cc058a2c770

SHA-256:
8432d9fc7f640eaa8a5063d35ae5b8f8d8e1f3315180b87de2b486fb27b0e07d

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/24/2024 5:52:19 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Montiera (variant)
8.9328

Reason Heuristics
PUP.Toolbar.Montera.L
14.8.7.19

File size:
371.9 KB (380,824 bytes)

Product version:
1.8.20.0

Copyright:
(c) Softonic.com. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Hebreeuws (Israël)

Common path:
C:\Program Files\softonic\softonic\1.8.21.14\softonicsrv.exe

Digital Signature
Signed by:
Montera Technologeis LTD

Authority:
COMODO CA Limited

Valid from:
6/4/2013 2:00:00 AM

Valid to:
6/5/2014 1:59:59 AM

Subject:
CN=Montera Technologeis LTD, O=Montera Technologeis LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
263C38E0402CCF0F902FDFFA54E20AD6

File PE Metadata
Compilation timestamp:
6/11/2013 4:28:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:jE8KN8OXWVLGxwiU/wIfePvEeFEMNiCepSiaCZxWItus8kQQQlIU7:g8K2OXWVLGxwx/wImPv9FpNiCepSiaCq

Entry address:
0x2A9FB

Entry point:
E8, C5, 8B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 57, FF, 75, 10, 8D, 4D, F0, E8, E4, E0, FF, FF, 8B, 7D, 08, 85, FF, 75, 27, E8, 06, 15, 00, 00, C7, 00, 16, 00, 00, 00, E8, 29, 18, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, A5, 00, 00, 00, 56, 8B, 75, 0C, 85, F6, 75, 24, E8, D7, 14, 00, 00, C7, 00, 16, 00, 00, 00, E8, FA, 17, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, EB, 78, 53, 8B, 5D, F4, 83, 7B, 08, 00...
 
[+]

Code size:
256.5 KB (262,656 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

Remove softonicsrv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.