» softonicsrv.exe
Overview
Analysis
File Details
Network (8)

softonicsrv.exe

Softonic Toolbar

Montera Technologeis LTD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application softonicsrv.exe by Montera Technologeis has been detected as adware by 2 anti-malware scanners. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.

File name:

softonicsrv.exe

Publisher:

Softonic.com (signed by Montera Technologeis LTD)

Product:

Softonic Toolbar

Version:

1.8.19.0

MD5:

660f55c24d2500468e67ca6562d7ffdb

SHA-1:

add45a79d905d2d89ce12c54763096f0e6491bc9

SHA-256:

dea5aa3bda271da730c4fa500276c42c678f7b63ec33fa612d2ad183aef41e32

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/20/2024 3:09:41 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Montiera (variant)

8.8943

Reason Heuristics

PUP.Toolbar.Montera.L

14.8.7.19

File size:

374.4 KB (383,384 bytes)

Product version:

1.8.19.0

File type:

Executable application (Win32 EXE)

Language:

Hebrew (Israel)

Common path:

C:\Program Files\softonic\softonic\1.8.19.3\softonicsrv.exe

Digital Signature

Signed by:

Montera Technologeis LTD

Authority:

COMODO CA Limited

Valid from:

5/27/2012 6:00:00 PM

Valid to:

5/28/2013 5:59:59 PM

Subject:

CN=Montera Technologeis LTD, O=Montera Technologeis LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

361B49E5431DD304CA32589D28E4DD3C

File PE Metadata

Compilation timestamp:

4/30/2013 6:26:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:Ki0Ff7g9RtYApgIRhdn6u6x/tJS0l595RG3d118it8TVs:L0Ffc9RtYApgIRh56uwFJS0lv5RG3d1f

Entry address:

0x2B4FB

Entry point:

E8, C5, 8B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 57, FF, 75, 10, 8D, 4D, F0, E8, E4, E0, FF, FF, 8B, 7D, 08, 85, FF, 75, 27, E8, 06, 15, 00, 00, C7, 00, 16, 00, 00, 00, E8, 29, 18, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, A5, 00, 00, 00, 56, 8B, 75, 0C, 85, F6, 75, 24, E8, D7, 14, 00, 00, C7, 00, 16, 00, 00, 00, E8, FA, 17, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, EB, 78, 53, 8B, 5D, F4, 83, 7B, 08, 00... 
[+]

Code size:

258.5 KB (264,704 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to NY1WV3561 (204.145.82.26:80)

TCP (HTTP):

Connects to NY1WV3438 (204.145.82.24:80)

TCP (HTTP):

Connects to NY1WV3659 (204.145.82.27:80)

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

TCP (HTTP):

Connects to ya-in-f105.1e100.net (173.194.219.105:80)

TCP (HTTP):

Connects to cache.google.com (94.20.252.49:80)

Remove softonicsrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.