home

survey_169579_062411210744.exe

Sono Control Inc

The application survey_169579_062411210744.exe by Sono Control Inc has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Sono Control Inc  (signed and verified)

MD5:
7cddc54022c5389c0ed90ef7b0365438

SHA-1:
eaf6a629481a37d98256cbd5f824f677187915b1

SHA-256:
91e4ba80d63fc2c91d18f8f452fac9dbe71535013d682efb6072df1a05c88109

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 7:42:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Adware.Heur.xq1@RihoWSii
739

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Win-Adware/Relevant.336840.B
2014.07.16

Avira AntiVirus
ADWARE/Adware.Gen
7.11.160.254

avast!
NSIS:Adware-AY [Adw]
2014.9-150127

AVG
RelevantKnowledge
2016.0.3217

Bitdefender
Gen:Adware.Heur.xq1@RihoWSii
1.0.20.135

Comodo Security
UnclassifiedMalware
18866

Dr.Web
Trojan.StartPage.21735
9.0.1.027

Emsisoft Anti-Malware
Gen:Adware.Heur.xq1@RihoWSii
8.15.01.27.12

ESET NOD32
Win32/Adware.MarketScore
9.10102

Fortinet FortiGate
Riskware/OSS
1/27/2015

F-Secure
Gen:Adware.Heur.xq1@RihoWSii
11.2015-27-01_3

G Data
Gen:Adware.Heur.xq1@RihoWSii
15.1.24

IKARUS anti.virus
Gen.AdWare.Heur
t3scan.1.6.1.0

Kaspersky
not-a-virus:Monitor.Win32.RK
14.0.0.2580

Malwarebytes
PUP.Optional.RelevantKnowledge
v2015.01.27.12

McAfee
Artemis!7CDDC54022C5
5600.6873

MicroWorld eScan
Gen:Adware.Heur.xq1@RihoWSii
16.0.0.81

NANO AntiVirus
Trojan.Win32.Relevant.cxpnfu
0.28.2.60881

Norman
Obfuscated.OI
11.20150127

Reason Heuristics
PUP.SonoControl
15.1.27.0

Trend Micro House Call
Suspicious_GEN.F47V0715
7.2.27

Vba32 AntiVirus
Signed-AdWare.Win32.Relevant
3.12.26.3

File size:
328.9 KB (336,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\survey_169579_062411210744.exe

Digital Signature
Signed by:
Sono Control Inc

Authority:
GoDaddy.com, Inc.

Valid from:
11/12/2010 2:12:52 PM

Valid to:
11/12/2011 2:12:52 PM

Subject:
CN=Sono Control Inc, O=Sono Control Inc, L=bellevue, S=WA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
046D6D36885CC9

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ue34tI7plRit+5ksQXzGWNk/r3bNb8vYsXaV4/CqfYIlQJNPO:mIFlRmKit6jLZsKu/qImw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9057

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove survey_169579_062411210744.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.