» survivor_downloader-iaxixluhe.exe
Overview
Analysis
File Details

survivor_downloader-iaxixluhe.exe

The application survivor_downloader-iaxixluhe.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.

File name:

MD5:

dd35dc7c1cf56ca6e84113c7dee61f42

SHA-1:

a6df5f4450c2466cc08475aae7973fd90787acc0

SHA-256:

8cbf9c1b0035251ef787c7db5f11f9415c4c51eb8ae5d2590e1ce3138db15fd6

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

5/10/2024 8:02:54 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/Somoto

2014.11.28

Avira AntiVirus

APPL/Somoto.hzis

7.11.189.70

avast!

Somoto-P [PUP]

141119-1

AVG

Generic

2015.0.3277

Bkav FE

HW32.Packed

1.3.0.6267

Clam AntiVirus

Win.Adware.Somoto

0.98/21511

Dr.Web

Trojan.Packed.26824

9.0.1.05190

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.543

NANO AntiVirus

Riskware.Win32.Downware.digcac

0.28.6.63726

Sophos

Somoto BetterInstaller

4.98

SUPERAntiSpyware

PUP.Somoto/Variant

10211

VIPRE Antivirus

Threat.4783461

35088

File size:

289.7 KB (296,616 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\survivor_downloader-iaxixluhe.exe

File PE Metadata

Compilation timestamp:

12/17/2010 12:14:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:kA0m3D0oSeQ+canPvmAI5E2QVub7itZm386ueLqQtt:kA0iD0oSeQYPOSq7iDmTue+Qtt

Entry address:

0x39AC

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83... 
[+]

Entropy:

7.8368 (probably packed)

Code size:

28.5 KB (29,184 bytes)

Remove survivor_downloader-iaxixluhe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.