home

tob_downloader-n8ajj41uk.exe

SITE ON SPOT Ltd.

This is part of the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application tob_downloader-n8ajj41uk.exe by SITE ON SPOT has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for additional third party applications, mostly adware toolbars, with legitimate softare and may be installed without adequate user consent.
Publisher:
SITE ON SPOT Ltd.  (signed and verified)

MD5:
738acc81d5920d426b34718a1e1bdee6

SHA-1:
8854236b0ac9828f62e0d7b87907888160835170

SHA-256:
c07ca24c036266c25900fbed54b3f4d7c13bdf9d2e5d7e84881815d35a301c19

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the Somoto 'BetterInstaller' to bundle additional (unwanted) software during install without adequate consent.

Analysis date:
4/24/2024 3:56:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Somoto.J
925

AVG
Generic
2015.0.3403

Baidu Antivirus
Adware.Win32.Somoto
4.0.3.14725

Bitdefender
Application.Bundler.Somoto.J
1.0.20.1030

Clam AntiVirus
Win.Adware.Somoto
0.98/21411

Dr.Web
Trojan.Packed.26824
9.0.1.0206

Emsisoft Anti-Malware
Application.Bundler.Somoto
8.14.07.25.09

ESET NOD32
Win32/Somoto
8.10114

F-Secure
Application.Bundler.Somoto.J
11.2014-25-07_6

IKARUS anti.virus
PUA.Downloader.Somoto
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3508

Malwarebytes
PUP.Optional.Somoto.A
v2014.07.25.09

McAfee
Artemis!738ACC81D592
5600.7059

MicroWorld eScan
Application.Bundler.Somoto.J
15.0.0.618

NANO AntiVirus
Riskware.Nsis.Adware.dbnhrj
0.28.2.60881

nProtect
Trojan-Clicker/W32.Agent.227048
14.07.17.01

Panda Antivirus
Trj/CI.A
14.07.25.09

Qihoo 360 Security
Win32/Application.6bb
1.0.0.1015

Reason Heuristics
PUP.SITEONSPOT.Y
14.7.25.9

Sophos
Somoto BetterInstaller
4.98

SUPERAntiSpyware
PUP.Somoto/Variant
10462

VIPRE Antivirus
Trojan.Win32.Generic
31358

File size:
221.7 KB (227,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\tob_downloader-n8ajj41uk.exe

Digital Signature
Signed by:
SITE ON SPOT Ltd.

Authority:
Thawte, Inc.

Valid from:
6/28/2013 1:00:00 AM

Valid to:
6/29/2015 12:59:59 AM

Subject:
CN=SITE ON SPOT Ltd., O=SITE ON SPOT Ltd., L=Tel Aviv, S=NA, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3EE11B140A803DE260823157A875B8C5

File PE Metadata
Compilation timestamp:
12/17/2010 9:14:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:DA0m3D0onyda8YJQtxpD0u8pMvCHSVV+Jm:DA0iD0oydFtK9qaHSVd

Entry address:
0x39AC

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 97, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 42, 43, 00, 00, 6A, 00, E8, AB, 46, 00, 00, 6A, 08, A3, 88, 4C, 42, 00, E8, B1, 28, 00, 00, 6A, 00, 68, 60, 01, 00, 00, A3, 38, 4D, 42, 00, 8D, 85, 90, FE, FF, FF, 50, 6A, 00, 68, A4, A2, 40, 00, E8, F0, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 4D, 42, 00, E8, EF, 2A, 00, 00, 83, C4, 18, E8, FE, 42, 00, 00, 52, 52, 50, 68, 00, D0, 42, 00, E8, DA, 2A, 00, 00, 57, 6A, 00, E8, 39, 42, 00, 00, 83...
 
[+]

Entropy:
7.7528  (probably packed)

Code size:
28.5 KB (29,184 bytes)

The file tob_downloader-n8ajj41uk.exe has been seen being distributed by the following URL.

http://fsoft4down.com/.../tob_downloader-N8aJJ41uK.exe

Remove tob_downloader-n8ajj41uk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.