» update_checker.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

update_checker.exe

FilesFrog.com Update Checker

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The application update_checker.exe by Somoto has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SDP’. This file is typically installed with the program FilesFrog Update Checker by Somoto Ltd. which is a potentially unwanted software program.

File name:

update_checker.exe

Publisher:

Somoto (signed by Somoto Ltd.)

Product:

FilesFrog.com Update Checker

Version:

4, 3, 0, 0

MD5:

ff786a74f62361a71aecdb8f8ac95d6f

SHA-1:

bec2a0ecda63682f58cac337e98557103a7cf2ab

SHA-256:

767d9286709feba392fe2a6ed3b2b991d314b627f4dd4fede59cfac1a3ca2e58

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 11:36:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Somoto (M)

17.3.16.8

File size:

197.1 KB (201,808 bytes)

Product version:

4.3.0

2012

Trademarks:

Somoto Ltd.

Original file name:

update_checker.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\filesfrog update checker\update_checker.exe

Digital Signature

Signed by:

Somoto Ltd.

Authority:

COMODO CA Limited

Valid from:

9/19/2011 8:00:00 PM

Valid to:

9/19/2014 7:59:59 PM

Subject:

CN=Somoto Ltd., O=Somoto Ltd., STREET=PO Box 58096, L=Tel Aviv, S=--, PostalCode=61580, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00841D099D16B738F34172FEEFE1D2574F

File PE Metadata

Compilation timestamp:

1/30/2013 11:43:26 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x112B1

Entry point:

E8, 3C, 83, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 44, 06, 43, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 73, 0E, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 34, 14, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83... 
[+]

Entropy:

6.5321

Code size:

131 KB (134,144 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SDP

Command:

C:\users\{user}\appdata\local\filesfrog update checker\update_checker.exe \auto

The file update_checker.exe has been discovered within the following program.

FilesFrog Update Checker by Somoto Ltd.

FilesFrog Update Checker a software updater program which runs in the background of Windows and automatically starts up when your PC boots.

www.filesfrog.com

86% remove it

Remove update_checker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.