home

updatecheckersetup.exe

Somoto Limited

This is the Somoto BetterInstaller, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application updatecheckersetup.exe by Somoto Limited has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Somoto BetterInstaller installer. The file has been seen being downloaded from pc.youc.net and multiple other hosts.
Publisher:
Somoto Limited  (signed and verified)

MD5:
a7ff9b551b845b0643f76ab1508262fa

SHA-1:
d35cd629b48dcb6c45c7375e45b6df69de7e1f26

Scanner detections:
2 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 6:16:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.SomotoLimited.S
14.7.3.1

Trend Micro House Call
TROJ_GEN.F47V0324
7.2.130

File size:
255.7 KB (261,864 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Somoto BetterInstaller (using Nullsoft Install System)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\updatecheckersetup.exe

Digital Signature
Signed by:
Somoto Limited

Authority:
DigiCert Inc

Valid from:
11/11/2013 2:00:00 AM

Valid to:
11/16/2015 2:00:00 PM

Subject:
CN=Somoto Limited, O=Somoto Limited, L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05805984E5838EE41CFD82C4057379F9

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ue34f8fQJQzWRHbi5o6Y0Zqmz2OiT3eL6JEQWbx:wSQazCHT9ozAPG1d

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8392

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file updatecheckersetup.exe has been seen being distributed by the following 3 URLs.

http://pc.youc.net/docs/op/???????/.../0009--UpdateCheckerSetup.exe

http://ffmirror.com/.../dl.php?timestamp=1408450545&sdtoken=ZmlsZXNmcm9ndXBkYXRlY2hlY2tlci80XzRfMC9VcGRhdGVDaGVja2VyU2V0dXAuZXhl&token=a1de2e683e4077748151e039d22fc3cf

http://ffmirror.com/.../dl.php?timestamp=1397989768&sdtoken=ZmlsZXNmcm9ndXBkYXRlY2hlY2tlci80XzRfMC9VcGRhdGVDaGVja2VyU2V0dXAuZXhl&token=9f9d4fe2fba0f9e4aa45c2f8d3e2c1e3

Remove updatecheckersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.