» utorrent33build29342_softangodownloader.exe
Overview
Analysis
File Details

utorrent33build29342_softangodownloader.exe

Softango Download Manager

Softango Inc.

This is the Performersoft setup installer. The application utorrent33build29342_softangodownloader.exe by Softango has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

Publisher:

Softango (signed by Softango Inc.)

Product:

Softango Download Manager

Version:

15.9.28.27

MD5:

cbcf099bd2fd1bff520b58801b61555f

SHA-1:

4632f204088e9f2f1395999c00c18d4a0862b9c9

SHA-256:

e52dfef4f081218acf84be32a88b5cda418d3cd3c5bd2c806a30071ef129f088

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/16/2024 7:20:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

888

Agnitum Outpost

Trojan.DL.Brantall

7.1.1

Avira AntiVirus

TR/Dldr.Brantall.A.12

7.11.170.42

avast!

Win32:Installer-O [PUP]

140813-1

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.1210

Dr.Web

Adware.Downware.1407

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

9.0.0.4324

ESET NOD32

Win32/InstallBrain.AJ potentially unwanted application

7.0.302.0

F-Prot

W32/A-86618429

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2014-30-08_7

G Data

Application.Bundler.InstallBrain

14.8.24

IKARUS anti.virus

PUA.Filescout

t3scan.1.7.5.0

Kaspersky

not-a-virus:HEUR:AdWare.Win32.BrainInst

15.0.0.494

Malwarebytes

PUP.Optional.Softango.A

v2014.08.30.07

Microsoft Security Essentials

Threat.Undefined

1.183.1039.0

MicroWorld eScan

Application.Bundler.InstallBrain.A

15.0.0.726

NANO AntiVirus

Riskware.Win32.BrainInst.crdwje

0.28.2.61861

Quick Heal

TrojanDownloader.Brantall.A5

8.14.14.00

Reason Heuristics

PUP.Softango.h

14.8.30.16

Sophos

InstallBrain

4.98

Vba32 AntiVirus

TrojanDownloader.BrainInst

3.12.26.3

VIPRE Antivirus

Threat.4759033

32210

Zillya! Antivirus

Downloader.BrainInst.Win32.39

2.0.0.1906

File size:

671.8 KB (687,928 bytes)

Product version:

15.9.28.27

Original file name:

Softango_Download_Manager.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\utorrent33build29342_softangodownloader.exe

Digital Signature

Signed by:

Softango Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

3/29/2013 10:18:12 AM

Valid to:

3/29/2016 10:18:12 AM

Subject:

CN=Softango Inc., O=Softango Inc., L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07B9F930CBBB4F

File PE Metadata

Compilation timestamp:

8/14/2013 7:03:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:lySptWEiWIJqTgx4DtspcudLdqBJ8ZELa0AjtQlya6cEE985:l+XITgeLawAZ6aPjtQlT85

Entry address:

0xBF2D

Entry point:

E8, 8E, 46, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, CC, 35, 42, 00, 00, 75, 18, E8, D9, 3E, 00, 00, 6A, 1E, E8, 23, 3D, 00, 00, 68, FF, 00, 00, 00, E8, 31, 26, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, CC, 35, 42, 00, FF, 15, 5C, 90, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, C8, 35, 42, 00, 74, 0D, 53, E8, 81, 19, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 53, 19, 00, 00, 89, 30, E8, 4C, 19, 00, 00, 89... 
[+]

Entropy:

7.7659 (probably packed)

Code size:

96 KB (98,304 bytes)

Remove utorrent33build29342_softangodownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.