winrar32bit401_softangodownloader.exe

Softango Download Manager

Softango Inc.

This is the Performersoft setup installer. The application winrar32bit401_softangodownloader.exe by Softango has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallBrain installer. With this installer, users are expecting to download WinRAR archiver but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Softango  (signed by Softango Inc.)

Product:
Softango Download Manager

Version:
15.9.28.27

MD5:
13154191662b9957e9613c0cbbdeea5a

SHA-1:
172d44de0a61e89bc6355c9cedd58846adadc81d

SHA-256:
92e1e72cd34aafabd58a9e00904dc0618dc4cf69f84feeb81b5cbe87e3be77f7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
9/30/2020 1:22:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Performersoft (M)
17.3.6.23

File size:
604.8 KB (619,288 bytes)

Product version:
15.9.28.27

Copyright:
Copyright 2012

Original file name:
Softango_Download_Manager.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winrar32bit401_softangodownloader.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/29/2013 2:18:12 PM

Valid to:
3/29/2016 2:18:12 PM

Subject:
CN=Softango Inc., O=Softango Inc., L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07B9F930CBBB4F

File PE Metadata
Compilation timestamp:
5/24/2013 6:21:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x1749D

Entry point:
E8, 89, 41, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, D0, 92, 42, 00, E8, ED, 17, 00, 00, 6A, 0E, E8, 86, 43, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 2C, D5, 42, 00, BA, 28, D5, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, B7, EA, FF, FF, 59, FF, 76, 04, E8, AE, EA, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, DC, 17, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 52, 42, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Code size:
140 KB (143,360 bytes)

Windows Firewall Allowed Program
Name:
winrar32bit401_softangodownloader.exe (in)


Remove winrar32bit401_softangodownloader.exe - Powered by Reason Core Security