» bitool.dll
Overview
Analysis
File Details
Downloads (2)

bitool.dll

Somoto Ltd.

Somoto uses a monetization platform known as the 'Better Installer' to provide the ability of 3rd party developers to bundle various adware packages through an affiliate pay-per-install program. The module bitool.dll by Somoto has been detected as adware by 8 anti-malware scanners. Includes the Somoto BetterInstaller, an adware installer that will bundle offers for third party applications, mostly adware toolbars, with legitimate softare. These offers are typically installed onto users' PCs by default, but may include an option to 'opt-out' during or after the installation process.

File name:

bitool.dll

Publisher:

Somoto Ltd. (signed and verified)

MD5:

13a09becabce7ce7de02d42d9c00a250

SHA-1:

40ce0a58e99858007e5dcd0bb5bf6a122686a917

SHA-256:

b1f3a0534d9f847ba540ae37258f794bb2d8bb779389ac6753f365a78fb5ab9c

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/19/2024 8:58:09 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Somoto-J [PUP]

2014.9-131203

Bkav FE

W32.Clod332.Trojan

1.3.0.4562

Dr.Web

Adware.Somoto.15

9.0.1.0337

Emsisoft Anti-Malware

Application.Win32.InstallAd

8.13.12.03.09

ESET NOD32

Win32/Somoto

7.9124

Malwarebytes

PUP.Optional.Somoto

v2013.12.03.09

Reason Heuristics

PUP.Somoto.G

14.8.7.17

XVirus List

Win32.Detected

2.8.7

File size:

37.6 KB (38,456 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\bitool.dll

Digital Signature

Signed by:

Somoto Ltd.

Authority:

COMODO CA Limited

Valid from:

9/20/2011 2:00:00 AM

Valid to:

9/20/2014 1:59:59 AM

Subject:

CN=Somoto Ltd., O=Somoto Ltd., STREET=PO Box 58096, L=Tel Aviv, S=--, PostalCode=61580, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00841D099D16B738F34172FEEFE1D2574F

File PE Metadata

Compilation timestamp:

5/3/2013 12:03:15 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:11NiCLH+xD7OgYI1FRJkU4qPAQp66VyTxMZ2OKUHLwgWIxhXg:BiEexBYI1994qPApTx+2OKmLwyhXg

Entry address:

0x54CF

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 37, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, E8, 81, 00, 10, 89, 0D, E4, 81, 00, 10, 89, 15, E0, 81, 00, 10, 89, 1D, DC, 81, 00, 10, 89, 35, D8, 81, 00, 10, 89, 3D, D4, 81, 00, 10, 66, 8C, 15, 00, 82, 00, 10, 66, 8C, 0D, F4, 81, 00, 10, 66, 8C, 1D, D0, 81, 00, 10, 66, 8C, 05, CC, 81, 00, 10, 66, 8C, 25, C8, 81, 00, 10, 66, 8C, 2D, C4, 81, 00, 10, 9C, 8F, 05, F8, 81... 
[+]

Code size:

20 KB (20,480 bytes)

The file bitool.dll has been seen being distributed by the following 2 URLs.

http://d27foqb3kkzkt9.cloudfront.net/sdk/binsis/.../BiTool.dll

http://cdn.bisrv.com/sdk/binsis/.../BiTool.dll

Remove bitool.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.