Somoto BetterInstaller

Kategorie: Adware und PUAs Schutz verfügbar seit:26 Sep 2012 20:54:58 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:26 Sep 2014 10:17:00 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Somoto BetterInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Somoto BetterInstaller include:

Example 1

File Information

Size
639K
SHA-1
00018060c699861cb6e27b32c912bb2793cb52e8
MD5
b777d42534100be2c6b5a02e844bbc0c
CRC-32
79008a92
File type
Windows executable
First seen
2014-05-07

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
  • c:\Documents and Settings\test user\Desktop\Continue SomotoPub Installation.lnk
    Size
    896
    SHA-1
    7d85fd9176b31628adb846080f0cd51ce5adb75c
    MD5
    d0cd88debdf9f801acc5d572ccfdd5cd
    CRC-32
    6ff0c0ee
    File type
    Windows Shortcut file (.LNK)
    First seen
    2014-05-08
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\csshover3.htc
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\BG.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\ie6_main.css
    Size
    2.0K
    SHA-1
    7cba803f76187092da044cb346cf2375db8402c4
    MD5
    ac0dd292dc6f9850414806089ef4a2af
    CRC-32
    19b66361
    File type
    Cascading Style Sheet
    First seen
    2014-02-06
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\form.bmp.Mask
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\browse.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Logo.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\button-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\sponsored.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\ProgressBar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg-corner.png
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdneu.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
  • http://cdnus.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
DNS Requests
  • cdneu.mosumumopo.com
  • cdnus.mosumumopo.com
  • os.mosumumopo.com
  • os2.mosumumopo.com

Example 2

File Information

Size
232K
SHA-1
0001f8341a38651d425ac192a7aaf1a2ec2e1b09
MD5
a63baa3b29e1b50dafa018937e537fc5
CRC-32
106a74de
File type
Windows executable
First seen
2014-02-27

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\biSetup48725.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\bisetup48725.exe
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\lzma.exe
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns9.tmp
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://d3i96453fgxymg.cloudfront.net/init/sample/0ff59a9284bfa24dbdd49126b2916d78
DNS Requests
  • d3i96453fgxymg.cloudfront.net

Example 3

File Information

Size
220K
SHA-1
00020ce1f9b845321d3d6c2d9302e0599ce934d8
MD5
4edd34066d096ebe14b33252ac0b8712
CRC-32
10838a89
File type
Windows executable
First seen
2014-06-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh4.tmp\setupcl.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\setupcl.exe
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\tue5957.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://sub.verbarodontotormae.info/init/sample/1e737904da406a41979d010c998b202e
DNS Requests
  • sub.verbarodontotormae.info

Download Sophos Produkte kostenlos testen
Jetzt downloaden