Somoto BetterInstaller

Category: Adware and PUAs Protection available since:26 Sep 2012 20:54:58 (GMT)
Type: Unspecified PUA Last Updated:06 Mar 2014 23:02:18 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Somoto BetterInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Somoto BetterInstaller include:

Example 1

File Information

Size
232K
SHA-1
0012c19cb6b1d2a22a0c3117f66f295709eb5063
MD5
b2e2429e39ccbb95ff49ecfe23ea6596
CRC-32
c9ed57ad
File type
Windows executable
First seen
2014-02-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsp3.tmp\biSetup1344.exe
    Size
    254K
    SHA-1
    ad55b55be135ab4d2bae15267bd1876320117ac3
    MD5
    768393662b01b423fa8c677865219388
    CRC-32
    cc43b153
    File type
    Windows executable
    First seen
    2013-10-16
Processes Created
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\bisetup1344.exe
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\lzma.exe
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns9.tmp
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://dw50j5zef9twa.cloudfront.net/init/sample/4d5db0545eb0fa4d95f38baf6e4da734
DNS Requests
  • dw50j5zef9twa.cloudfront.net

Example 2

File Information

Size
232K
SHA-1
00141c0c9fbb3db0f1f93cc31297a4ccc4643cb9
MD5
76452eb1433739f36b4570332bff5133
CRC-32
b8846601
File type
Windows executable
First seen
2014-02-18

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\biSetup52300.exe
    Size
    254K
    SHA-1
    ad55b55be135ab4d2bae15267bd1876320117ac3
    MD5
    768393662b01b423fa8c677865219388
    CRC-32
    cc43b153
    File type
    Windows executable
    First seen
    2013-10-16
Processes Created
  • c:\docume~1\support\locals~1\temp\nso3.tmp\bisetup52300.exe
  • c:\docume~1\support\locals~1\temp\nso3.tmp\lzma.exe
  • c:\docume~1\support\locals~1\temp\nso3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nso3.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nso3.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nso3.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nso3.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nso3.tmp\ns9.tmp
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://d1cgz8hmy6d9j9.cloudfront.net/init/sample/70970fce7693a44a9a9bfc690241ccd0
DNS Requests
  • d1cgz8hmy6d9j9.cloudfront.net

Example 3

File Information

Size
232K
SHA-1
001688ee84a27fc734e2061d0588b5eefd30b2d4
MD5
545114fa1c5d5c73555b96d589b223e1
CRC-32
5df9bd54
File type
Windows executable
First seen
2014-02-03

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsp3.tmp\biSetup25482.exe
    Size
    254K
    SHA-1
    ad55b55be135ab4d2bae15267bd1876320117ac3
    MD5
    768393662b01b423fa8c677865219388
    CRC-32
    cc43b153
    File type
    Windows executable
    First seen
    2013-10-16
Processes Created
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\bisetup25482.exe
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\lzma.exe
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsp3.tmp\ns9.tmp
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://dvcsf7yg517sv.cloudfront.net/init/sample/ae60e7d2cc97ac4ba7a50ec9f25e2a11
DNS Requests
  • dvcsf7yg517sv.cloudfront.net

download Try Sophos products for free
Download now