Somoto BetterInstaller

Categoria: Adware e PUA Opzioni di protezione ora disponibili:26 set 2012 20:54:58 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:21 nov 2014 05:46:35 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Somoto BetterInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Somoto BetterInstaller include:

Example 1

File Information

Size
639K
SHA-1
00018060c699861cb6e27b32c912bb2793cb52e8
MD5
b777d42534100be2c6b5a02e844bbc0c
CRC-32
79008a92
File type
Windows executable
First seen
2014-05-07

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\ie6_main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\ProgressBar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Logo.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg-corner.png
  • c:\Documents and Settings\test user\Desktop\Continue SomotoPub Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\BG.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\sponsored.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\form.bmp.Mask
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\csshover3.htc
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\button-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\browse.css
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdneu.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
  • http://cdnus.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
DNS Requests
  • cdneu.mosumumopo.com
  • cdnus.mosumumopo.com
  • os.mosumumopo.com
  • os2.mosumumopo.com

Example 2

File Information

Size
232K
SHA-1
0001f8341a38651d425ac192a7aaf1a2ec2e1b09
MD5
a63baa3b29e1b50dafa018937e537fc5
CRC-32
106a74de
File type
Windows executable
First seen
2014-02-27

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsi3.tmp\biSetup48725.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\bisetup48725.exe
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\lzma.exe
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns4.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsi3.tmp\ns9.tmp
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://d3i96453fgxymg.cloudfront.net/init/sample/0ff59a9284bfa24dbdd49126b2916d78
DNS Requests
  • d3i96453fgxymg.cloudfront.net

Example 3

File Information

Size
220K
SHA-1
00020ce1f9b845321d3d6c2d9302e0599ce934d8
MD5
4edd34066d096ebe14b33252ac0b8712
CRC-32
10838a89
File type
Windows executable
First seen
2014-06-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh4.tmp\setupcl.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\setupcl.exe
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\tue5957.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://sub.verbarodontotormae.info/init/sample/1e737904da406a41979d010c998b202e
DNS Requests
  • sub.verbarodontotormae.info

scarica Prova gratuita dei prodotti Sophos
Scarica subito