Somoto BetterInstaller

Kategorie: Adware und PUAs Schutz verfügbar seit:26 Sep 2012 20:54:58 (GMT)
Typ: Unspecified PUA Zuletzt aktualisiert:24 Dez 2015 05:33:16 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Somoto BetterInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Somoto BetterInstaller include:

Example 1

File Information

Size
639K
SHA-1
00018060c699861cb6e27b32c912bb2793cb52e8
MD5
b777d42534100be2c6b5a02e844bbc0c
CRC-32
79008a92
File type
Windows executable
First seen
2014-05-07

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg-corner.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\csshover3.htc
  • c:\Documents and Settings\test user\Desktop\Continue SomotoPub Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\browse.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\ie6_main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\BG.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\form.bmp.Mask
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Logo.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\sponsored.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\button-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\ProgressBar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button.png
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdneu.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
  • http://cdnus.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
DNS Requests
  • cdneu.mosumumopo.com
  • cdnus.mosumumopo.com
  • os.mosumumopo.com
  • os2.mosumumopo.com

Example 2

File Information

Size
220K
SHA-1
00020ce1f9b845321d3d6c2d9302e0599ce934d8
MD5
4edd34066d096ebe14b33252ac0b8712
CRC-32
10838a89
File type
Windows executable
First seen
2014-06-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh4.tmp\setupcl.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\setupcl.exe
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\tue5957.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://sub.verbarodontotormae.info/init/sample/1e737904da406a41979d010c998b202e
DNS Requests
  • sub.verbarodontotormae.info

Example 3

File Information

Size
407K
SHA-1
000790f429f1242f706ca54bce94459e6bbaf8d0
MD5
09b998341fecfa5c119b16da6f37e7c6
CRC-32
2e48d7e5
File type
Windows executable
First seen
2015-11-06

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu4.tmp\setupcl.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\7za.exe
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\setupcl.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://sub.yorkshatb.com/init/sample/ed1224abf4b6ed4f9d307460aeca50f2
DNS Requests
  • sub.yorkshatb.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden