Somoto BetterInstaller

Categoria: Adware e PUA Opzioni di protezione ora disponibili:26 set 2012 20:54:58 (GMT)
Tipo: Unspecified PUA Ultimo aggiornamento:05 lug 2015 12:54:53 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Somoto BetterInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of Somoto BetterInstaller include:

Example 1

File Information

Size
639K
SHA-1
00018060c699861cb6e27b32c912bb2793cb52e8
MD5
b777d42534100be2c6b5a02e844bbc0c
CRC-32
79008a92
File type
Windows executable
First seen
2014-05-07

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_sample.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\ie6_main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\csshover3.htc
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\form.bmp.Mask
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\BG.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Color_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\ProgressBar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Logo.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Grey_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\sponsored.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\images\Close_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg-corner.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\button-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\browse.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish118343\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Desktop\Continue SomotoPub Installation.lnk
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://cdneu.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
  • http://cdnus.mosumumopo.com/app/SomotoPub/SomotoFLV1/SomotoFLV1.cis
DNS Requests
  • cdneu.mosumumopo.com
  • cdnus.mosumumopo.com
  • os.mosumumopo.com
  • os2.mosumumopo.com

Example 2

File Information

Size
220K
SHA-1
00020ce1f9b845321d3d6c2d9302e0599ce934d8
MD5
4edd34066d096ebe14b33252ac0b8712
CRC-32
10838a89
File type
Windows executable
First seen
2014-06-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsh4.tmp\setupcl.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\setupcl.exe
  • c:\docume~1\support\locals~1\temp\nsh4.tmp\tue5957.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://sub.verbarodontotormae.info/init/sample/1e737904da406a41979d010c998b202e
DNS Requests
  • sub.verbarodontotormae.info

Example 3

File Information

Size
220K
SHA-1
000c3e24820e3c1a3cf8950867de522ecaefe29e
MD5
517d1c195d39f5169550f03b01bcc5e9
CRC-32
48c7a579
File type
Windows executable
First seen
2014-06-16

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu4.tmp\setupcl.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\mon3507.exe
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns6.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns7.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns8.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsu4.tmp\setupcl.exe
  • c:\windows\system32\wbem\wmic.exe
HTTP Requests
  • http://sub.inamorate.info/init/sample/2bb2c897e3d89e4691dfff25548d09b6
DNS Requests
  • sub.inamorate.info

scarica Prova gratuita dei prodotti Sophos
Scarica subito