Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
bi_client.exe
Better Installer by Somoto Ltd. (Signed)
| Version: | 2.0.0.0 |
| MD5: | a89c8a8a9130fafd2000ed64d4cafe2e |
| SHA1: | 44a315aaa7f006ae8342751a3d01d3e0e2bd41e6 |
| SHA256: | 2cfb78a5aae8c4c9fb8a176487bbcb39f57ea2bed91a14c0401f3008ce352743 |
Warning 8 antivirus scanners has detected malware.
Overview
bi_client.exe is malware that executes as a process with the local user's privileges. The file is digitally signed by Somoto Ltd. which was issued by the COMODO CA Limited certificate authority (CA). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).
Details
| File name: | bi_client.exe |
| Publisher: | Somoto Ltd. |
| Product name: | Better Installer |
| Description: | Better Installer Host |
| Typical file path: | C:\users\user\appdata\local\temp\nsqe906.tmp\bi_client.exe |
| Original name: | BetterInstaller.exe |
| File version: | 2.0.0.0 |
| Size: | 225.08 KB (230,480 bytes) |
| Build date: | 10/29/2012 1:47 PM |
| Certificate |
| Issued to: | Somoto Ltd. |
| Authority (CA): | COMODO CA Limited |
| Effective date: | Tuesday, September 20, 2011 |
| Expiration date: | Saturday, September 20, 2014 |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Network connections
[UDP] listens on port 54888
Malware detections
Based on 40+ industry antivirus scanners, 8 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Avira AntiVir |
7.11.105.232 |
APPL/Somoto.Gen2 |
| Antiy Labs AVL |
2.0.3.7 |
WebToolbar/Win32.BetterInstaller |
| avast! |
8.0.1489.320 |
Win32:Somoto-F [PUP] |
| Dr.Web |
8.13.10.8 |
Adware.Downware.1184 |
| ESET NOD32 |
7.8881 |
Win32/Somoto.A |
| F-Prot |
v6.4.7.1.166 |
W32/SomotoBetterInstaller.A!Eldorado |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.Somoto.A |
| Sophos |
4.93.0 |
Somoto BetterInstaller |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00101273% | |
| Kernel CPU: | 0.00076658% | |
| User CPU: | 0.00024615% | |
| Kernel CPU time: | 4,368,028 ms/min | |
| Context switches: | 8/sec | |
| Memory |
| Private memory: | 27.97 MB | |
| Private (maximum): | 42.05 MB | |
| Private (minimum): | 2.63 MB | |
| Non-paged memory: | 27.97 MB | |
| Virtual memory: | 217.75 MB | |
| Virtual memory (peak): | 236.75 MB | |
| Working set: | 3.57 MB | |
| Working set (peak): | 43.75 MB | |
| Page faults: | 24,296/min | |
| Resource allocations |
| Threads: | 19 | |
| Handles: | 589 | |
| GUI GDI count: | 19 | |
| GUI GDI peak: | 22 | |
| GUI USER count: | 34 | |
| GUI USER peak: | 47 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 64-bit |
| Command line: | "C:\users\user\appdata\local\temp\nsqe906.tmp\bi_client.exe" /affid daemontoolslite /id daemontoolslitemdma /silent /initurl httC://bi.bisrv.com/downloader/:affiC:/:siC:/:uiC:? -uid="d8ce1b4a48d84f3597647e32b08c9a70" -sid="daemontoolslitemdma" -affid="daemontoolslite" -muid="20ec5e8dfabb70de7315648bb5d6324f" _!delimiter!_ -offerid="lollipop" -softwarename="lollipop" -url="httC://cdn.bispd.com/mirror/lollipop/lollipopinstaller_somoto_14693.exe" -exec_args=10709 _!delimiter!_ -offerid="optimizer |
| Owner: | User |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
100.00% |
|
