Should I block it?

98%

Yes, 98% block recommendation.

Possible reasons:

Multiple malware detections

Performance resource utilization

Relationships

incredibar_installer.exe (IncrediMail Installer by IncrediMail Ltd.)

PE file structure

Show functions

Import table

advapi32.dll

RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, CryptDecrypt, CryptEncrypt, CryptDestroyKey, CryptImportKey, CryptSetKeyParam, CryptReleaseContext, CryptAcquireContextW, CryptGetHashParam, CryptDestroyHash, CryptHashData, CryptCreateHash, ConvertSidToStringSidW, GetTokenInformation, IsValidSid, GetLengthSid, CopySid, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyW

comdlg32.dll

GetSaveFileNameW

gdi32.dll

BitBlt, GetDeviceCaps, DeleteObject, GetObjectW, GetStockObject, CreateSolidBrush, CreateCompatibleDC, DeleteDC, CreateCompatibleBitmap, SelectObject

kernel32.dll

LockResource, LoadResource, lstrcmpW, MulDiv, GlobalUnlock, GlobalLock, FreeLibrary, SizeofResource, LoadLibraryExW, GlobalFree, GlobalHandle, InterlockedIncrement, InterlockedDecrement, SetEvent, GetCommandLineW, lstrcpyW, WriteFile, lstrcpynW, lstrcatW, GetTickCount, SuspendThread, ResumeThread, TerminateThread, GetTempFileNameW, GetTempPathW, DeleteFileW, SleepEx, CreateFileW, LoadLibraryW, ReadFile, WaitForMultipleObjects, GetExitCodeProcess, CreateProcessW, CopyFileW, CreateDirectoryW, IsWow64Process, GetSystemInfo, GetVersionExW, Process32NextW, OpenProcess, Process32FirstW, CreateToolhelp32Snapshot, LocalFree, GetPrivateProfileStringW, GetCurrentThread, WideCharToMultiByte, FindNextFileW, FindFirstFileW, SetLastError, GetCPInfo, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, ExitProcess, HeapCreate, GetStartupInfoW, VirtualQuery, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, HeapSize, HeapReAlloc, HeapDestroy, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetLocaleInfoA, SetFilePointer, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, lstrlenA, MultiByteToWideChar, FreeEnvironmentStringsW, CreateEventW, CreateThread, Sleep, GetCurrentThreadId, GetModuleFileNameW, FindResourceW, GlobalAlloc, GetCurrentProcess, FlushInstructionCache, WaitForSingleObject, CloseHandle, lstrcmpiW, GetModuleHandleW, GetProcAddress, GetLastError, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, GetOEMCP, IsValidCodePage, SetStdHandle, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, GetACP

ole32.dll

CoRevokeClassObject, CoTaskMemAlloc, CoRegisterClassObject, CoTaskMemFree, CoInitialize, CoUninitialize, StringFromGUID2, CoCreateInstance, OleLockRunning, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoCreateGuid, CoTaskMemRealloc

psapi.dll

GetProcessMemoryInfo

shell32.dll

Shell_NotifyIconW, CommandLineToArgvW, SHGetFolderPathW, ShellExecuteW

shlwapi.dll

PathFindExtensionW, SHCreateStreamOnFileEx, StrCmpIW, PathFileExistsW, PathFindFileNameW, StrCmpW, StrCpyW, PathCombineW

user32.dll

GetClassNameW, IsChild, SetCapture, RedrawWindow, InvalidateRgn, InvalidateRect, IsWindow, RegisterClassExW, CreateAcceleratorTableW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, CreateDialogIndirectParamW, wsprintfW, KillTimer, SetTimer, PostMessageW, UnregisterClassA, WaitForInputIdle, ShowWindow, MessageBoxW, LoadIconW, SystemParametersInfoW, SetForegroundWindow, ReleaseCapture, GetClassInfoExW, FillRect, CallWindowProcW, EndPaint, BeginPaint, GetDesktopWindow, DestroyAcceleratorTable, SetFocus, ReleaseDC, GetDC, ScreenToClient, ClientToScreen, GetSysColor, GetDlgItem, MoveWindow, SendMessageW, GetParent, GetWindowRect, MonitorFromWindow, GetMonitorInfoW, GetClientRect, MapWindowPoints, SetWindowContextHelpId, GetWindow, SendDlgItemMessageW, SetWindowPos, DestroyWindow, MapDialogRect, EndDialog, DefWindowProcW, UnregisterClassW, CreateWindowExW, GetWindowLongW, SetWindowLongW, PostThreadMessageW, GetMessageW, TranslateMessage, DispatchMessageW, CharUpperW, CharNextW, LoadCursorW, GetFocus, SetWindowTextW

userenv.dll

UnloadUserProfile

wininet.dll

HttpQueryInfoW, InternetReadFile, InternetGetLastResponseInfoW, InternetSetFilePointer, InternetErrorDlg, InternetSetOptionW, InternetQueryOptionW, HttpAddRequestHeadersW, HttpOpenRequestW, InternetCloseHandle, InternetConnectW, InternetOpenW, InternetCrackUrlW, HttpSendRequestW

BetterInstaller.exe

Better Installer by Somoto Ltd

Remove BetterInstaller.exe

Version:	1.0.0.1
MD5:	d79b88bab3231ebebd3c6505ab68ce56
SHA1:	3222e8dab740ba1d640cc66a9cd36070969deb80
SHA256:	d4032354c8ca3b93fd18414d6a7935bcecb18f25534b2259eeaf7d3081ec13ec

Warning 4 antivirus scanners has detected malware.

What is BetterInstaller.exe?

Better Installer is a software bundler host that is designed to package bundled software installations such as the Somoto Toolbar and other advertising enabled software with third-party programs.

About BetterInstaller.exe (from Somoto Ltd)

“Why choose BetterInstaller services? We offer a simple to integrate solution that allows you to earn money from each install. How does BetterInstaller work? During the installation, our sophisticated ”

Details

File name:	betterinstaller.exe
Publisher:	Somoto Ltd
Product name:	Better Installer
Description:	Better Installer Host
Typical file path:	C:\users\user\appdata\local\temp\betterinstaller.exe
File version:	1.0.0.1
Size:	207.5 KB (212,480 bytes)
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Network connections

[TCP] box452.bluehost.com (74.220.219.52:80)

[UDP] listens on port 54219

Malware detections

Based on 40+ industry antivirus scanners, 4 of them detected the following malware.

Antivirus engine	Engine version	Detection
Dr.Web	8.13.4.9	Adware.Somoto.8
Emsisoft Anti-Malware	3.0.0.575	Riskware.Win32.Somoto.AMN (A)
ESET NOD32	7.8205	a variant of Win32/Somoto.A
Fortinet	5.0.43.0	Adware/Somoto.A

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.02039080%	0.028634%
Kernel CPU:	0.00534045%	0.013761%
User CPU:	0.01505035%	0.014873%
Kernel CPU time:	1,342 ms/min	100,923,805ms/min
Context switches:	2/sec	284/sec
Memory
Private memory:	18.59 MB	21.59 MB
Private (maximum):	5.7 MB
Private (minimum):	5.13 MB
Non-paged memory:	18.59 MB	21.59 MB
Virtual memory:	147.88 MB	140.96 MB
Virtual memory (peak):	154.46 MB	169.69 MB
Working set:	5.58 MB	18.61 MB
Working set (peak):	26.12 MB	37.95 MB
Resource allocations
Threads:	9	12
Handles:	575	600
GUI GDI count:	119	103
GUI GDI peak:	127	142
GUI USER count:	49	49
GUI USER peak:	72	71

Process properties

Integrety level:	High
Platform:	32-bit
Command line:	"C:\users\user\appdata\local\temp\betterinstaller.exe" /affid "odinbluraytompegripper" /id "odinbluraytompegripper" /name "odin bluray to mpeg ripper"
Owner:	User

Threads