Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

2.0.0.0 33.33%
2.0.0.0 66.67%
(Note, Somoto Ltd. publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
CryptDestroyKey, CryptSetKeyParam, CryptReleaseContext, CryptAcquireContextW, CryptEncrypt, CryptDecrypt, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyW, OpenProcessToken, OpenThreadToken, CopySid, GetLengthSid, IsValidSid, GetTokenInformation, ConvertSidToStringSidW, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptGetHashParam, CryptImportKey
comdlg32.dll
GetSaveFileNameW
gdi32.dll
GetObjectW, CreateSolidBrush, GetDeviceCaps, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteObject, DeleteDC, GetStockObject
iphlpapi.dll
GetAdaptersInfo
kernel32.dll
LockResource, LoadResource, lstrcmpW, MulDiv, GlobalUnlock, GlobalLock, FreeLibrary, SizeofResource, LoadLibraryExW, GlobalFree, GlobalHandle, InterlockedIncrement, InterlockedDecrement, SetEvent, GetCommandLineW, lstrcpyW, WriteFile, lstrcpynW, lstrcatW, GetTickCount, SuspendThread, ResumeThread, TerminateThread, GetTempFileNameW, GetTempPathW, SleepEx, CreateFileW, LoadLibraryW, DeleteFileW, ReadFile, WaitForMultipleObjects, GetExitCodeProcess, CreateProcessW, CopyFileW, GetFileAttributesW, IsWow64Process, GetSystemInfo, GetVersionExW, Process32NextW, OpenProcess, Process32FirstW, CreateToolhelp32Snapshot, GetCurrentDirectoryW, LocalFree, GetPrivateProfileStringW, GetCurrentThread, WideCharToMultiByte, HeapFree, GetProcessHeap, GetModuleHandleW, GetFileSize, FindNextFileW, FindFirstFileW, SetLastError, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, MultiByteToWideChar, HeapCreate, GetStartupInfoW, VirtualQuery, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, HeapSize, HeapReAlloc, HeapDestroy, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, InterlockedCompareExchange, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetLocaleInfoA, SetFilePointer, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetProcAddress, GetLastError, DeleteCriticalSection, InitializeCriticalSection, IsValidCodePage, LeaveCriticalSection, EnterCriticalSection, RaiseException, lstrlenW, GetCPInfo, lstrlenA, GetACP, GetOEMCP, SetStdHandle, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, CreateEventW, CreateThread, Sleep, GetCurrentThreadId, GetModuleFileNameW, FindResourceW, GlobalAlloc, GetCurrentProcess, FlushInstructionCache, CloseHandle, WaitForSingleObject, ExitProcess, lstrcmpiW, HeapAlloc, FreeEnvironmentStringsW
ole32.dll
CoRevokeClassObject, CoTaskMemAlloc, CoRegisterClassObject, CoTaskMemFree, CoInitialize, CoUninitialize, StringFromGUID2, CoCreateInstance, OleLockRunning, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoCreateGuid, CoTaskMemRealloc
psapi.dll
GetProcessMemoryInfo
shell32.dll
SHGetFolderPathW, ShellExecuteExW, Shell_NotifyIconW, ShellExecuteW, SHCreateDirectoryExW, CommandLineToArgvW, SHChangeNotify
shlwapi.dll
StrCmpIW, PathAddExtensionW, PathFileExistsW, PathFindExtensionW, StrCmpW, StrCpyW, PathFindFileNameW, PathCombineW, SHCreateStreamOnFileEx
user32.dll
ReleaseCapture, GetClassNameW, IsChild, SetCapture, RedrawWindow, InvalidateRgn, InvalidateRect, ReleaseDC, GetDC, ScreenToClient, FillRect, SetWindowTextW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, CreateDialogIndirectParamW, wsprintfW, KillTimer, SetTimer, PostMessageW, WaitForInputIdle, GetSystemMenu, ShowWindow, LoadCursorW, LoadIconW, SystemParametersInfoW, SetForegroundWindow, EnableMenuItem, UnregisterClassA, CallWindowProcW, EndPaint, BeginPaint, GetDesktopWindow, DestroyAcceleratorTable, SetFocus, GetFocus, IsWindow, ClientToScreen, GetClassInfoExW, GetSysColor, GetDlgItem, MoveWindow, SendMessageW, GetParent, GetWindowRect, MonitorFromWindow, GetMonitorInfoW, GetClientRect, MapWindowPoints, SetWindowContextHelpId, GetWindow, SendDlgItemMessageW, SetWindowPos, DestroyWindow, MapDialogRect, EndDialog, DefWindowProcW, UnregisterClassW, CreateWindowExW, GetWindowLongW, SetWindowLongW, PostThreadMessageW, GetMessageW, TranslateMessage, DispatchMessageW, CharUpperW, CharNextW, MessageBoxW, CreateAcceleratorTableW, RegisterClassExW, PostQuitMessage
userenv.dll
UnloadUserProfile
wininet.dll
HttpQueryInfoW, InternetReadFile, InternetGetLastResponseInfoW, InternetSetFilePointer, InternetErrorDlg, InternetSetOptionW, InternetQueryOptionW, HttpAddRequestHeadersW, HttpOpenRequestW, InternetCloseHandle, InternetConnectW, InternetOpenW, InternetCrackUrlW, HttpSendRequestW

biclient.exe

Better Installer by Somoto Ltd. (Signed)

Remove biclient.exe
Version:   2.0.0.0
MD5:   92c732231b7909edeff180174c6ef499
SHA1:   9a3475327fc02a2434383c1ff3b41c90fa27e2fe
SHA256:   d4045cd1fc7ca786ca585ca163d2e0ec0065ee4c42a09f034d8001a382704a43
Warning 10 antivirus scanners has detected malware.

Overview

biclient.exe is malware that executes as a process with the local user's privileges. The file is digitally signed by Somoto Ltd. which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:biclient.exe
Publisher:Somoto Ltd.
Product name:Better Installer
Description:Better Installer Host
Typical file path:C:\users\user\appdata\local\temp\biclient.exe
Original name:BetterInstaller.exe
File version:2.0.0.0
Size:225.08 KB (230,480 bytes)
Build date:10/29/2012 5:47 PM
Certificate
Issued to:Somoto Ltd.
Authority (CA):COMODO CA Limited
Expiration date:Saturday, September 20, 2014
Digital DNA
File packed:No
.NET CLR:No
More details
Network connections
  • [TCP] 212.7.206.90:80
  • [UDP] listens on port 55036
  • [UDP] listens on port 53137

    • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
    Antivirus engineEngine versionDetection
    Avira AntiVir 7.11.105.236 APPL/Somoto.Gen2
    avast! 8.0.1489.320 Win32:Somoto-F [PUP]
    Comodo Internet Security 17061 Application.Win32.Somoto.d
    Dr.Web 8.13.10.6 Adware.Downware.1184
    ESET NOD32 7.8881 Win32/Somoto.A
    F-Prot v6.4.7.1.166 W32/SomotoBetterInstaller.A!Eldorado
    Kaspersky 9.0.0.837 not-a-virus:Downloader.NSIS.Agent.aq
    Malwarebytes 1.75.0.1 PUP.Optional.Somoto.A
    Sophos 4.93.0 Somoto BetterInstaller
    Vba32 AntiVirus 3.12.24.3 Downloader.Agent

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.05166084%
    0.028634%
    Kernel CPU:0.02056020%
    0.013761%
    User CPU:0.03110063%
    0.014873%
    Kernel CPU time:18,175,279 ms/min
    100,923,805ms/min
    CPU cycles:1,433,503/sec
    17,470,203/sec
    Memory
    Private memory:39.24 MB
    21.59 MB
    Private (maximum):41.78 MB
    Private (minimum):18.25 MB
    Non-paged memory:39.24 MB
    21.59 MB
    Virtual memory:182.21 MB
    140.96 MB
    Virtual memory (peak):197.79 MB
    169.69 MB
    Working set:39.87 MB
    18.61 MB
    Working set (peak):41.78 MB
    37.95 MB
    Page faults:19,525/min
    2,039/min
    I/O
    I/O read transfer:33.4 KB/sec
    1.02 MB/min
    I/O read operations:5/sec
    343/min
    I/O write transfer:68.39 KB/sec
    274.99 KB/min
    I/O write operations:9/sec
    227/min
    I/O other transfer:23.45 KB/sec
    448.09 KB/min
    I/O other operations:29/sec
    1,671/min
    Resource allocations
    Threads:17
    12
    Handles:846
    600
    GUI GDI count:112
    103
    GUI GDI peak:120
    142
    GUI USER count:47
    49
    GUI USER peak:62
    71

    BehaviorsProcess properties

    Integrety level:High
    Platform:32-bit
    Command lines:
    • "C:\users\user\appdata\local\temp\biclient.exe" /initurl httC://bi.bisrv.com/:affiC:/:siC:/:uiC:? /affid "network_smb_download31blogspotcom" /id "7ziptzof" /name "7-zip" /uniqid ea5wfma
    • "C:\users\user\appdata\local\temp\biclient.exe" /initurl httC://bi.bisrv.com/:affiC:/:siC:/:uiC:? /affid "network_smb_megamovieline" /id "vlcmediaplayerouno" /name "vlc media player" /uniqid 3yyavd7
    Owner:User

    ResourcesThreads

    Averages
     
    biclient.exe (main module)
    Total CPU:0.04283244%
    0.272967%
    Kernel CPU:0.01720779%
    0.107585%
    User CPU:0.02562465%
    0.165382%
    CPU cycles:6,633,232/sec
    5,741,424/sec
    Memory:244 KB
    1.16 MB
    ntdll.dll
    Total CPU:0.00121880%
    Kernel CPU:0.00075031%
    User CPU:0.00046848%
    CPU cycles:26,258/sec
    Memory:1.23 MB
    WININET.dll
    Total CPU:0.00018707%
    Kernel CPU:0.00000000%
    User CPU:0.00018707%
    CPU cycles:25,691/sec
    Memory:980 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 33.33%
    Windows 7 Home Premium 33.33%
    Windows 8 Pro with Media Center 33.33%

    Distribution by countryDistribution by country

    Indonesia installs about 33.33% of Better Installer.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Acer 50.00%
    Hewlett-Packard 50.00%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE