installercc.exe

Carambis Installer

ROSTPAY

The application installercc.exe by ROSTPAY has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.carambis.com.
Publisher:
Carambis (MEDIA FOG LTD.)  (signed by ROSTPAY)

Product:
Carambis Installer

Version:
1.0.0.2

MD5:
768fd8c2287cafc1701ebdd3f577a824

SHA-1:
6d2b30afd7e104bd6c56f083e2d02eea1d7d31a2

SHA-256:
c6d849b09926ba929aff486cd40dd8bda10a79f23ae6cd57ddd9b70332ea046b

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:13:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Agent-AYCR [PUP]
2014.9-151024

Dr.Web
Program.Unwanted.328
9.0.1.0297

Reason Heuristics
PUP.MediaFrog.ROSTPAY.Installer (M)
15.10.24.7

File size:
919.5 KB (941,600 bytes)

Product version:
1.0.0.2

Copyright:
Carambis (MEDIA FOG LTD.) All rights reserved. 2014

Original file name:
Carambis Installer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installercc.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
12/17/2014 6:05:04 AM

Valid to:
12/16/2016 10:35:09 AM

Subject:
CN=ROSTPAY, O=ROSTPAY, L=Rostov-on-Don, C=RU

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27ED6D593F8321

File PE Metadata
Compilation timestamp:
7/13/2015 4:17:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:tv/Ll0wEheaMmFNRKrW1K/s4XpVXY/0ctfohLIpcJNMjCFY0Fc:dBExMmFNRXKE4XpVXYMctfotje2Y0G

Entry address:
0x2BC430

Entry point:
60, BE, 00, C0, 5D, 00, 8D, BE, 00, 50, E2, FF, C7, 87, 34, 51, 27, 00, 9E, CD, E5, AC, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, CB, A7, 2B, 00, 57, 83, C3, 04, 53, 68, 25, 04, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Entropy:
7.9947  (probably packed)

Code size:
904 KB (925,696 bytes)

The file installercc.exe has been seen being distributed by the following URL.

Remove installercc.exe - Powered by Reason Core Security