installerdu-2.4.2.9633.exe

Carambis Installer

ROSTPEI LTD

The application installerdu-2.4.2.9633.exe by ROSTPEI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from du2.carambis.com and multiple other hosts. While running, it connects to the Internet address server6.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
Carambis (ROSTPAY LTD.)  (signed by ROSTPEI LTD)

Product:
Carambis Installer

Version:
1.0.0.2

MD5:
69d88da89298003e5bf1b71896654481

SHA-1:
6803846b2a916511b8e269f0ebecf6e6d32ffa35

SHA-256:
ce1aee7a5591621e8a42b01523614861f61b91009af14b37b431fca04e0f437b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 7:40:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog (M)
16.12.8.10

File size:
919.7 KB (941,784 bytes)

Product version:
1.0.0.2

Copyright:
Carambis (ROSTPAY LTD.) All rights reserved. 2014

Original file name:
Carambis Installer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installerdu-2.4.2.9633.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2016 2:00:00 AM

Valid to:
8/27/2019 1:59:59 AM

Subject:
CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET="str. Dolomanovsky, 70D, office 1001", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
57F3D607DA7727B586CD4AFC0D5D8D37

File PE Metadata
Compilation timestamp:
12/8/2016 10:07:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2BD520

Entry point:
60, BE, 00, D0, 5D, 00, 8D, BE, 00, 40, E2, FF, C7, 87, 34, 61, 27, 00, 72, 61, AC, 03, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 25, B8, 2B, 00, 57, 83, C3, 04, 53, 68, 1E, 05, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Entropy:
7.9952  (probably packed)

Code size:
904 KB (925,696 bytes)

The file installerdu-2.4.2.9633.exe has been seen being distributed by the following 2 URLs.

http://du2.carambis.com/.../InstallerDU-2.4.2.9633_nd3bx.exe

http://www.carambis.com/download.php?name=/.../driverupdater.exe&aff=nd3bx

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server6.ext.freeteam.org  (46.46.160.233:80)

Remove installerdu-2.4.2.9633.exe - Powered by Reason Core Security