installerdu-2.4.2.9633.exe

Carambis Installer

ROSTPAY

The application installerdu-2.4.2.9633.exe by ROSTPAY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts. While running, it connects to the Internet address server6.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
Carambis (ROSTPAY LTD.)  (signed by ROSTPAY)

Product:
Carambis Installer

Version:
1.0.0.2

MD5:
aa0ae3616341f54c6ce2dc6f3f061a78

SHA-1:
bf17357fd69cd710693e47e45ed8c1882742b685

SHA-256:
e2fb3dec7b2805563b1c673be47393e96709f8578b00ddc8120e8017fe013456

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 4:35:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog.ROSTPAY.Installer (M)
16.4.14.15

File size:
920 KB (942,088 bytes)

Product version:
1.0.0.2

Copyright:
Carambis (ROSTPAY LTD.) All rights reserved. 2014

Original file name:
Carambis Installer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installerdu-2.4.2.9633.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
12/17/2014 12:05:04 PM

Valid to:
12/16/2016 4:35:09 PM

Subject:
CN=ROSTPAY, O=ROSTPAY, L=Rostov-on-Don, C=RU

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27ED6D593F8321

File PE Metadata
Compilation timestamp:
4/11/2016 1:52:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:r2CaARACoWClSSjoItq8GKqxH4pygifpsPsYXyabXe:r2+RNolcUtq8PQUyHoCKX

Entry address:
0x2BD680

Entry point:
60, BE, 00, D0, 5D, 00, 8D, BE, 00, 40, E2, FF, C7, 87, 34, 61, 27, 00, 43, 5A, 68, 9C, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 0B, B8, 2B, 00, 57, 83, C3, 04, 53, 68, 71, 06, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
904 KB (925,696 bytes)

The file installerdu-2.4.2.9633.exe has been seen being distributed by the following 27 URLs.

http://dw.uptodown.com/dwn/JBUWf4svllq0Dxx9U_NsALydmBaHb3pCulNn9w4wxb0M5wOCUNGVv3PBxu9ipgdSbG70Vqx6L041MdK-hEf8Usm9hvyzKSRGrepABOcCYuSPVRdf1LQJRscrGoJaifCj/LEc1SUySou-12uG7zRLqj3pg44pfdTNG6BhZY_rJIFUKHKqemPFXUG2LB890P2GkT4XWTSXtUpLnw2913JgF7nhBbtr44BpUO_oWLEjCY1ZT8QBDV63iL79D3kbzQtAh/HTc2INNDNixvNepBkvuQA5EZs4xC6mx8SJS6T4FPaaJPu-6Ued52dRbxZh22FQ-3oPsgcorRDX2bMYeb9gjwJ3Ry8qzQMkk1QtCySEfEKh4jRfWXZT_yLNQDfVUHsCsZ/.../

http://www.carambis.com/download.php?name=/.../driverupdater.exe&aff=nd3bx

https://www.carambis.com/programs/.../download.html

http://dw.uptodown.com/dwn/BrsVxfhlP2sOToV9Kt39uJMaoNc1Ddc79yMWDWKEpnUo5FlyeiRmSEdbhYFTJ54grxzLYejdKpUasR693CsBcjEbmFUPkXscSQKQj3qIGcs79qQ5Z1kkBP2SX8mX--qq/49Twqkw3zUStTd-xlaq9Xo-aYgnw5BY74sAA7_xv7wgrcFpFwG_sqCNsV24mG29IVgh49CNnCwBpsXcRFCjTHA27LdxXoorOGQTjh1OPqqfGIXbQYAXxn7R3sGPL_vZu/dd2UZjUzZ8_oY8nD7guV47hW_iiFKedR9mWaUB1o1e32VzrsoGOdx8VpeKgLuXW8gVo3GxA-R01b2MzY88FPGrdRUrklC2fVHdu_Bt7Sq_-uMAlDHkEhMgExIDOt1bsq/.../

https://dw.uptodown.com/dwn/H3083yLZqSy1JdVRuyl-H1PkMO1SS6nEt_zwlbvItxdY3dZVGRpGXgVo0IfB8YyLMVpJA8P8sBANUaP0jlJulHbLrHGyIG1VZM0GkyJkcljNjb_BGtcEW_HicTtsGuEr/x98nV6F-5bsjwfV-i1PZxMX4Fpk6Yf0kMCUkpeyTrMFayWZwlykrft98rll8UE9ND3SRjAYwX21THb4AZNh7f9N8gM0aAfAB5W0QgKuiR0Ypm7dChZHUS6dEhAOlpPiF/EUhpRAwFQvQcAVQmWIY_kUs0etbQ07dRBEHhr6bcaxSHb2u3xWJZ6FgoedcSqd-u7x_NseXf4fW2AVownaOvs5ZHLOXMik7xsnXFlKON3EbiPspw84DCbh7GbImVtfF6/.../

https://dw.uptodown.com/dwn/uNGOTbMrDn45mKY2N_B7t9neTrtklMP2jtddI4s-EGD9JWcOmvLGoYv_ZOM7G8wWZKR6b29lggGf_2MIE5GB35xcSLvvUno8bZqueUR3cbKFA9yioG7zi9xWMlthOaSS/vbfvUK7yAKynZu23AGaSHw0msem6dWby0L1nt-QcUD3x186m9uMKUJAh4Taz02t-QLkUEL7iK17siNtvtp60QLjW-JyPbfaAABtPw3FaSniD5KFhcg_duzy8kNePb3vX/KO6pQ3aDWENZwwc8lNglWoLAnGbJ-OCDYm9p5pp_Zvu470-d9qbpR45KAZHtKIFdAckH9ByAcjV1DzickAj7A1d2F9ATt7V_unnpO4fPN56oV_T-rJKLERviP-afSwSB/.../

https://dw.uptodown.com/dwn/Ix3KdGHD72z0xROvXf8_8fmdLo3qmumuOQ9VrmHMMp3CzRAmJx_Qg5c9qqCeiKL8bzAGcgmi1sswBIs7nhGwv9Knk8YdnDeMgo6Kt_ivwXKO5ZzqDqtfninCLy3UacUv/GXKUc0qb5wU2MVqirNX9oeKDdNpw_KnS0hYvbCYHCk7qL1IKQ4gNEBBUyojZ3twflHJy7hjXVfTtHZWD65dIv5p4wihuXGKS7neOiCbfgyJcMEr1GOeqSiMRNztoRbhH/0JmhYxjpH8_YxZMQcuYTCVMbDgz4_FCMhXQ3f6a_ymh1wi9QURTr7NQh1DhHZLMlE28S9WwL7_vPmEZWAb8m8PYGTfmMbPbJiPgewOK48wk2rIjsCzDwUOXJAUIlli6p/.../

http://dw.uptodown.com/dwn/eo9e86inn11kqv3RMjMZWVrzcM6YA_BzGDJccMmYqeAY_Mx1ba22QuEjhU9ZQFLfwCcA8YoOvSq3Mvgd-OhGoQee06JLTYCffIVEiJfTyEOtpO02ixOwTtCj7XIQgSKg/R0H0XLgRDyrfFyHVdahdjO4pp6VrUVBfeiBp_mjlsCiO-wshq7it0fOkAHO2rQ3r2W9o0Eptw9mhrcHkglDOfgOXLVdLw9egggyoT_b2sbnAYuzqxEGQ5x62kOq1NMZS/pbO3c8yWRP_TnHg2gwyAFYokgLiMNJuDuMCn-uM7-HzaOzdLDbC6d3Ptin03Z8RySpwDxHhGBX2Kwk8lymoKcavBq623MWsUOZcfcAjOVrDnMy6bFyZKR-6QuHDlSj4P/.../

http://www.carambis.ru/programs/.../download.html

http://dw.uptodown.com/dwn/-m6W-dStKCJAcYdDEC8EqyfOhbbUr2V34Cz1YSjRyu3xmKcaqEk6AiKKoLjyxeKg6NDZz0o-7su6r_OtCryptqBEAUWokdMVUMRFrT6kgsWJpWlKzRNaIU1VjI9Y8WDi/IFZxdFFmGwKtQuOtlzgkWs7rDJiQvSaVe0Qh5S-zv3KHu6P8wGRA4udibNE1p7RFBqnDmUfUrns3IBubFSuMIioQTVpoX3BYVOlt8iWPSax8-ejodadQJaZ_TtYcgwJs/vYCpVhJsgjD79ecIawjEjYujEGhD9lserbnpkE6HfRUfmqfBJ5xekSumAWz05c8VpZaWVxnbZMFZrs9BjWOrj1IP5ZH-tHhFOMIz_rc9hAUGy4x9oBX8aqOWc8E5F4AO/.../

http://www.carambis.ru/download.php?name=/.../driverupdater.exe&aff=vsoft

https://dw.uptodown.com/dwn/uoW4upM2I4RBQIdDGozRl8Q3MnM0vo6TMR5ht71IWMkPKBjGsbHmgVp-IK_4zeQpozYNfgjqO5-EEfeGBq0hBii4sl05AcWbd3uCs05RACx7FNaCCzr4UJk-I-g2ARMc/_xcQcDYiGZv5VXSwfP3qEacN_XysgQM5Kk0CvjlshCFjB9hmMzWcOh--gW6s8T_VzyudlF0V-FXNGuDHrRfVkQwtirkdUw9ciqnR9t-H3GnTbWejl9MqcDF2_lj47GXi/.../

http://dw.uptodown.com/dwn/CWvcO9h8iGhxInhr6atFpszrn8sdGxW5UE17m1fifMj4a2SF9V0MOhA3pP83wzO4HRxd9G93IH5BSktXrCCmLPBMCHsWnBA8dkW2u1ukqy89XW85aN-DXIo1zsyy8xPq/8n2lVJdd-Y_FOut0Vs4xhUhtXaQAVnuq0QpK549uBGVLFienidIXzqulSwoehTYAEe1Bq4TTsu_hHuYwP2Fyjch47XdpvZIcjFpaE3p5n2Rk-0JqB4J9LERqYn8rviA0/SG5xetEH7Qv70HwQlQ_XoCbHmZZgw72iphd_nYOb4v6tngq5vBenxZpKQzqzOf7zsU0Z9IX8hswJauD1ZuwXZFqCD5s-PHj7mSvSQGAOn5jt01NPkop4hwp3QBq7ICyj/.../

https://dw.uptodown.com/dwn/wGlgsVtN6Mbq7qsNpusmgVWXdYX_fOUIelqqfb2XOEzdzF8wHvp2vOK85oxJrv0bVf-gyl0ydF-75w_V4nnotSO6m3R5Ivs7EAH3E6gyxZIWw7D5Tz3-cC25r81k1bJY/TwFAfHnknytLMigjVdXsu_8fwdpwxUI1Uwsu2paf3E46oONjkGibBhVr2IxS0whHagEt791MjCO5jAzhR1st_c_uryw5TjYZTiHMGU7CQqtUmZ-zMggT8P5xRR6RGrOD/1ObArW3CdEoNbJOQY3ZTsZYQ-Bm_LiUW731OGA2SefYmFjsFgjQzTsOqKmiUrC8dVvrVeXkwaesWDCSCIvEjHdg3Wmgcq-cBkzCAlZSBtmpE65tNzPu_Z0uL_9ntTkCD/.../

http://dw.uptodown.com/dwn/HW_fVRem1UrYqZKC5YL_E0rZ5edUZ7_WJ3K5cUlV8L5J6UISumMUbe32BvICl96Xw42mk6OVvgPq1qvxZuMhtMKkI8ptSLhy4ojNdLoZbGp8jr7tGIgpcWjxhCGmDRO4/WZzLgUImtiF2znAlOjC-XNpTmYLDaVUzeQCSIiKzjPUb7Bejbm3pRwLpFUNWJFTcZFpS0nkt3RREigzcucPclbi9CcF-8CJYjwuNADTl8uo2nmzDAO_Fjj9pm_pN-Kt9/loyrVaHk-fgWkhaJEAQ1weKbz94jyA4w4GISw-vy54yAAm1r-16SBl1M3HY_L4HrYnfQmClYCSF_WcGEoWNLuhjGFemblCYpOEXE_2h-fUNuWpmeHuQnKLpCyE4MbC9Y/.../

https://dw.uptodown.com/dwn/wNaAHcf2AI5jIkc8a9SQ9i86iji6sqYI3ZpiWamOjf0jEbIoVlABlpI-7YliCnUKYoBEmuF3IauoveOTLGHDOfbNUVLFAGBhfklmfO4ASQrJ6r6ItYHYTgbzL7j3zT77/MhGb9Ks6QzTpkHYEu_x1UQjirJrhL3fZjkqSefrYP-5r4AGOIdQpb_cIpZY2uHzaphfh-E3IJvrOJSMJLegHqUblSEz19Drb1jXG6N1qOO8Iiky8Z12c1e_viE2UHJZq/APpbdGZfghZnEIn9Td2r3XgR35-j4xKXUOcwyOaa7JOyQ8Cd8Bsz5cNVE26D6lfGjufCuVQIf-jFU6L5lOBB1npryPj3FPfYH-TS9YT485_09X2eeHQlwtUJqzWBZQVD/.../

http://dw.uptodown.com/dwn/6GNr-_JumYEKOg0Fv8otHahCq_VeJRFwbGJCy4z-iO7pxSF__Zkg-51-_bItvqHkuYj4yLxuw2jiYk6gShq9zN96D2EeBFWLD8Ac-46QU7GXuuhlJ8_nUastYZ1Wd8PZ/CRPPJzXne3GcGZ4qVk4bHM-a2BFkWkGacX30ry4ckoPd5Jo5ygUDhLgymPFSXvNpD5M8dFrOWaHJcrIuryaVROdatrRUQfBaxNXJYJhFA6TrocPmfQmoUqA6cUSfpLMp/CTJc38XEyIdv_WRHibFZWUng8iiExC3tzxEFpm0r5RM_XFA0peK5u_ZSR8ja9TRPHRzMZxtIplXn2V_wgKbEAR0vacq9QtTG11xY3QLrKnmQVjWn59F7RGvdbV_XclSY/.../

http://dw.uptodown.com/dwn/qkPcEuB9zj6SQAK4w843V6f5jZhzp00omic6VJMi31_FlRmgIvshUNewHTyjh2zuj9qcUFRfl_BNm7BXqpdBjyLIN0IZ_LysrrvS2z9gtWzBR7mMKhzqv9tT2uYtFMAV/7vyFiOZN82-NudwJgpc-283fo6IRqG498sX0C6VLAv4frwtdwl0oUrhPc5CIv21ZaG3lbip9bM6-SGzVUZoQqlQ-nECvF06HqoeLmAoIw1gwBAcID3_tTdg0MZb3R045/_VSqvjQSHfhNZMLcRsOm8Ymtj_jGglvoqIBJWvyALXDAf2OitjPfoyPrVlbzmNoelBZ5SJGbklaaMdwAdVgoFqyIec78ZgD4M7TvzoJ7JTCERwH82zxrmK2Hpl3D5psl/.../

http://www.carambis.com/.../driverupdater.exe

https://dw.uptodown.com/dwn/U2Fp-a3ZFgTR-0zyxdzhA0tSolSmdXJp3KSFHpuOGPvuAwsejydhcCPVfJSfAeL2uz5ylGOiBGr5UlpUO0BXpN0Eek88-C0UWanF8gfvw4hPXO1TWX7J2DC8N5C51P5h/y0eQB-SZ4-qfmanNdh2nF_kPf024yFsXB0rxltQi0ZrB0IOE9eBLBF_FucVZU0VNWRnndnuuUr9Gdjh_xgM1bzRxCC-5JU8iCskSSPLlnSp6xgttxDmnyo_43iCSYLkt/bQZzA7JdMYh0q3dfZChGwQWjxvDIFhmxzUthDDF4WdKDBiAdE-HrfH7h2uPlL-_h1blXvQmpU_G6jvTbP_H7sCrxRaEIAn9QaktfbrvLDun-nvM8XK3EVIefA75XHSHC/.../

http://relizua.com/engine/.../bmFtZT0vcHJvZ3JhbXMvZHJpdmVydXBkYXRlci5leGUmYW1wO2FtcDthZmY9dnNvZnQ=

http://rudn3.carambis.com/InstallerDU-2.4.2.9633.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server6.ext.freeteam.org  (46.46.160.233:80)

Remove installerdu-2.4.2.9633.exe - Powered by Reason Core Security