» prostosurf.exe
Overview
Analysis
File Details
Behaviors (1)
Network (5)

prostosurf.exe

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ProstoSurf’.

File name:

prostosurf.exe

MD5:

cd701927861a68791336ac53ba12e2c2

SHA-1:

b1ae1af43029aa2109656abacbc6ca734f2935f8

SHA-256:

89322e463e0200334b7f9371fd6ce6bfd5a07dda841163cde20338fb517db0c7

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/18/2024 7:39:53 AM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

HackTool.Win32.Injecter

t3scan.2.0.0.0

File size:

1.4 MB (1,453,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\prostosurf\prostosurf.exe

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:yYtPRTNof7WDA4ug9mcSPJSPPS0S2PXh98jOF4Go718Rrv1k9aN0dqT1H3:zt5VfSRgS2/X8jOFo7CvHNCqTZ3

Entry address:

0x12179C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 6C, 11, 52, 00, E8, 40, 55, EE, FF, A1, C8, 75, 52, 00, 8B, 00, E8, 60, 3D, F4, FF, A1, C8, 75, 52, 00, 8B, 00, BA, 14, 18, 52, 00, E8, 47, 39, F4, FF, 8B, 0D, 88, 77, 52, 00, A1, C8, 75, 52, 00, 8B, 00, 8B, 15, D0, DA, 51, 00, E8, 4F, 3D, F4, FF, 8B, 0D, E4, 77, 52, 00, A1, C8, 75, 52, 00, 8B, 00, 8B, 15, 24, D1, 51, 00, E8, 37, 3D, F4, FF, A1, C8, 75, 52, 00, 8B, 00, E8, AB, 3D, F4, FF, E8, 5A, 30, EE, FF, 00, 00, FF, FF, FF, FF, 0A, 00, 00, 00, 50, 72, 6F, 73, 74, 6F, 53, 75... 
[+]

Entropy:

6.5682

Code size:

1.1 MB (1,182,208 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ProstoSurf

Command:

"C:\Program Files\prostosurf\prostosurf.exe" -up

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to we-in-f95.1e100.net (173.194.66.95:80)

TCP (HTTP):

Connects to we-in-f113.1e100.net (173.194.66.113:80)

TCP (HTTP):

Connects to srv120-131.vkontakte.ru (87.240.131.120:80)

TCP (HTTP):

Connects to srv118-131.vkontakte.ru (87.240.131.118:80)

TCP (HTTP):

Connects to iad23s08-in-f15.1e100.net (74.125.228.111:80)

Scan prostosurf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.