prostosurf.exe

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ProstoSurf’.
MD5:
cd701927861a68791336ac53ba12e2c2

SHA-1:
b1ae1af43029aa2109656abacbc6ca734f2935f8

SHA-256:
89322e463e0200334b7f9371fd6ce6bfd5a07dda841163cde20338fb517db0c7

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/27/2024 4:48:09 AM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
HackTool.Win32.Injecter
t3scan.2.0.0.0

File size:
1.4 MB (1,453,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\prostosurf\prostosurf.exe

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:yYtPRTNof7WDA4ug9mcSPJSPPS0S2PXh98jOF4Go718Rrv1k9aN0dqT1H3:zt5VfSRgS2/X8jOFo7CvHNCqTZ3

Entry address:
0x12179C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 6C, 11, 52, 00, E8, 40, 55, EE, FF, A1, C8, 75, 52, 00, 8B, 00, E8, 60, 3D, F4, FF, A1, C8, 75, 52, 00, 8B, 00, BA, 14, 18, 52, 00, E8, 47, 39, F4, FF, 8B, 0D, 88, 77, 52, 00, A1, C8, 75, 52, 00, 8B, 00, 8B, 15, D0, DA, 51, 00, E8, 4F, 3D, F4, FF, 8B, 0D, E4, 77, 52, 00, A1, C8, 75, 52, 00, 8B, 00, 8B, 15, 24, D1, 51, 00, E8, 37, 3D, F4, FF, A1, C8, 75, 52, 00, 8B, 00, E8, AB, 3D, F4, FF, E8, 5A, 30, EE, FF, 00, 00, FF, FF, FF, FF, 0A, 00, 00, 00, 50, 72, 6F, 73, 74, 6F, 53, 75...
 
[+]

Entropy:
6.5682

Code size:
1.1 MB (1,182,208 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ProstoSurf

Command:
"C:\Program Files\prostosurf\prostosurf.exe" -up


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to we-in-f95.1e100.net  (173.194.66.95:80)

TCP (HTTP):
Connects to we-in-f113.1e100.net  (173.194.66.113:80)

TCP (HTTP):
Connects to srv120-131.vkontakte.ru  (87.240.131.120:80)

TCP (HTTP):
Connects to srv118-131.vkontakte.ru  (87.240.131.118:80)

TCP (HTTP):
Connects to iad23s08-in-f15.1e100.net  (74.125.228.111:80)

Scan prostosurf.exe - Powered by Reason Core Security