srptm.exe

srptm

PINWID LTD

The application srptm.exe by PINWID has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Muvic Smartbar by Pinwid Ltd. and LPT System Updater Service by Linkury Ltd., both potentially unwanted software. While running, it connects to the Internet address 50.115.122.45.static.westdc.net on port 80 using the HTTP protocol.
Publisher:
PINWID LTD  (signed and verified)

Product:
srptm

Version:
1.0.0.0

MD5:
c1c98c6d961e8b7114cfa51f9339c711

SHA-1:
092689288153d91c59b5e15739b7ec7cd100314b

SHA-256:
2cf852982718c2263fd7b391888fe25756a0549dd353cf27a736b88aa9274b64

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/26/2024 11:41:00 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
MalSign.Pindi
2015.0.3513

Reason Heuristics
PUP.PINWID.F
14.4.6.0

VIPRE Antivirus
Adware.Linkury
27802

File size:
22.5 KB (23,072 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
srptm.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\lpt\srptm.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/4/2014 4:00:00 PM

Valid to:
2/5/2015 3:59:59 PM

Subject:
CN=PINWID LTD, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46733, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9AC9FC9A1B1E8FD63013E3CCE7B0578

File PE Metadata
Compilation timestamp:
3/25/2014 7:14:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:k4rZZEkkLCpyFlG7+VtvIt0uGdnhCxYPLg8l4Scd:k8kLCcvItxoMEl5g

Entry address:
0x5286

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4205

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
13 KB (13,312 bytes)

The file srptm.exe has been discovered within the following programs.

LPT System Updater Service  by Linkury Ltd.
This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.
81% remove it
Muvic Smartbar  by Pinwid Ltd.
This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads.
www.browse-search.com/?
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to videohelp.com  (85.17.24.140:80)

TCP (HTTP):
Connects to server-54-230-5-161.dfw3.r.cloudfront.net  (54.230.5.161:80)

TCP (HTTP):
Connects to ec2-54-243-88-157.compute-1.amazonaws.com  (54.243.88.157:80)

TCP (HTTP):
Connects to ec2-54-225-95-126.compute-1.amazonaws.com  (54.225.95.126:80)

TCP (HTTP):
Connects to ec2-54-209-75-177.compute-1.amazonaws.com  (54.209.75.177:80)

TCP (HTTP):
Connects to dis.sv.us.criteo.com  (74.119.117.80:80)

TCP (HTTP):
Connects to cas.ny.us.criteo.com  (74.119.118.86:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-205-120-154.deploy.static.akamaitechnologies.com  (23.205.120.154:80)

TCP (HTTP):
Connects to a23-205-120-145.deploy.static.akamaitechnologies.com  (23.205.120.145:80)

TCP (HTTP):
Connects to a23-205-120-139.deploy.static.akamaitechnologies.com  (23.205.120.139:80)

TCP (HTTP):
Connects to 50.115.122.45.static.westdc.net  (50.115.122.45:80)

Remove srptm.exe - Powered by Reason Core Security