srptm.exe

srptm

Linkury

This is part of the Linkury monetization software, a web browser toolbar used to 'hijack' a user's search in order to collect revenues. The application srptm.exe by Linkury has been detected as adware by 13 anti-malware scanners. This file is typically installed with the program Yahoo Community Smartbar by Linkury Inc. which is a potentially unwanted software program.
Publisher:
Linkury  (signed and verified)

Product:
srptm

Version:
1.0.0.0

MD5:
1b1325a2483f9cdd64b005860669517a

SHA-1:
6fee89e465a6615665187db26242ec7b8e8bb7d5

SHA-256:
2c774519226e6bc8c0f178fb3ea383b6f266392d76a314281a303c986d3629b8

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/27/2024 2:09:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Linkury.B
911

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

Bitdefender
Adware.Linkury.B
1.0.20.1095

Dr.Web
Trojan.Damaged.1
9.0.1.0219

Emsisoft Anti-Malware
Adware.Linkury
8.14.08.07.07

G Data
Adware.Linkury
14.8.24

IKARUS anti.virus
AdWare.Linkury
t3scan.1.6.1.0

MicroWorld eScan
Adware.Linkury.B
15.0.0.657

Panda Antivirus
PUP/LinkUry
14.08.07.07

Reason Heuristics
PUP.Linkury.F
14.8.7.19

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Trend Micro House Call
Suspicious_GEN.F47V0623
7.2.219

VIPRE Antivirus
Adware.Linkury
30672

File size:
21.8 KB (22,296 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
srptm.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\lpt\srptm.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/12/2012 1:00:00 AM

Valid to:
5/12/2015 12:59:59 AM

Subject:
CN=Linkury, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Linkury, L=Ramat Gan, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
77A9B89A06B99100955A838E8BB46FF8

File PE Metadata
Compilation timestamp:
2/9/2014 3:25:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:ASXcJKf4Z1EYVskzbzFciG7+KtMIaBAbuGybnYPLds41eMdJU3:5coEdPsMIQT3gJU3

Entry address:
0x52A2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3978

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
13 KB (13,312 bytes)

The file srptm.exe has been discovered within the following program.

Yahoo Community Smartbar  by Linkury Inc.
Yahoo Community Smartbar is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.
www.linkury.com/index-8_faq.html
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to prodwebmail-cs-zip-dtc-a.evip.aol.com  (205.188.16.149:80)

TCP (HTTP):
Connects to lhr14s20-in-f0.1e100.net  (173.194.34.96:80)

TCP (HTTP):
Connects to lhr14s19-in-f3.1e100.net  (173.194.34.67:80)

TCP (HTTP):
Connects to lhr14s19-in-f0.1e100.net  (173.194.34.64:80)

TCP (HTTP):
Connects to fivemin-cs-shared-dtc-c.evip.aol.com  (205.188.41.3:80)

TCP (HTTP):
Connects to b-shared-a-atc.evip.aol.com  (149.174.97.86:80)

TCP (HTTP):
Connects to a92-122-123-72.deploy.akamaitechnologies.com  (92.122.123.72:80)

TCP (HTTP):
Connects to a92-122-123-67.deploy.akamaitechnologies.com  (92.122.123.67:80)

TCP (HTTP):
Connects to a92-122-123-59.deploy.akamaitechnologies.com  (92.122.123.59:80)

TCP (HTTP):
Connects to a92-122-123-50.deploy.akamaitechnologies.com  (92.122.123.50:80)

TCP (HTTP):
Connects to a92-122-123-49.deploy.akamaitechnologies.com  (92.122.123.49:80)

TCP (HTTP):
Connects to a92-122-123-35.deploy.akamaitechnologies.com  (92.122.123.35:80)

TCP (HTTP):
Connects to a92-122-123-27.deploy.akamaitechnologies.com  (92.122.123.27:80)

TCP (HTTP):
Connects to a92-122-123-10.deploy.akamaitechnologies.com  (92.122.123.10:80)

TCP (HTTP):

TCP (HTTP):

Remove srptm.exe - Powered by Reason Core Security