srptm.exe

srptm

ReSoft LTD.

The application srptm.exe by ReSoft has been detected as adware by 7 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Snap.Do by ReSoft Ltd. and LPT System Updater Service by Linkury Ltd., both potentially unwanted software. While running, it connects to the Internet address 18.55.c0ad.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
ReSoft LTD.  (signed and verified)

Product:
srptm

Version:
1.0.0.0

MD5:
7132983a66846e51c5851bc3d5d2e191

SHA-1:
d999255cf66234962a850f2674ed5e2950bf4068

SHA-256:
408bb7185f659948749f8890ff1beee1a989b5c88e0e759f991b15e810cfd5fa

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/26/2024 4:32:11 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.140.82

Dr.Web
Trojan.Damaged.1
9.0.1.0220

IKARUS anti.virus
PUA.Linkury
t3scan.1.6.1.0

Reason Heuristics
PUP.ReSoft.F
14.8.8.1

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Trend Micro House Call
Suspicious_GEN.F47V0716
7.2.220

VIPRE Antivirus
Adware.Linkury
26354

File size:
13 KB (13,344 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
srptm.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\lpt\srptm.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/1/2013 8:00:00 AM

Valid to:
8/2/2015 7:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
2/7/2014 3:15:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:+HGfzY5VIWInuGXnhCxYPLg8Jbq2NuIp1:KhIWRiMEZq2II7

Entry address:
0x2D0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4594

Code size:
3.5 KB (3,584 bytes)

The file srptm.exe has been discovered within the following programs.

LPT System Updater Service  by Linkury Ltd.
This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.
81% remove it
Snap.Do  by ReSoft Ltd.
Snap.Do is a web browser addin/toolbar (depending on the browser it is installed within) that plugs into all the major web browsers including Internet Explorer, Chrome and Firefox. Snap.
snap.do
85% remove it
Snap.Do Engine  by ReSoft Ltd.
Snap.
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to no-dns-yet.ccanet.co.uk  (178.255.87.3:443)

TCP (HTTP):
Connects to 94.31.0.60.IPYX-076665-ZYO.above.net  (94.31.0.60:80)

TCP (HTTP):
Connects to w04.ttms.eu  (46.105.156.76:80)

TCP (HTTP):
Connects to vps.planetjune.com  (216.22.25.67:80)

TCP (HTTP):
Connects to server-54-230-140-33.sfo5.r.cloudfront.net  (54.230.140.33:80)

TCP (HTTP):
Connects to server-52-84-132-149.atl52.r.cloudfront.net  (52.84.132.149:80)

TCP (HTTP):
Connects to sa-in-f93.1e100.net  (74.125.200.93:80)

TCP (HTTP):
Connects to sa-in-f190.1e100.net  (74.125.200.190:80)

TCP (HTTP):
Connects to s40.ehost.pl  (193.143.77.40:80)

TCP (HTTP):
Connects to s.lubimyczytac.pl  (176.9.67.55:80)

TCP (HTTP):
Connects to liverail.com  (184.173.160.151:80)

TCP (HTTP):
Connects to kul06s06-in-f6.1e100.net  (173.194.126.102:80)

TCP (HTTP):
Connects to kul06s06-in-f4.1e100.net  (173.194.126.100:80)

TCP (HTTP):
Connects to kul06s06-in-f3.1e100.net  (173.194.126.99:80)

TCP (HTTP):
Connects to kul06s06-in-f1.1e100.net  (173.194.126.97:80)

TCP (HTTP):
Connects to ip-2.213-189-53-163.net.eco.atman.pl  (213.189.53.163:80)

TCP (HTTP):
Connects to initech.skinnyminnymedia.com  (69.61.106.95:80)

TCP (HTTP):
Connects to haproxy5.ca.servers.visadd.com  (198.27.120.88:80)

TCP (HTTP):
Connects to haproxy2.ca.servers.visadd.com  (198.27.102.144:80)

TCP (HTTP):
Connects to haproxy1.ca.servers.visadd.com  (198.50.249.249:80)

Remove srptm.exe - Powered by Reason Core Security