installerdu-2.4.2.9633.exe

Carambis Installer

ROSTPEI LTD

The application installerdu-2.4.2.9633.exe by ROSTPEI has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from du2.carambis.com and multiple other hosts. While running, it connects to the Internet address server6.ext.freeteam.org on port 80 using the HTTP protocol.
Publisher:
Carambis (ROSTPAY LTD.)  (signed by ROSTPEI LTD)

Product:
Carambis Installer

Version:
1.0.0.2

MD5:
5222a5358770dc00a7101443b5387525

SHA-1:
9c82c9353c3b6dc131ed33c1d087a6c439ef6a43

SHA-256:
93c1decbd9a56901d9beff401cffb9fe986f066a4c7c6ac84174b80971e343fe

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
9/20/2018 3:54:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog (M)
16.12.8.9

File size:
919.7 KB (941,776 bytes)

Product version:
1.0.0.2

Copyright:
Carambis (ROSTPAY LTD.) All rights reserved. 2014

Original file name:
Carambis Installer

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installerdu-2.4.2.9633.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2016 12:00:00 AM

Valid to:
8/26/2019 11:59:59 PM

Subject:
CN=ROSTPEI LTD, O=ROSTPEI LTD, STREET="str. Dolomanovsky, 70D, office 1001", L=Rostov-on-Don, S=Rostov region, PostalCode=344011, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
57F3D607DA7727B586CD4AFC0D5D8D37

File PE Metadata
Compilation timestamp:
12/8/2016 8:07:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2BD520

Entry point:
60, BE, 00, D0, 5D, 00, 8D, BE, 00, 40, E2, FF, C7, 87, 34, 61, 27, 00, 72, 61, AC, 03, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 25, B8, 2B, 00, 57, 83, C3, 04, 53, 68, 1E, 05, 0E, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
904 KB (925,696 bytes)

The file installerdu-2.4.2.9633.exe has been seen being distributed by the following 2 URLs.

http://du2.carambis.com/.../InstallerDU-2.4.2.9633_lbdu.exe

http://www.carambis.com/.../driver_updater3.html?cs_aff=lbdu

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server6.ext.freeteam.org  (46.46.160.233:80)

TCP (HTTP):
Connects to cache.google.com  (190.63.135.42:80)

TCP (HTTP):
Connects to bd058239.virtua.com.br  (189.5.130.57:80)

Remove installerdu-2.4.2.9633.exe - Powered by Reason Core Security