home

spt_tmp_n.exe

MailRuSputnik

LLC Mail.Ru

The application spt_tmp_n.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from sputnikmailru.cdnmail.ru. While running, it connects to the Internet address mrds.mail.ru on port 80 using the HTTP protocol.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
MailRuSputnik

Version:
2, 4, 1, 333

MD5:
07a99e575a7b2e03c94746a300ba992e

SHA-1:
c0563bf12346d3b7bc94883899666ca3bf3e47e2

SHA-256:
710b1f7ee719d3762164a543d7dc110fff9d3a8d43b5569ec0a3b409572116a4

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
6/26/2025 1:45:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.MailRu.J
14.3.28.18

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.14119

File size:
15.4 MB (16,136,224 bytes)

Product version:
2, 4, 1, 333

Copyright:
Copyright c 2005 - 2012

Original file name:
MailRuSputnik.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\spt_tmp_n.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 2:00:00 AM

Valid to:
2/7/2014 1:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
12/20/2013 4:13:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:mKIIa/Lkx4TzMnO0/8nBziEX0xyyDCEiVdPXZ3bmZ35Q16:mKO/TzuO0/uBzQxbPiVfrgK16

Entry address:
0xCAE2A

Entry point:
E8, DA, 96, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 77, 09, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, C7, 97, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, D4, 88, 5B, 00, E8, 43, 97, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B8, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 77, 98, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, CC, CC, CC, CC, CC, CC...
 
[+]

Code size:
1.6 MB (1,711,104 bytes)

The file spt_tmp_n.exe has been seen being distributed by the following URL.

http://sputnikmailru.cdnmail.ru/mailrusputnik.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

Remove spt_tmp_n.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.