home

srptm.exe

srptm

ReSoft LTD.

The application srptm.exe by ReSoft has been detected as adware by 7 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LPT System Updater’. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and Shopping Helper Smartbar Engine by ReSoft Ltd., both potentially unwanted software.
Publisher:
ReSoft LTD.  (signed and verified)

Product:
srptm

Version:
1.0.0.0

MD5:
3f214479b626b10649f0d0cd070d2d7e

SHA-1:
b705f0254a70519682a9c50e8d2ce05374348451

SHA-256:
f230f6b11664ed7c9291222d2721525cf26b7bc05ab45edfdebc6e4ce8a7457a

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
5/7/2024 3:58:05 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.140.82

Dr.Web
Trojan.Damaged.1
9.0.1.0220

IKARUS anti.virus
PUA.Linkury
t3scan.1.6.1.0

Reason Heuristics
PUP.Startup.ReSoft.F
14.8.8.1

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Trend Micro House Call
Suspicious_GEN.F47V0716
7.2.220

VIPRE Antivirus
Adware.Linkury
30884

File size:
24 KB (24,608 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
srptm.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\lpt\srptm.exe

Digital Signature
Signed by:
ReSoft LTD.

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
384:iq0UU+S/eXIPaziXQxRC6b1FlG7+dqttI5T0huGcnhCxYPLg8JaTD:IeYPv8CEatI5T00FMEYH

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 00, 00, 0C, 00, 00, 00, B0, 39, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4246

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LPT System Updater

Command:
C:\users\{user}\appdata\local\lpt\srptm.exe


The file srptm.exe has been discovered within the following programs.

LPT System Updater Service  by Linkury Ltd.
This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.
81% remove it
Shopping Helper Smartbar  by ReSoft Ltd.
This toolbar/web browser extension is typically installed as an optional offer, users generally have this bundled with 3rd party software.
snap.do
65% remove it
Shopping Helper Smartbar Engine  by ReSoft Ltd.
Shopping Helper Smartbar is a potentially unwanted web browser extension that is ad-supported and will display various popup and banner ads as well as modify the user's web browser search and home page settings.
69% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to ec2-54-235-86-71.compute-1.amazonaws.com  (54.235.86.71:80)

TCP (HTTP):
Connects to ec2-54-225-183-233.compute-1.amazonaws.com  (54.225.183.233:80)

TCP (HTTP):
Connects to ec2-184-73-223-201.compute-1.amazonaws.com  (184.73.223.201:80)

Remove srptm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.