» srptm.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

srptm.exe

srptm

ReSoft LTD.

The application srptm.exe by ReSoft has been detected as adware by 7 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LPT System Updater’. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and Snap.Do by ReSoft Ltd., both potentially unwanted software.

File name:

srptm.exe

Publisher:

ReSoft LTD. (signed and verified)

Product:

srptm

Version:

1.0.0.0

MD5:

1c6a6eb8f899dd8f0062f8f39b4e3fd4

SHA-1:

dfae75659b203ff27e5e414792a451ca25d2032b

SHA-256:

f1f1aa9bf93351395c9388694429bf8d21d8e0d3d853d7c44fd2556ae3767d6b

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/18/2024 8:14:28 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.140.82

Dr.Web

Trojan.Damaged.1

9.0.1.0192

IKARUS anti.virus

PUA.Linkury

t3scan.1.6.1.0

Reason Heuristics

PUP.Startup.ReSoft.F

14.8.8.1

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10489

Trend Micro House Call

Suspicious_GEN.F47V0716

7.2.220

VIPRE Antivirus

Adware.Linkury

31140

File size:

24 KB (24,608 bytes)

Product version:

1.0.0.0

Original file name:

srptm.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\srptm.exe

Digital Signature

Signed by:

ReSoft LTD.

Authority:

COMODO CA Limited

Valid from:

7/31/2013 8:00:00 PM

Valid to:

8/1/2015 7:59:59 PM

Subject:

CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

51FA31336CEC649121E9A908289950D2

File PE Metadata

Compilation timestamp:

7/6/2014 10:27:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:Lrp37JRvLSueiXIvIXDVA7RWyHbM44FlG7+Zqt2I/wZuGZInhCxYPLg8JSnh:HprJRYiYvIXxA7R24Ma2I/wcgIMEE

Entry address:

0x5952

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4056

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

14.5 KB (14,848 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

LPT System Updater

Command:

C:\users\{user}\appdata\local\lpt\srptm.exe

The file srptm.exe has been discovered within the following programs.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

Snap.Do by ReSoft Ltd.

Snap.Do is a web browser addin/toolbar (depending on the browser it is installed within) that plugs into all the major web browsers including Internet Explorer, Chrome and Firefox. Snap.

snap.do

85% remove it

Remove srptm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.