» su-pro.exe
Overview
Analysis
File Details
Programs (1)
Network (2)

su-pro.exe

Carambis Software Updater Pro

ROSTPAY LLC

The software installer program will bundle additional offers in its setup routine. The application su-pro.exe by ROSTPAY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Carambis Software Updater Pro by Media Fog Ltd.. While running, it connects to the Internet address server6.ext.freeteam.org on port 80 using the HTTP protocol.

File name:

su-pro.exe

Publisher:

MEDIA FOG LTD. (signed by ROSTPAY LLC)

Product:

Carambis Software Updater Pro

Version:

2.2.0.3098

MD5:

1063f82e02a67292e0701f31f54c9d5d

SHA-1:

27e88577f40b33c89613970761c600ca9233d32e

SHA-256:

46a72acb78de79b59533aa22ec9448835c7d07bf3b625fca5500d59551fbe239

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 11:09:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ROSTPAY.G

14.2.16.8

File size:

3.1 MB (3,222,048 bytes)

Product version:

2.2.0.3098

Original file name:

supro.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\carambis\software updater pro\su-pro.exe

Digital Signature

Signed by:

ROSTPAY LLC

Authority:

Thawte, Inc.

Valid from:

12/2/2012 7:00:00 AM

Valid to:

12/17/2014 6:59:59 AM

Subject:

CN=ROSTPAY LLC, OU=Software Development, O=ROSTPAY LLC, L=Rostov-on-Don, S=Russian Federation, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

495CD4660DC23A429838971E58CFF10B

File PE Metadata

Compilation timestamp:

6/27/2013 6:05:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:2Mu4RGSTaKxLDl4Z+2bx5X9iWQJSoozpS:2D0aKxF4Qqx5NiWQJVozpS

Entry address:

0x89D000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 10, 1A, 00, 2D, 8F, 24, DA, 05, 05, 84, 24, DA, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, E0, 28, F4, 47, 68, A4, 8B, 5E, 10, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, B2, 23, 32, B2, 4D, 00, B4, DB, F4, 33, 87, C0, A0, E8... 
[+]

Code size:

2.2 MB (2,317,312 bytes)

The file su-pro.exe has been discovered within the following program.

Carambis Software Updater Pro by Media Fog Ltd.

Publisher's description - “Carambis Software Updater is a program designed specially to check for software updates and new versions of applications installed on your computer and their quick download.”

www.carambis.com/programs/software_updater_pro.html

51% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server6.ext.freeteam.org (46.46.160.233:80)

TCP (HTTP):

Connects to server9.freeteam.org (87.245.204.39:80)

Remove su-pro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.