home

UpdateProgress.exe

Carambis PhotoTrip Updater

ROSTPAY LLC

The software installer program will bundle additional offers in its setup routine. The application UpdateProgress.exe by ROSTPAY has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Carambis  (signed by ROSTPAY LLC)

Product:
Carambis PhotoTrip Updater

Description:
UpdateProgress

Version:
1.0.0.0

MD5:
2e02adf6ba784e5c10872aa08431f759

SHA-1:
c597b40b7b3385e5db04c6653b6dedb92c4284d3

SHA-256:
7e5aa94ceff21b3c1e3f2f1b9e40d66e14d8ee94dafd5b06ae9596b5458211aa

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 7:42:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MediaFrog.ROSTPAY (M)
16.2.12.19

File size:
26.5 KB (27,168 bytes)

Product version:
1.0.0.0

Copyright:
MEDIA FOG LTD. All rights reserved. 2012

Original file name:
UpdateProgress.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\carambis\phototrip\updateprogress.exe

Digital Signature
Signed by:
ROSTPAY LLC

Authority:
Thawte, Inc.

Valid from:
12/2/2012 3:00:00 AM

Valid to:
12/17/2014 2:59:59 AM

Subject:
CN=ROSTPAY LLC, OU=Software Development, O=ROSTPAY LLC, L=Rostov-on-Don, S=Russian Federation, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
495CD4660DC23A429838971E58CFF10B

File PE Metadata
Compilation timestamp:
12/12/2013 1:36:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
384:7erd05TQrA26V4JHxbU5vJd/LuRAGToQlHNO5PVQtyRJji3f3n7AuSPLYKrbP:S5rLDJHxbU5vL0TtltOTQERJUWrb

Entry address:
0x2294

Entry point:
E8, 90, 04, 00, 00, E9, 6B, FD, FF, FF, 3B, 0D, 28, 50, 40, 00, 75, 02, F3, C3, E9, 17, 05, 00, 00, 6A, 14, 68, 48, 42, 40, 00, E8, C7, 03, 00, 00, FF, 35, FC, 55, 40, 00, 8B, 35, 38, 30, 40, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 80, 30, 40, 00, 59, EB, 64, 6A, 08, E8, F4, 05, 00, 00, 59, 83, 65, FC, 00, FF, 35, FC, 55, 40, 00, FF, D6, 89, 45, E4, FF, 35, F8, 55, 40, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, 3C, 30, 40, 00, FF, D6, 50, E8, BA, 05...
 
[+]

Code size:
7 KB (7,168 bytes)

Remove UpdateProgress.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.