home

{blocked}.exe

LastPass Installer

LastPass

This is a setup and installation application. The file has been seen being downloaded from www.amazon.co.uk and multiple other hosts.
Publisher:
LastPass  (signed and verified)

Product:
LastPass Installer

Version:
1.72.0

MD5:
b6c4222f7e7b65e1d98cb6569331be09

SHA-1:
437c42f1026db224d152f056f0264fb776d8068e

SHA-256:
4aeb932130b0088ca833b18ef89384ff74a7167bac5dac9e03a8a0d014b9c63b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 3:32:03 PM UTC  (today)

File size:
8.4 MB (8,767,688 bytes)

Product version:
1.72.0

Copyright:
Copyright 2008-2011

Original file name:
lastpass.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lastpass_1.72.0.exe

Digital Signature
Signed by:
LastPass

Authority:
The USERTRUST Network

Valid from:
9/3/2008 7:00:00 PM

Valid to:
9/4/2011 6:59:59 PM

Subject:
CN=LastPass, O=LastPass, STREET=103 Moore Ave SE, L=Vienna, S=Virginia, PostalCode=22180, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
3F69FBA246A764DA9DFB76EF43C37679

File PE Metadata
Compilation timestamp:
1/20/2011 9:39:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:5u5bQMReFqCtGY8W8KT+GVQj2DuUZylAhK6TKXS:i1f2t8KT+GVQ0BwlAhrTKXS

Entry address:
0x2E4864

Entry point:
B8, AC, 12, 4A, 04, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, BC, FA, 8E, 96, F6, EC, 87, 6C, A3, D6, 33, AF, D6, 09, 15, EF, 49, 4B, 19, 62, 37, 5A, D0, 8F, BA, A8, E8, DC, 83, C4, 9D, 86, 93, 05, B6, A4, 72, E7, 58, 90, 7B, 5B, DB, 13, 0F, E1, C3, F0, C2, DB, 75, B9, AF, C8, 1B, 78, 4F, 5A, 0F, B5, A9, 5E, 19, 8B, AA, 11, 0B, EA, 39, 9A, 39, ED, 53, 09, C2, 0F, 31, BA, 56, 59, 6F, BA, 1F, 6B, 8F, 39, 8D, EA, 72, D2, 6F, DF, E3...
 
[+]

Entropy:
7.9625

Packer / compiler:
PECompact v2

Code size:
3.4 MB (3,536,384 bytes)

The file {blocked}.exe has been seen being distributed by the following 3 URLs.

https://www.amazon.co.uk/.../?downloadById=edd00f40-ee2b-4779-a357-316a492d1a4d&attachment=1

https://zdub-cd-00.s3-external-3.amazonaws.com/A1FAV0IFSCOS/XR4tJbM/knp30lALVCx8YBdy 4AiiXCBFhkYigRQKVTg1j4qjJvgWMHRDD0C2UbFsV5WzW/OVBA0 EURPXvAApHZ7K/URHrcvttn9V9Kms0fchdvyAXyHIpn0zbqqBgyd0akoM/RrE4K8P5DP7yGqoHDo q2E8a6BXHJ5Da9/1IOEX1vcpesYpwMmECv55bzyWOGG1sh79CoN4tG3tawUd/.../z2mKmAO5luZpl7CRA==

https://www.amazon.co.uk/.../?downloadById=edd00f40-ee2b-4779-a357-316a492d1a4d&attachment=0

Scan {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.