» lan employee monitor.exe
Overview
Analysis
File Details
Behaviors (1)

lan employee monitor.exe

LSC局域网屏幕监控系统

LouYue Software Development Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘lscserver’.

File name:

Publisher:

LouYue Software Development Co.,Ltd. (signed and verified)

Product:

LSC局域网屏幕监控系统

Version:

4.01

MD5:

fdb2ebb3f5399f2368b9213b82c259fc

SHA-1:

d39ad0304d9a111630a845774a301dbd174f6c46

SHA-256:

c381f5966f4358a52a820eb59dd608305e4dda193796c73be684676403d69f47

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/23/2024 2:12:34 PM UTC (today)

Scan engine

Detection

Engine version

McAfee

Program.Keylog-MySpyMon

18.0.204.0

File size:

855 KB (875,520 bytes)

Product version:

4.01

Original file name:

LSC局域网屏幕监控系统.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\lan employee monitor\lan employee monitor.exe

Digital Signature

Signed by:

LouYue Software Development Co.,Ltd.

Authority:

VeriSign, Inc.

Valid from:

4/11/2011 5:00:00 PM

Valid to:

4/11/2012 4:59:59 PM

Subject:

CN="LouYue Software Development Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LouYue Software Development Co.,Ltd.", L=LouDi, S=HuNan, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4196F92430255474574D2184B3168698

File PE Metadata

Compilation timestamp:

6/25/2011 1:01:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:TlmXFwE+8pDsMWsx7oAYu+OeJafD6nHHRX3gM0iRA2Uz1LM4u9ftKyw1XVKKY31V:SqOeJafD6HGiRASEJF+

Entry address:

0x47A4

Entry point:

68, EC, 4E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 50, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, BC, 91, 28, 9C, 18, 85, C5, 49, 91, E0, D9, 3F, 1E, 83, 40, B2, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 49, 00, 02, 50, 83, 01, 4C, 53, 43, BE, D6, D3, F2, CD, F8, C6, C1, C4, BB, BC, E0, BF, D8, CF, B5, CD, B3, 00, 46, 01, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 98, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 18, 00, 00, 00, 9E, 8A, 23, 75, 3B, 6B, F9, 4E, 9D, DB, 03, 64, 43, 65, 36, 8D... 
[+]

Entropy:

5.8265

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

836 KB (856,064 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

lscserver

Command:

C:\Program Files\lan employee monitor\lan employee monitor.exe

Scan lan employee monitor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.