home

lastpass.exe

The application lastpass.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
MD5:
c5bd32180d601095d59710726b532feb

SHA-1:
a900dff48efe561787c4fa769c64c8b4e9036c60

SHA-256:
4bb643b7af9387db3e34835592a1d3ccb221c24e9cc7a525468b04f00c64d85c

Scanner detections:
16 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 2:39:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
640

avast!
Win32:DomaIQ-EQ [PUP]
2014.9-150506

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.630

Dr.Web
Trojan.Packed.27936
9.0.1.0216

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
8.15.05.06.03

ESET NOD32
Win32/DomaIQ.BB potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Application.Bundler.DomaIQ
11.2015-06-05_4

G Data
Application.Bundler.DomaIQ
15.5.25

herdProtect (fuzzy)
variant of java.exe (Adware)
2015.8.4.9

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.1633

McAfee
Program.CryptDomaIQ
5600.6684

Microsoft Security Essentials
Threat.Undefined
1.197.2773.0

MicroWorld eScan
Application.Bundler.DomaIQ.Q
16.0.0.378

Norman
Application.Bundler.DomaIQ.Q
11.20150506

Total Defense
Win32/Tnega.LdHVeGB
37.1.62.1

VIPRE Antivirus
Threat.4150696
39676

File size:
283.6 KB (290,368 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\lastpass.exe

File PE Metadata
Compilation timestamp:
6/25/2014 3:06:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Fw6JOerGp2aPeiyx+/Hqyo3ia/keIJSkH364n8LQTj3Fv0B2fJYn:FwurYPex+/2rXI5XxBj3GMfi

Entry address:
0x3B4C

Entry point:
B8, 8C, 8E, 4B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 74, 6F, 64, 73, 76, 61, 69, 6C, 61, 6E, 00, 61, 51, A2, A1, 87, C7, 3A, 02, 72, 18, 1B, DC, 63, 45, 81, 49, 58, 7F, E2, 4D, 9E, 5E, 9E, F5, 7C, 6F, 20, B7, BA, A0, FB, 3F, 8A, DB, 80, 7C, FF, 4C, 00, 6B, CC, A4, 02, 69, A1, 6F, 99, 3E, FF, 26, C5, 1C, 8D, 1F, 7E, 1C, D5, B8, E8, 7D, 2D, 1C, 34, 4F, 2C, E7, 56, A8, FC, D2, 53, 40, 4E, 86, 44, A3, 72, 53, 6D, FF, 28, 49, 66, 06, 0C, 56, 82, 6C, 54, 80, B8, 6C, 4E...
 
[+]

Entropy:
7.8031  (probably packed)

Code size:
103.5 KB (105,984 bytes)

Remove lastpass.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.