home

leeamon.exe

Lexmark International, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘leeamon.exe’.
Publisher:
Lexmark International, Inc.  (signed and verified)

Description:
Printer Device Monitor

Version:
0.1.25.0

MD5:
b900d0a4e942fbd9e1081d5039b7d589

SHA-1:
be7914b22e0e3e0e603606cdcaba4f4a50acffd2

SHA-256:
251c4b2be06aacf8db68b48924b6f7b3cc12078b9b44afadf59a604bcbfa529f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 3:09:38 AM UTC  (today)

File size:
750.2 KB (768,176 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\lg lip3310 and lip3320\leeamon.exe

Digital Signature
Signed by:
Lexmark International, Inc.

Authority:
Thawte, Inc.

Valid from:
8/4/2011 9:00:00 AM

Valid to:
8/3/2013 8:59:59 AM

Subject:
CN="Lexmark International, Inc.", OU=ISS, O="Lexmark International, Inc.", L=Lexington, S=Kentucky, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2DB3E1BE80A3B095FD2C799AE03019EA

File PE Metadata
Compilation timestamp:
1/21/2010 3:32:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:mUFjeuJy6um3Vb1zhWh1+eybJedTKKVEDPohX4gXeUXulkMHBxQn++4dbU1:mUCPmV1zhWH+eyb88ec1glXYkMHBTbU1

Entry address:
0x554EF

Entry point:
E8, 78, F5, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 14, 53, 57, 8B, 7D, 08, 33, DB, 3B, FB, 89, 5D, FC, 74, 11, 39, 5D, 10, 75, 07, 33, C0, E9, 64, 01, 00, 00, 76, 03, 66, 89, 1F, 56, 8B, 75, 0C, 3B, F3, 74, 09, 81, 7D, 10, FF, FF, FF, 7F, 76, 1D, E8, B0, 32, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 74, DC, FF, FF, 83, C4, 14, E9, 1E, 01, 00, 00, FF, 75, 14, 8D, 4D, EC, E8, AE, D7, FF, FF, 3B, FB, 8B, 45, EC, 0F, 84, CF, 00, 00, 00, 39, 58, 14, 75, 47, 39, 5D, 10, 76, 1B, 8B, 4D, FC...
 
[+]

Entropy:
5.7480

Code size:
628 KB (643,072 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
leeamon.exe

Command:
"C:\Program Files\lg lip3310 and lip3320\leeamon.exe"


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.