home

LF30.exe

Пароль на Папку

Everstrike OOO

The application LF30.exe by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Everstrike Software  (signed by Everstrike OOO)

Product:
Пароль на Папку

Version:
3.9.4.0

MD5:
0652fdf81790fa89de2029d8220e79da

SHA-1:
869e22995183903df4ee712d1e8c2418f4a2e95f

SHA-256:
dab290a44e2ba269e0bfa89d014372203f40329a5d77d60e7d2ea91715d84981

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 1:08:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Everstrike (M)
16.2.13.8

File size:
3.3 MB (3,446,152 bytes)

Product version:
3.9.4.0

Copyright:
Copyright c 2001-2012

Trademarks:
Пароль на Папку

Original file name:
LF30.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\пароль на папку\lf30.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
12/29/2011 3:00:00 AM

Valid to:
1/13/2013 2:59:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=Ulyanovsk, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
641E267F3D0313EEED9D86E2C36B2260

File PE Metadata
Compilation timestamp:
8/10/2012 12:16:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:c5uUq/t8D7cGEitdojR6ypVWuJH0gi62iAlWmdKo:AgtaRPdoj8y/nUAo

Entry address:
0x155F90

Entry point:
E8, A2, 77, 00, 00, 00, 00, 4C, 6F, 61, 64, 42, 69, 74, 6D, 61, 70, 41, 00, 8D, 74, 24, 24, 8D, 64, 24, 24, 66, 0F, A3, DB, F5, 83, EF, 04, 0F, BA, E2, 04, F5, F9, FF, 37, E9, 0D, D5, FF, FF, 00, 00, 45, 6E, 63, 6F, 64, 65, 50, 6F, 69, 6E, 74, 65, 72, 00, 00, 00, 53, 65, 74, 45, 6E, 64, 4F, 66, 46, 69, 6C, 65, 00, F2, AE, E9, F7, 76, 00, 00, 00, 00, 49, 6D, 61, 67, 65, 4C, 69, 73, 74, 5F, 43, 72, 65, 61, 74, 65, 00, F7, 3F, E5, 54, 92, B0, 80, 16, 3D, C4, 82, 19, 70, 35, 73, 86, BD, C2, CC, 73, F9, FF, F0...
 
[+]

Code size:
213.5 KB (218,624 bytes)

Remove LF30.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.