home

LF30.exe

Lock Folder XP

Everstrike OOO

The application LF30.exe by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Everstrike Software  (signed by Everstrike OOO)

Product:
Lock Folder XP

Version:
3.9.0.0

MD5:
ab3870eb7775e5a774598c9c756c4ce4

SHA-1:
be94d5d4feb3b225c630e920f2ebea172b4873c2

SHA-256:
dc21a402b5206fc0d5645c52eb13aa6ea9e8ebde711c95cd0295305c389d6655

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 7:47:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Everstrike (M)
16.1.9.7

File size:
1.7 MB (1,793,368 bytes)

Product version:
3.9.0.0

Copyright:
Copyright c 2001-2011

Trademarks:
Lock Folder XP

Original file name:
LF30.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lock folder xp\lf30.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
12/16/2010 4:00:00 PM

Valid to:
1/13/2012 3:59:59 PM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=n/a, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C6FEBAF7115A5C4FFAEAACEC3EA4FF1

File PE Metadata
Compilation timestamp:
6/20/2011 1:55:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:IG2omQ7q6TiLuDqA3q18hxIY2T7t1ipoEz5xmlCFuFyw4seS1ppoMLvA46u4cXXW:IG0UDqAjhhIyw456Vvjs8Ys4oszE5e8+

Entry address:
0x1B85C4

Entry point:
60, C7, 44, 24, 1C, E9, BF, 11, 32, E9, 0A, E1, FF, FF, 4B, 45, 52, 4E, 45, 4C, 33, 32, 2E, 64, 6C, 6C, 00, 00, 00, 52, 65, 67, 4F, 70, 65, 6E, 4B, 65, 79, 45, 78, 41, 00, 00, 00, 47, 65, 74, 44, 6C, 67, 49, 74, 65, 6D, 00, 00, 00, 55, 70, 64, 61, 74, 65, 57, 69, 6E, 64, 6F, 77, 00, 00, 00, 52, 74, 6C, 55, 6E, 77, 69, 6E, 64, 00, 00, 00, 44, 72, 61, 67, 51, 75, 65, 72, 79, 46, 69, 6C, 65, 41, 00, C6, C1, 1C, 73, CA, 1A, 79, CA, 24, 80, DE, 32, 8F, 64, E8, 65, AE, 0D, EF, 5B, AE, B3, 8E, 5F, AE, 24, 6A, 45...
 
[+]

Entropy:
7.1367

Code size:
166 KB (169,984 bytes)

Remove LF30.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.