» linmsl.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

linmsl.exe

linmsl

ReSoft LTD.

The application linmsl.exe by ReSoft has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program LPT System Updater Service by Linkury Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address ocsp.comodoca.com on port 80 using the HTTP protocol.

File name:

linmsl.exe

Publisher:

ReSoft LTD. (signed and verified)

Product:

linmsl

Version:

1.0.0.0

MD5:

f10240a810dbd3340ee2353dc35d4962

SHA-1:

bfb81574511048d1b375e2b03d1e9dd0ebf6019e

SHA-256:

b604a13806f54c1423d3237fa14fff1bb43511cc8a50ff58283ba30013ae6549

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/25/2024 10:30:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Heur.bm1@g5ak0Wc

804

Avira AntiVirus

TR/Trash.Gen

7.11.143.202

Bitdefender

Gen:Adware.Heur.bm1@g5ak0Wc

1.0.20.1630

Dr.Web

Trojan.Damaged.1

9.0.1.0326

Emsisoft Anti-Malware

Gen:Adware.Heur.bm1@g5ak0Wc

8.14.11.22.05

F-Secure

Gen:Adware.Heur.bm1@g5ak0Wc

11.2014-22-11_7

G Data

Gen:Adware.Heur.bm1@g5ak0Wc

14.11.24

IKARUS anti.virus

PUA.Linkury

t3scan.1.6.1.0

MicroWorld eScan

Gen:Adware.Heur.bm1@g5ak0Wc

15.0.0.978

Reason Heuristics

PUP.ReSoft.G

14.11.22.17

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10222

VIPRE Antivirus

Adware.Linkury

35016

File size:

30 KB (30,752 bytes)

Product version:

1.0.0.0

Original file name:

linmsl.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\linmsl.exe

Digital Signature

Signed by:

ReSoft LTD.

Authority:

COMODO CA Limited

Valid from:

7/31/2013 5:00:00 PM

Valid to:

8/1/2015 4:59:59 PM

Subject:

CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

51FA31336CEC649121E9A908289950D2

File PE Metadata

Compilation timestamp:

11/19/2014 5:07:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:KQtQ97lB7iF/vIi6Z+1gKWKQOSQOq7S8bIICIbICbbCbbIbbbbbIIIIbbx+5c0eO:KQQnM1nBQQOuP+T14I1dcMEvq

Entry address:

0x710E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5466

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

20.5 KB (20,992 bytes)

The file linmsl.exe has been discovered within the following program.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

Remove linmsl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.