home

lobby.exe

VIRTU CITI LLC

It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
VIRTU CITI LLC  (signed and verified)

MD5:
9b38b9cb721b2a3c093bc422a889883f

SHA-1:
c9e3f7733ba992b42c80a24d7132ff270cee16e5

SHA-256:
da561f9869d49cbe39e1fbecce03d13f3d4227ee8a75b44f8f775fbcc687ff30

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
7/10/2025 2:50:14 AM UTC  (today)

File size:
220.6 KB (225,912 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
VIRTU CITI LLC

Authority:
VeriSign, Inc.

Valid from:
7/30/2013 5:00:00 PM

Valid to:
9/29/2014 4:59:59 PM

Subject:
CN=VIRTU CITI LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=VIRTU CITI LLC, L=Miami, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7646A05E3C89417B65A924F1CABB3ADB

File PE Metadata
Compilation timestamp:
7/23/2014 1:19:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:znvMsyaT0uoWp56ZDmKjJwTOswiB5M5hLd3LP:jMsyaT0Ij4mKjJIwu5M5hLd

Entry address:
0x20BAE

Entry point:
E8, C5, 04, 00, 00, E9, 36, FD, FF, FF, FF, 25, 84, 42, 42, 00, FF, 25, 88, 42, 42, 00, FF, 25, 8C, 42, 42, 00, FF, 25, 90, 42, 42, 00, FF, 25, 94, 42, 42, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 75, 01, C3, 55, 8B, EC, 83, EC, 00, 50, 52, 53, 56, 57, 6A, 00, FF, 75, 04, E8, C1, 07, 00, 00, 59, 59, 5F, 5E, 5B, 5A, 58, 8B, E5, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 8B, F2, 33, DB, 39, 1E, 8B, D1, 89, 55, F8, 89, 5D, FC, 7E, 3F, 57, BF, CC, CC, CC, CC, 8B, 46, 04, 03, C3, 8B, 08, 39, 7C, 11, FC, 75...
 
[+]

Entropy:
6.5172

Code size:
137.5 KB (140,800 bytes)

Scheduled Task
Task name:
{C032AA07-93D3-4AB5-9522-116803D57350}

Trigger:
Registration (Runs on registration)


The file lobby.exe has been discovered within the following program.

cleosviproom  by Kingsbury
About 1% of users remove it
 
Powered by Should I Remove It?

Scan lobby.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.