» lollipop_01041831.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

lollipop_01041831.exe

whimming

sprite

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘lollipop_01041831’.

File name:

Publisher:

sprite

Product:

whimming

Description:

penance

Version:

9, 8, 0, 2

MD5:

344f5d753bf6d6060695b159204ba89e

SHA-1:

604757d639338953de42f336979afe9ddee1530b

SHA-256:

63fad825170e008eb710339f5bb7a40498cab387066db46e3d964c73fb0afae1

Scanner detections:

10 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/23/2024 11:12:00 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Lollipop.2

1118

AVG

Win32/Cryptor

2015.0.3596

Bitdefender

Gen:Variant.Adware.Lollipop.2

1.0.20.60

Emsisoft Anti-Malware

Gen:Variant.Adware.Lollipop

8.14.01.12.12

Fortinet FortiGate

W32/Skintrim.B!tr

1/12/2014

G Data

Gen:Variant.Adware.Lollipop

14.1.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

McAfee

Artemis!344F5D753BF6

5600.7252

MicroWorld eScan

Gen:Variant.Adware.Lollipop.2

15.0.0.36

Panda Antivirus

Suspicious file

14.01.12.12

File size:

3.2 MB (3,305,472 bytes)

Product version:

9, 8, 0, 2

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\lollipop\lollipop_01041831.exe

File PE Metadata

Compilation timestamp:

5/9/2011 10:04:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:CJuwJmVdb3FL6VhFXPt7+dJP9YXff36j8GMkmBqxr8/8qAJvzJSb4uppJUkymbnY:x7Jo2iFA+3vpVG

Entry address:

0x3C39

Entry point:

E8, CC, 41, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 10, 8B, 4D, 0C, 25, FF, FF, F7, FF, 23, C8, 56, F7, C1, E0, FC, F0, FC, 74, 31, 57, 8B, 7D, 08, 33, F6, 3B, FE, 74, 0B, 56, 56, E8, 93, EA, FF, FF, 59, 59, 89, 07, E8, 17, 0D, 00, 00, 6A, 16, 5F, 56, 56, 56, 56, 56, 89, 38, E8, 63, F7, FF, FF, 83, C4, 14, 8B, C7, 5F, EB, 1D, 8B, 75, 08, 50, FF, 75, 0C, 85, F6, 74, 09, E8, 63, EA, FF, FF, 89, 06, EB, 05, E8, 5A, EA, FF, FF, 59, 59, 33, C0, 5E, 5D, C3, 6A, 0C, 68, C8, 35, 72, 00, E8, A5, 0E... 
[+]

Entropy:

5.6967

Code size:

3.1 MB (3,273,216 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

lollipop_01041831

Command:

"C:\users\{user}\appdata\local\lollipop\lollipop_01041831.exe" lollipop_01041831

The file lollipop_01041831.exe has been discovered within the following program.

Lollipop by Lollipop Network, S.L.

Lollipop is an ad-supported web browser plugin that provides context based marketing within the user's browser.

www.lollipop-network.com

57% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to w01.lopn.eu (5.39.47.211:80)

Scan lollipop_01041831.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.