» lollipop_11100127.exe.52953a55
Overview
Analysis
File Details
Network (12)

lollipop_11100127.exe.52953a55

The file lollipop_11100127.exe.52953a55 has been detected as a potentially unwanted program by 13 anti-malware scanners. While running, it connects to the Internet address 226.124.196.104.bc.googleusercontent.com on port 443.

File name:

MD5:

baefec9111d76254ce29d1a7bbf116d7

SHA-1:

32978f76bf7a5ce3232afa4352676cb7bace97e8

SHA-256:

058c26737745985071c2742e5011103b05271336858502d6630c74fb513e8e93

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

5/4/2024 8:16:58 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-AYH [Adw]

2014.9-161202

AVG

Win32/Cryptor

2017.0.2542

Bitdefender

Gen:Variant.Symmi.26041

1.0.20.1685

Comodo Security

UnclassifiedMalware

16867

Emsisoft Anti-Malware

Gen:Variant.Symmi.26041

8.16.12.02.01

ESET NOD32

Win32/Skintrim.KX (variant)

10.8753

Fortinet FortiGate

W32/Skintrim.C!tr

12/2/2016

F-Secure

Gen:Variant.Symmi.26041

11.2016-02-12_6

G Data

Gen:Variant.Symmi.26041

16.12.22

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.-795

McAfee

Artemis!BAEFEC9111D7

5600.6198

MicroWorld eScan

Gen:Variant.Symmi.26041

17.0.0.1011

VIPRE Antivirus

Trojan-Downloader.Tibs.gen

21100

File size:

2.5 MB (2,588,160 bytes)

Common path:

C:\users\{user}\appdata\local\lollipop\lollipop_11100127.exe.52953a55

File PE Metadata

Compilation timestamp:

3/30/2011 2:55:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:ausKtkxjbz6n1V+lXFaEymPHKM1bsigPRQT/i8VyBOJ2e4m1RjJ1FloHxsMCrJIy:Ql0BO14VSn4PNSC0A4FqyqncZSU

Entry address:

0x1D17

Entry point:

E8, 6D, 36, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, A9, 21, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 38, 9A, 67, 00, 74, 12, 8B, 0D, 54, 99, 67, 00, 85, 48, 70, 75, 07, E8, 7E, 40, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 58, 98, 67, 00, 74, 16, 8B, 46, 08, 8B, 0D, 54, 99, 67, 00, 85, 48, 70, 75, 08, E8, F2, 38, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A... 
[+]

Code size:

2.4 MB (2,531,840 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-52-91-27.deploy.static.akamaitechnologies.com (23.52.91.27:80)

TCP (HTTP SSL):

Connects to ec2-52-3-9-78.compute-1.amazonaws.com (52.3.9.78:443)

TCP (HTTP):

Connects to 186.216.160.251.user.vctelecom.com.br (186.216.160.251:80)

TCP (HTTP SSL):

Connects to ec2-54-243-231-120.compute-1.amazonaws.com (54.243.231.120:443)

TCP (HTTP SSL):

Connects to 226.124.196.104.bc.googleusercontent.com (104.196.124.226:443)

TCP (HTTP):

Connects to 186.216.160.249.user.vctelecom.com.br (186.216.160.249:80)

TCP (HTTP SSL):

Connects to ec2-54-153-14-107.us-west-1.compute.amazonaws.com (54.153.14.107:443)

TCP (HTTP SSL):

Connects to ec2-52-9-58-244.us-west-1.compute.amazonaws.com (52.9.58.244:443)

TCP (HTTP SSL):

Connects to ec2-52-200-4-173.compute-1.amazonaws.com (52.200.4.173:443)

TCP (HTTP SSL):

Connects to ec2-50-16-250-28.compute-1.amazonaws.com (50.16.250.28:443)

TCP (HTTP):

Connects to a72-246-178-131.deploy.akamaitechnologies.com (72.246.178.131:80)

TCP (HTTP SSL):

Connects to 245.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net (68.67.180.45:443)

Remove lollipop_11100127.exe.52953a55 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.