home

LooknStop.EXE

Look 'n' Stop Personal Firewall

GLOANNEC Frederic

The application LooknStop.EXE by GLOANNEC Frederic has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Look 'n' Stop’. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
Soft4Ever  (signed by GLOANNEC Frederic)

Product:
Look 'n' Stop Personal Firewall

Version:
2, 0, 0, 6

MD5:
a74af0b3877562bc84a60a5b8e99bd1a

SHA-1:
4b3cd9aab285c6c486a265ba198f9708bae688b8

SHA-256:
d11c026d8d00670aa0716fd343fcd533f96a76f066932170b05b2099321f40fc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/27/2024 3:51:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore.Bundler (M)
16.2.2.10

File size:
551.8 KB (565,088 bytes)

Product version:
2, 0, 0, 6

Copyright:
Copyright © 2009

Original file name:
LooknStop.EXE

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
English (United States)

Common path:
C:\Program Files\soft4ever\looknstop\looknstop.exe

Digital Signature
Signed by:
GLOANNEC Frederic

Authority:
GlobalSign nv-sa

Valid from:
11/13/2008 10:01:41 AM

Valid to:
11/13/2011 10:01:41 AM

Subject:
E=fgloannec@soft4ever.com, CN=GLOANNEC Frederic, O=GLOANNEC Frederic, C=FR

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
0100000000011D9515098B

File PE Metadata
Compilation timestamp:
5/18/2009 11:19:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:iycWc/rImIC98IMSmRRjb9SN3qUMikeT6nUixYoRpJSsAJuXLOh9nZmSbeaxJev8:3cazIBmRyNaPwQYoRpQsAYzSbeaSk

Entry address:
0x39F1D

Entry point:
E8, 86, 05, 00, 00, E9, D9, FC, FF, FF, CC, FF, 25, D4, E7, 43, 00, FF, 25, D0, E7, 43, 00, 68, 83, 98, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 6C, F3, 44, 00, 31, 45, FC, 33, C5, 89, 45, E4, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, E4, 33, CD, E8, E4, F7, FF, FF, E9, 7A, 02, 00, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56...
 
[+]

Entropy:
5.7110

Code size:
244 KB (249,856 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Look 'n' Stop

Command:
"C:\Program Files\soft4ever\looknstop\looknstop.exe" -auto


Remove LooknStop.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.