» lp.exe
Overview
Analysis
File Details

lp.exe

used of

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application lp.exe by Alexey Kurilenko has been detected as adware by 20 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder.

File name:

lp.exe

Publisher:

of a (signed by Alexey Kurilenko)

Product:

used of

Version:

0.8.0.0

MD5:

a4bc60d01885796c899bb7e2b3e39a83

SHA-1:

7fb9a2a1573a42b0e47c671b0a4a62b1382b6a74

SHA-256:

5c845110085d539c068e2c211fa249a938292c293787f32d602bb822c858c74c

Scanner detections:

20 / 68

Status:

Adware

Analysis date:

4/26/2024 2:22:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

923

AhnLab V3 Security

Adware/Win32.Agent

2014.07.24

Avira AntiVirus

Adware/MultiPlug.aob

7.11.163.246

avast!

Win32:PUP-gen [PUP]

140617-1

AVG

Adware Generic_r.QP

2014.0.3986

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.1035

Dr.Web

Trojan.Siggen6.21336

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

8.14.07.26.04

ESET NOD32

Win32/AdWare.MultiPlug.AQ (variant)

8.10153

F-Secure

Gen:Variant.Adware.Dropper.103

11.2014-26-07_7

G Data

Gen:Variant.Adware.Dropper.103

14.7.24

IKARUS anti.virus

AdWare.SaveNet

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12819

Malwarebytes

PUP.Optional.InstallRex

v2014.07.25.11

McAfee

PUP-FMH

5600.7059

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

15.0.0.621

Panda Antivirus

PUP/TSUploader

14.07.25.11

Reason Heuristics

PUP.AlexeyKurilenko.C

14.7.25.11

Sophos

MultiPlug

4.98

VIPRE Antivirus

Threat.4786450

31208

File size:

778.9 KB (797,560 bytes)

Product version:

0.8.0.0

Original file name:

volume are

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\lp.exe

Digital Signature

Signed by:

Alexey Kurilenko

Authority:

Unizeto Technologies S.A.

Valid from:

6/17/2014 2:20:17 PM

Valid to:

6/17/2015 2:20:17 PM

Subject:

E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

15D51642691B3EE20985639A8FE865DD

File PE Metadata

Compilation timestamp:

7/21/2014 1:07:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:AL4tl+lKe+htViBz1IM+f0+OowEXh/Mj9dJTG+7RP2gCjttRy0gr2kvd0Lmvxl:AL4tl+lShtQz1p+jXc3xt1e40grtF08l

Entry address:

0x1764E

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, CD, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

135.5 KB (138,752 bytes)

Remove lp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.