» LP.exe
Overview
Analysis
File Details
Behaviors (1)

LP.exe

LP

Optlynx CO., LTD.

The application LP.exe by Optlynx CO. has been detected as a potentially unwanted program by 9 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘LP’.

File name:

LP.exe

Publisher:

hsit (signed by Optlynx CO., LTD.)

Product:

Version:

1.00

MD5:

ffcc7f51ea5e73fac8dc8b794020577e

SHA-1:

c76efc998815e629308597c7778bd70303504448

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 3:15:53 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Adware/Optserve.46632

2014.03.01

Baidu Antivirus

AdWare.Win32.Optmedia

4.0.3.14510

Comodo Security

ApplicUnwnt.Win32.Adware.Optmedia

17863

ESET NOD32

Win32/Adware.Optmedia

8.9487

F-Secure

Adware:W32/Optserve

11.2014-10-05_7

McAfee

Generic PUP.d

5600.7134

Sophos

Generic PUA MH

4.98

Trend Micro House Call

ADW_OPTMEDIA

7.2.130

Trend Micro

ADW_OPTMEDIA

10.465.10

File size:

45.5 KB (46,632 bytes)

Product version:

1.00

Original file name:

LP.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\lp.exe

Digital Signature

Signed by:

Optlynx CO., LTD.

Authority:

VeriSign, Inc.

Valid from:

3/1/2007 9:00:00 AM

Valid to:

3/1/2008 8:59:59 AM

Subject:

CN="Optlynx CO., LTD.", OU=Coordination, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Optlynx CO., LTD.", L=Nishi-ku Osaka-shi, S=Osaka, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

475D4973A000810A5409CC1F7132A4F1

File PE Metadata

Compilation timestamp:

6/7/2006 9:48:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:gwJ/ydKfSIuBKX/dV0idGUGLml+7ZOMAwzLeGML3t5bOI:gwJ/LKXB9p7ZOpwuGMBJt

Entry address:

0x16B0

Entry point:

68, F0, 18, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 16, 5E, 5A, 78, 5A, F5, 90, 4D, 89, CF, C6, 35, 33, E3, A8, B0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 39, 39, 36, 43, 2D, 70, 72, 6F, 4C, 50, 00, 44, 34, 00, 00, 00, 00, FF, CC, 31, 00, 03, EA, CF, 1C, 50, 03, E4, 50, 49, A0, BD, 2A, C7, 99, E1, 9F, E4, 47, 2A, 7B, 1C, 95, 26, DB, 40, B9, D9, A5, 89, 04, AE, D9, 3C, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

5.1698

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

28 KB (28,672 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Command:

C:\Windows\System32\lp.exe

Remove LP.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.