home

lsveil.exe

The executable lsveil.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address text-lb.ulsfo.wikimedia.org on port 80 using the HTTP protocol.
MD5:
ecf9c2ec04fd9c0f99ba6b6c42fb18b7

SHA-1:
551df142cb349ff7022ae822458890e9a52ab54e

SHA-256:
bad6a703d3349103d94d31be648e39b4721b6aa12a22900740e66b1eec3d214f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/18/2024 10:16:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Downloader.PE (M)
17.1.3.13

File size:
712 KB (729,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\lsveil.exe

File PE Metadata
Compilation timestamp:
12/9/2006 2:31:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x22B93

Entry point:
6A, 60, 68, F8, B7, 42, 00, E8, ED, F7, FF, FF, BF, 94, 00, 00, 00, 8B, C7, E8, 45, F2, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 84, A0, 42, 00, 8B, 4E, 10, 89, 0D, 28, 3B, 46, 00, 8B, 46, 04, A3, 34, 3B, 46, 00, 8B, 56, 08, 89, 15, 38, 3B, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 2C, 3B, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 2C, 3B, 46, 00, C1, E0, 08, 03, C2, A3, 30, 3B, 46, 00, 33, F6, 56, 8B, 3D, 7C, A0, 42, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
4.0177

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
164 KB (167,936 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-31-213-236.deploy.static.akamaitechnologies.com  (184.31.213.236:80)

TCP (HTTP):
Connects to live.selapa.com  (173.199.148.208:80)

TCP (HTTP):
Connects to text-lb.ulsfo.wikimedia.org  (198.35.26.96:80)

Remove lsveil.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.