» updateluckyleap.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (1)

updateluckyleap.exe

lucky leap

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for lucky leap will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updateluckyleap.exe by lucky leap has been detected as adware by 23 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update lucky leap”. Additionally, the file is typically installed by a number of programs including lucky leap 3.0.0 by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updateluckyleap.exe

Publisher:

lucky leap (signed and verified)

Version:

1.0.5307.27329

MD5:

36cc78140cb26589517866df62b753cc

SHA-1:

5e2a1318705696631af6fb0e036ed8d13db9132d

SHA-256:

f65f5f0c2b3a836b01d1b67003c71c704d2a0b302fe4c63bcb7e6d4673225249

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/26/2024 4:11:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1037754

432

AhnLab V3 Security

Adware/Win32.LuckyLeap

2014.10.24

Avira AntiVirus

ADWARE/BrowseFox.Gen7

7.11.180.214

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.151129

Bitdefender

Adware.Generic.1037754

1.0.20.1665

Comodo Security

UnclassifiedMalware

19883

Emsisoft Anti-Malware

Adware.Generic.1037754

8.15.11.29.01

ESET NOD32

Win32/BrowseFox (variant)

9.10609

Fortinet FortiGate

Adware/Kranet

11/29/2015

F-Secure

Adware.Generic.1037754

11.2015-29-11_1

G Data

Adware.Generic.1037754

15.11.24

K7 AntiVirus

Unwanted-Program

13.184.13741

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.Kranet

14.0.0.1047

Malwarebytes

PUP.Optional.LuckyLeap.A

v2015.11.29.01

McAfee

BrowseFox.c

5600.6566

MicroWorld eScan

Adware.Generic.1037754

16.0.0.999

nProtect

Trojan-Clicker/W32.Agent.321824.C

14.10.23.01

Quick Heal

AdWare.MSIL.r3 (Not a Virus)

11.15.14.00

Reason Heuristics

PUP.Yontoo.luckyleap (M)

15.11.29.13

Sophos

Lucky Leap

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0EJC14

7.2.333

Trend Micro

TROJ_GEN.R0C1C0EJC14

10.465.29

VIPRE Antivirus

Yontoo

34180

File size:

314.3 KB (321,824 bytes)

Product version:

1.0.5307.27329

Original file name:

luckyleap.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\lucky leap\updateluckyleap.exe

Digital Signature

Signed by:

lucky leap

Authority:

VeriSign, Inc.

Valid from:

8/12/2013 7:00:00 PM

Valid to:

8/13/2015 6:59:59 PM

Subject:

CN=lucky leap, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=lucky leap, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6A5011DFCDBB457548BCC92ED7587788

File PE Metadata

Compilation timestamp:

7/13/2014 11:11:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:55Bn8MxNhuAQhkMwaZQBrhFlnqs7/7fGGq/pbbPI:55BJxuAQq5rbjIFPI

Entry address:

0x4E592

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00... 
[+]

Entropy:

6.0982

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

305.5 KB (312,832 bytes)

Service

Display name:

Update lucky leap

Type:

Win32OwnProcess

The file updateluckyleap.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

lucky leap 3.0.0 by Yontoo Technology, Inc.

From the privacy policy - "We use the information we collect from and receive about users to provide the Software to you, to measure and improve the Software, to personalize your experience by delivering relevant content, advertising, and marketing messages, and to provide you with customer support and respond to inquiries.

luckyleap.net/support

80% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to install.luckyleap.net (70.186.131.184:80)

Remove updateluckyleap.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.