» LSSrvc.exe
Overview
Analysis
File Details
Behaviors (1)

LSSrvc.exe

LightScribe

Hewlett-Packard Company

The executable LSSrvc.exe, “LightScribe Service” has been detected as malware by 14 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “LightScribeService Direct Disc Labeling Service”. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

LSSrvc.exe

Publisher:

Hewlett-Packard Company

Product:

LightScribe

Description:

LightScribe Service

Version:

1.18.22.2

MD5:

3919d122cdc43d5ec52b8a0b33a58d70

SHA-1:

5319aaac89b893cd4fe4284b54ed8c2a3404d409

SHA-256:

71368ef9bae7895a3cf71ffd165bfa605af84fc7e97f6ba6905be337a71ebf48

Scanner detections:

14 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

5/6/2024 1:52:28 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:RmnDrp

160203-1

AVG

Win32/Zbot.G

2015.0.4489

Boost by Reason

Optional.HewlettPackardCompany.Service

188838

Dr.Web

Win32.Rmnet.8

9.0.1.05190

Emsisoft Anti-Malware

Win32.Ramnit.N

10.0.0.5366

ESET NOD32

Win32/Ramnit.H virus

7.0.302.0

F-Prot

W32/Ramnit.E

4.6.5.141

F-Secure

Win32.Ramnit.N

5.15.21

Kaspersky

Virus.Win32.Nimnul

15.0.0.562

McAfee

Virus.W32/Ramnit.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5427.0

Norman

Win32.Ramnit.N

03.02.2016 07:38:05

Sophos

Virus 'W32/Ramnit-A'

5.23

VIPRE Antivirus

Threat.4732184

46912

File size:

184.4 KB (188,811 bytes)

Original file name:

LSSrvc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\lightscribe\lssrvc.exe

File PE Metadata

Compilation timestamp:

3/4/2011 9:28:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

3072:fTa/G2OX3yKSqS8GzSFONMl59B7aG0qK9uzqhWhTTvXjq:fv26ysGzSFONKkvP9uzcWh/+

Entry address:

0x12000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, CE, B2, 01, 20, 2B, 85, 35, BA, 01, 20, 89, 85, 31, BA, 01, 20, B0, 00, 86, 85, 66, BC, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 61, BB, 01, 20, 00, 74, 33, 83, BD, 65, BB, 01, 20, 00, 74, 2A, 8B, 85, 31, BA, 01, 20, 2B, 85, 61, BB, 01, 20, 8B, 00, 89, 85, 9E, BB, 01, 20, 8B, 85, 31, BA, 01, 20, 2B, 85, 65, BB, 01, 20, 8B, 00, 89, 85, A2, BB, 01, 20, EB, 61, 83, BD, 69, BB, 01, 20, 00, 74, 58, 8B, 85, 31, BA, 01, 20, 2B, 85, 69, BB, 01, 20, FF, 30, 8D, 85... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

36 KB (36,864 bytes)

Service

Display name:

LightScribeService Direct Disc Labeling Service

Service name:

LightScribeService

Description:

Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScr

Type:

Win32OwnProcess

Remove LSSrvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.