home

{blocked}.exe

LastPass Installer

LastPass

This is a self-extracting archive and installer. The file has been seen being downloaded from rodan.lastpass.com and multiple other hosts.
Publisher:
LastPass  (signed and verified)

Product:
LastPass Installer

Version:
1.74.0

MD5:
c5d9eab18841d0c3ba8c02f19c490e68

SHA-1:
9447cecca59dd599a63bb29ae4daa6efcbefc933

SHA-256:
c109a0057e47a8925a4b420a642fb29589fa84a8c990405e688aa559b04e2c3b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 9:45:03 PM UTC  (today)

File size:
12.9 MB (13,571,624 bytes)

Product version:
1.74.0

Copyright:
Copyright 2008-2011

Original file name:
lastpass.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\lastpass_x64.exe

Digital Signature
Signed by:
LastPass

Authority:
COMODO CA Limited

Valid from:
6/27/2011 8:00:00 PM

Valid to:
6/27/2014 7:59:59 PM

Subject:
CN=LastPass, O=LastPass, STREET=226 Maple Ave W STE 301, L=Vienna, S=VA, PostalCode=22180, C=US

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6A21177197E854AD7D330FFF3C3FEA0C

File PE Metadata
Compilation timestamp:
8/10/2011 4:17:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:pBAPemjqG6TpFfNp+Xk24vNNvqjp6F543QYZA:pBAUHP24zOpKae

Entry address:
0x2FA495

Entry point:
B8, 6C, B3, 58, 05, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 52, 28, E3, D8, 7D, 69, 9A, 9A, 0F, 4C, E1, 7C, BE, 82, B1, BF, 6E, A5, 5C, 18, C3, AC, 31, 14, 6D, BA, 9E, 58, BA, FD, 0D, 9C, E6, 56, 10, C5, C1, 97, 8A, A3, 0E, 60, DF, 36, EB, F7, 33, 60, E4, 14, 75, 52, 1C, 98, E7, 21, D2, 6A, B7, 45, AE, AF, 7A, 25, 1B, D2, AE, 9E, 2C, 51, 86, B1, 7C, EE, 08, 22, B3, 91, 57, CC, 2A, 0D, 2A, C8, EC, 52, 81, 7D, 35, 7A, 95, FE, 77...
 
[+]

Entropy:
7.9818  (probably packed)

Code size:
3.5 MB (3,634,176 bytes)

The file {blocked}.exe has been seen being distributed by the following 2 URLs.

https://rodan.lastpass.com/lastpass_x64.exe

https://lastpass.com/lastpass_x64.exe

Scan {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.