home

lanc ip grabber.exe

The executable lanc ip grabber.exe has been detected as malware by 14 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LANC IP Grabber.exe’. The file has been seen being downloaded from download2234.mediafire.com and multiple other hosts.
Version:
3, 3, 8, 1

MD5:
b82c8e7d87618825a16a7dde725e327b

SHA-1:
986d1efa68c620d96689ed7174d46f24e0313805

SHA-256:
3d70f19cc8671dd741e7e753161eec523954d282ccafcdc47a41a5a01e5cca64

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
11/27/2024 10:27:46 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
DR/AutoIt.Gen2
7.11.115.108

avast!
AutoIt:Fynloski-A [Trj]
2014.9-151118

AVG
MultiDropper_c
2016.0.2922

Comodo Security
UnclassifiedMalware
17330

ESET NOD32
Win32/Injector.Autoit.KG
9.9089

Fortinet FortiGate
W32/Autoit.BJP!tr
11/18/2015

IKARUS anti.virus
Backdoor.Win32.Fynloski
t3scan.2.2.29

Kaspersky
Trojan-Dropper.Win32.Autoit
14.0.0.1104

McAfee
Artemis!B82C8E7D8761
5600.6578

NANO AntiVirus
Trojan.Win32.Autoit.cbkpve
0.28.0.56316

Norman
Suspicious_Gen4.EQUTN
11.20151118

Panda Antivirus
Suspicious file
15.11.18.05

Sophos
Mal/Generic-S
4.95

Trend Micro House Call
TROJ_GEN.R047H01HB13
7.2.322

File size:
7.4 MB (7,779,434 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\lanc ip grabber.exe

File PE Metadata
Compilation timestamp:
1/29/2012 3:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:ic1jq3UPSTed6VL2OyXB8Qbqt6K77jLI4Uymyufq:iyqsSTedML2RB8IqB7vLIZvfq

Entry address:
0x165C1

Entry point:
E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8...
 
[+]

Entropy:
7.9715  (probably packed)

Code size:
514 KB (526,336 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LANC IP Grabber.exe

Command:
C:\users\{user}\downloads\lanc ip grabber.exe


The file lanc ip grabber.exe has been seen being distributed by the following 2 URLs.

http://download2234.mediafire.com/pb9c1obujr0g/.../LANC IP Grabber.exe

http://download1509.mediafire.com/aiv9x97eeirg/.../LANC IP Grabber.exe

Remove lanc ip grabber.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.