» legpat.exe
Overview
Analysis
File Details
Behaviors (1)

legpat.exe

Legpat

Sivi Technology Limited

The application legpat.exe by Sivi Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(LegpatP)”.

File name:

legpat.exe

Publisher:

Sivi Technology Limited (signed and verified)

Product:

Legpat

Version:

1.0.0.1

MD5:

0557d50cc6515eebeabd6bc9ad3e54fc

SHA-1:

f36530e118c76808de47dc289ad51cea770f96aa

SHA-256:

75d67645d5373cbb6ebeba6b96c20306218528f0f7392d6076bc488655637dda

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 6:32:38 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

17.1.30.4

File size:

390.4 KB (399,768 bytes)

Product version:

50.25.2661.78

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\legpat\legpat.exe

Digital Signature

Signed by:

Sivi Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

5/6/2016 7:34:31 AM

Valid to:

3/1/2017 8:56:03 AM

Subject:

CN=Sivi Technology Limited, O=Sivi Technology Limited, L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121425C73F5B28AE6BF0FAAF2BE407751CF

File PE Metadata

Compilation timestamp:

5/26/2016 7:13:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x28CA1

Entry point:

BD, 95, 3E, 00, 00, D9, D5, A9, C6, CB, 8C, 15, 0D, C4, 7D, 00, F8, 7D, A1, 33, B0, 39, 00, 00, 00, 00, 60, 6B, 2C, 6E, 0E, DC, DC, 69, 22, C2, 96, 07, 5D, CB, 46, 00, 00, 00, 00, B9, 37, 14, 59, 7C, 5D, 10, 7F, 63, 03, 57, B0, 1C, F8, D8, F4, EB, F8, 71, 00, 03, 90, 07, C6, 41, 8F, F7, 10, AB, C6, CB, 8C, CF, D8, 12, CD, 50, D0, 00, 00, 00, 00, C6, B0, 60, 31, A8, 0C, 00, 00, 00, 00, DA, 7D, 10, 7F, 1B, 31, 73, 35, 67, 25, 67, DC, 7F, B2, DC, D2, 8C, 94, 12, 00, 07, B6, 60, DC, 32, C9, CB, 06, CC, 92, 12... 
[+]

Entropy:

6.9288

Code size:

285 KB (291,840 bytes)

Service

Display name:

Protect Service(LegpatP)

Service name:

LegpatP

Description:

To ensure your Legpat software integrity. If this service is disabled or stopped, your Legpat software will not be kept integrity check. This service uninstalls itself when there is no Legpat software

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove legpat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.