home

LF30.exe

Lock Folder XP

Everstrike OOO

The application LF30.exe by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Everstrike Software  (signed by Everstrike OOO)

Product:
Lock Folder XP

Version:
3.8.0.0

MD5:
b3b16415e2bef3552a8568b1813fbca7

SHA-1:
9e23bf58e7ce6daeae51923656d130f7ffd2e38a

SHA-256:
e88c8b14f2077a54d5841dce5e997d7289060ee1b786dba928f49fe14cafd10a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 3:00:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Everstri (M)
16.4.6.20

File size:
1.7 MB (1,795,928 bytes)

Product version:
3.8.0.0

Copyright:
Copyright c 2001-2011

Trademarks:
Lock Folder XP

Original file name:
LF30.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lock folder xp\lf30.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
12/17/2010 5:30:00 AM

Valid to:
1/14/2012 5:29:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=n/a, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C6FEBAF7115A5C4FFAEAACEC3EA4FF1

File PE Metadata
Compilation timestamp:
6/1/2011 12:36:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:2WspQiAjhhaoZzO87QTzQDhaMYqeuOYq6bWJ5:ZriAjhh7ZagQADhaMYqeuHs

Entry address:
0x1B5357

Entry point:
E8, 85, EA, FF, FF, 41, 44, 56, 41, 50, 49, 33, 32, 2E, 64, 6C, 6C, 00, 8D, 64, 24, 40, 0F, 87, 34, DF, FF, FF, F8, 69, D2, 0A, 00, 00, 00, 9C, 9C, C6, 44, 24, 04, 3B, 60, 01, C2, 68, 8F, 39, 34, 9D, 66, 89, 04, 24, 8D, 64, 24, 2C, E9, 95, CD, FF, FF, 83, EC, 0C, 0F, AC, E8, 10, 66, 0F, BD, C6, D2, F4, 56, 60, 66, 0F, BA, E4, 07, 89, 7C, 24, 1C, 0F, A3, DF, 66, 0F, BD, C5, 66, 0F, A5, C0, 89, 5C, 24, 18, 20, E8, 89, 54, 24, 14, D4, BB, 3F, 0F, 9E, C0, 8B, 45, 08, 80, FD, F5, 85, C0, 68, 88, 40, 10, FA, 8D...
 
[+]

Entropy:
7.1387

Code size:
166 KB (169,984 bytes)

Remove LF30.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.