home

lfservice.exe

Everstrike OOO

The application lfservice.exe by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘LFService’.
Publisher:
Everstrike OOO  (signed and verified)

MD5:
8c05f98aae2742ebfe8640e1e906cf29

SHA-1:
24c64c0a817250733f0146ebd71021bb91489da8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 2:50:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Everstri (M)
16.6.28.23

File size:
233.5 KB (239,066 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\lock folder xp\lfservice.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
12/29/2011 1:00:00 AM

Valid to:
1/13/2013 12:59:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=Ulyanovsk, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
641E267F3D0313EEED9D86E2C36B2260

File PE Metadata
Compilation timestamp:
3/31/2012 9:09:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:T3v8ai0LIzKda36BG7BLZgCUlM9LrtLfr6pn:jv8aiSIzQjBGFnUlM9tLfr6pn

Entry address:
0x12000

Entry point:
68, DF, 87, 3E, 00, 58, BF, 20, 20, 41, 00, 68, 98, 05, 00, 00, 5E, 90, FF, 34, 3E, 31, 04, 24, 8F, 04, 3E, 90, 83, EE, 04, 90, 75, F0, 90, 90, 37, FA, 3F, 00, DF, 87, 3E, 00, DF, 87, 7E, 00, BB, AC, 3E, 00, BF, 68, 3E, 00, 05, 72, 3E, 00, DF, 37, 3C, 00, DE, 87, 3E, 00, CF, 07, 7E, 00, FB, 27, 7E, 00, EB, 27, 7E, 00, 97, 01, 3E, 00, FD, 27, 3E, 00, ED, 27, 3E, 00, CF, EF, 3E, 00, FD, 27, 3E, 00, ED, 27, 3E, 00, DF, 87, 3E, 00, DF, 87, 3E, 00, DF, 87, 3E, 00, DF, 87, 3E, 00, DF, 87, 3E, 00, DF, 87, 3E, 00...
 
[+]

Code size:
25 KB (25,600 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LFService

Command:
C:\Program Files\lock folder xp\lfservice.exe -start


Remove lfservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.