lkykqxsq.exe

Zombie Invasion

Time Lapse Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application lkykqxsq.exe, “ZombieInvasion Service” by Time Lapse Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “lkykQXsq”.
Publisher:
Time Lapse Solutions  (signed and verified)

Product:
Zombie Invasion

Description:
ZombieInvasion Service

Version:
1.0.0.0

MD5:
20222f8d15bc9e042fd6ea3ddd80ff82

SHA-1:
6e9bebd8d0540271c29feb579107a5a94aa66fdf

SHA-256:
dd5e48698a0a7483adc129b3634c2b2c56bd4d66636ffcfbd4f1b446bce762aa

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/23/2024 10:35:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.3.12.13

File size:
2.6 MB (2,731,496 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Time Lapse Solutions 2015

Original file name:
ZombieInvasionService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\xtqlicupq\lkykqxsq.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/26/2015 1:00:00 AM

Valid to:
4/27/2016 1:59:59 AM

Subject:
CN=Time Lapse Solutions, O=Time Lapse Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
088D68E27F37630FE9E23AD19AC872B3

File PE Metadata
Compilation timestamp:
4/8/2015 12:41:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x29A82E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.6 MB (2,722,304 bytes)

Service
Display name:
lkykQXsq

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove lkykqxsq.exe - Powered by Reason Core Security