lollipop.exe

The application lollipop.exe has been detected as adware by 17 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘lollipop’. While running, it connects to the Internet address w01.lopn.eu on port 80 using the HTTP protocol.
MD5:
b1b702ee85ac685a0c71270dae54476f

SHA-1:
83527bfc8bd650e552e7f8200bf7012737cd61bc

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
12/26/2024 4:01:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.26488
1045

Avira AntiVirus
ADWARE/Lollipop.A.3311
7.11.129.216

AVG
Win32/Cryptor
2015.0.3523

Baidu Antivirus
Trojan.Win32.Skintrim
4.0.3.14326

Bitdefender
Gen:Variant.Symmi.26488
1.0.20.425

Emsisoft Anti-Malware
Gen:Variant.Symmi.26488
8.14.03.26.10

ESET NOD32
Win32/Skintrim.LT (variant)
8.9389

Fortinet FortiGate
W32/Skintrim.B!tr
3/26/2014

F-Secure
Gen:Variant.Symmi.26488
11.2014-26-03_4

G Data
Gen:Variant.Symmi.26488
14.3.24

IKARUS anti.virus
AdWare.Win32.Lollipop
t3scan.2.2.29

McAfee
Artemis!B1B702EE85AC
5600.7179

MicroWorld eScan
Gen:Variant.Symmi.26488
15.0.0.255

Norman
Skintrim.PCK
11.20140326

Qihoo 360 Security
Win32/Trojan.0a9
1.0.0.1015

Reason Heuristics
PUP.Lollipop.I
14.3.26.22

VIPRE Antivirus
Trojan.Win32.Generic
26196

File size:
2.6 MB (2,730,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\lollipop\lollipop.exe

File PE Metadata
Compilation timestamp:
7/27/2013 12:32:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:L2fCwci34mIwjgWksYBQyEisuv3ilVzxJtuvWIUrK:L/iMLa

Entry address:
0x42B7

Entry point:
E8, AE, 4F, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 4D, 08, 53, 33, DB, 56, 57, 3B, CB, 74, 07, 8B, 7D, 0C, 3B, FB, 77, 1B, E8, B9, 07, 00, 00, 6A, 16, 5E, 89, 30, 53, 53, 53, 53, 53, E8, FF, FB, FF, FF, 83, C4, 14, 8B, C6, EB, 30, 8B, 75, 10, 3B, F3, 75, 04, 88, 19, EB, DA, 8B, D1, 8A, 06, 88, 02, 42, 46, 3A, C3, 74, 03, 4F, 75, F3, 3B, FB, 75, 10, 88, 19, E8, 7E, 07, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C1, 33, C0, 5F, 5E, 5B, 5D, C3, 6A, 0C, 68, 00, 8B, 41, 00, E8, 13, 42, 00, 00, 83, 65...
 
[+]

Code size:
60.5 KB (61,952 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
lollipop

Command:
"C:\Documents and Settings\{user}\Application data\lollipop\lollipop.exe" lollipop


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to w01.lopn.eu  (5.39.47.211:80)

Remove lollipop.exe - Powered by Reason Core Security