» lollipop2.exe
Overview
Analysis
File Details
Downloads (1)

lollipop2.exe

The application lollipop2.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. The file has been seen being downloaded from cdn.download4desktop.com.

File name:

lollipop2.exe

Version:

1, 1, 1, 7

MD5:

c03166419dbf63a56d07b94e25b6bb64

SHA-1:

643b22ba837ff45c9dc079eeeaea8772bec2400c

SHA-256:

a095ec8fca8af88f9a408c98fbec87c3d69f86465378f2e62ededf1cac304b82

Scanner detections:

27 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 7:32:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.10452356

1069

AhnLab V3 Security

Packed/Win32.Katusha

2014.02.24

Avira AntiVirus

Adware/AgentCV.A.3826

7.11.133.86

AVG

Crypt2

2015.0.3547

Baidu Antivirus

Trojan.Win32.Katusha

4.0.3.1432

Bitdefender

Trojan.Generic.10452356

1.0.20.305

Comodo Security

TrojWare.Win32.Kryptik.BTSO

17835

Dr.Web

Trojan.MulDrop5.7564

9.0.1.061

Emsisoft Anti-Malware

Trojan.Generic.10452356

8.14.03.02.02

ESET NOD32

Win32/Kryptik.BTSV (variant)

8.9460

Fortinet FortiGate

W32/Katusha.BTSV!tr

3/2/2014

F-Secure

Trojan.Generic.10452356

11.2014-02-03_1

G Data

Trojan.Generic.10452356

14.3.24

IKARUS anti.virus

Packed.Win32.Katusha

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11239

Kaspersky

Packed.Win32.Katusha

14.0.0.4232

McAfee

Trojan-FDKT!C03166419DBF

5600.7203

MicroWorld eScan

Trojan.Generic.10452356

15.0.0.183

NANO AntiVirus

Trojan.Win32.Katusha.ctclou

0.28.0.57630

Norman

Troj_Generic.SQUNO

11.20140302

nProtect

Trojan.Generic.10452356

14.02.23.01

Panda Antivirus

Trj/CI.A

14.03.02.02

Qihoo 360 Security

Win32/Trojan.60e

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R0CBC0PBM14

7.2.61

Trend Micro

TROJ_GEN.R0CBC0PBM14

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

26766

XVirus List

Win.Detected

2.3.31

File size:

444 KB (454,656 bytes)

Product version:

1, 1, 1, 7

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\lollipop2.exe

File PE Metadata

Compilation timestamp:

1/23/2014 11:44:10 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:Kvwl9dzZDMOvmTjXBQ4JlXY5Twf3o/f9AnrbWrgCYoL+EnqY:KSz5MFTjRQCIH0OrgCX+8/

Entry address:

0x11064

Entry point:

E8, F7, 88, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 30, 53, 33, DB, F6, 45, 10, 80, 56, 57, 8B, F0, 89, 5D, E0, 88, 5D, FE, C7, 45, D0, 0C, 00, 00, 00, 89, 5D, D4, 74, 09, 89, 5D, D8, C6, 45, FF, 10, EB, 0A, C7, 45, D8, 01, 00, 00, 00, 88, 5D, FF, 8D, 45, E0, 50, E8, AC, 8E, 00, 00, 59, 85, C0, 74, 0D, 53, 53, 53, 53, 53, E8, ED, 33, 00, 00, 83, C4, 14, 8B, 4D, 10, B8, 00, 80, 00, 00, 85, C8, 75, 11, F7, C1, 00, 40, 07, 00, 75, 05, 39, 45, E0, 74, 04, 80, 4D, FF, 80, 8B, C1, 83, E0, 03, 2B... 
[+]

Entropy:

5.7790

Code size:

187 KB (191,488 bytes)

The file lollipop2.exe has been seen being distributed by the following URL.

http://cdn.download4desktop.com/Installer/.../Lollipop2.exe

Remove lollipop2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.