lollipop2.exe

The application lollipop2.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. The file has been seen being downloaded from cdn.download4desktop.com.
Version:
1, 1, 1, 7

MD5:
c03166419dbf63a56d07b94e25b6bb64

SHA-1:
643b22ba837ff45c9dc079eeeaea8772bec2400c

SHA-256:
a095ec8fca8af88f9a408c98fbec87c3d69f86465378f2e62ededf1cac304b82

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:30:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10452356
1069

AhnLab V3 Security
Packed/Win32.Katusha
2014.02.24

Avira AntiVirus
Adware/AgentCV.A.3826
7.11.133.86

AVG
Crypt2
2015.0.3547

Baidu Antivirus
Trojan.Win32.Katusha
4.0.3.1432

Bitdefender
Trojan.Generic.10452356
1.0.20.305

Comodo Security
TrojWare.Win32.Kryptik.BTSO
17835

Dr.Web
Trojan.MulDrop5.7564
9.0.1.061

Emsisoft Anti-Malware
Trojan.Generic.10452356
8.14.03.02.02

ESET NOD32
Win32/Kryptik.BTSV (variant)
8.9460

Fortinet FortiGate
W32/Katusha.BTSV!tr
3/2/2014

F-Secure
Trojan.Generic.10452356
11.2014-02-03_1

G Data
Trojan.Generic.10452356
14.3.24

IKARUS anti.virus
Packed.Win32.Katusha
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11239

Kaspersky
Packed.Win32.Katusha
14.0.0.4232

McAfee
Trojan-FDKT!C03166419DBF
5600.7203

MicroWorld eScan
Trojan.Generic.10452356
15.0.0.183

NANO AntiVirus
Trojan.Win32.Katusha.ctclou
0.28.0.57630

Norman
Troj_Generic.SQUNO
11.20140302

nProtect
Trojan.Generic.10452356
14.02.23.01

Panda Antivirus
Trj/CI.A
14.03.02.02

Qihoo 360 Security
Win32/Trojan.60e
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0CBC0PBM14
7.2.61

Trend Micro
TROJ_GEN.R0CBC0PBM14
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
26766

XVirus List
Win.Detected
2.3.31

File size:
444 KB (454,656 bytes)

Product version:
1, 1, 1, 7

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\lollipop2.exe

File PE Metadata
Compilation timestamp:
1/23/2014 11:44:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Kvwl9dzZDMOvmTjXBQ4JlXY5Twf3o/f9AnrbWrgCYoL+EnqY:KSz5MFTjRQCIH0OrgCX+8/

Entry address:
0x11064

Entry point:
E8, F7, 88, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 30, 53, 33, DB, F6, 45, 10, 80, 56, 57, 8B, F0, 89, 5D, E0, 88, 5D, FE, C7, 45, D0, 0C, 00, 00, 00, 89, 5D, D4, 74, 09, 89, 5D, D8, C6, 45, FF, 10, EB, 0A, C7, 45, D8, 01, 00, 00, 00, 88, 5D, FF, 8D, 45, E0, 50, E8, AC, 8E, 00, 00, 59, 85, C0, 74, 0D, 53, 53, 53, 53, 53, E8, ED, 33, 00, 00, 83, C4, 14, 8B, 4D, 10, B8, 00, 80, 00, 00, 85, C8, 75, 11, F7, C1, 00, 40, 07, 00, 75, 05, 39, 45, E0, 74, 04, 80, 4D, FF, 80, 8B, C1, 83, E0, 03, 2B...
 
[+]

Entropy:
5.7790

Code size:
187 KB (191,488 bytes)

The file lollipop2.exe has been seen being distributed by the following URL.

Remove lollipop2.exe - Powered by Reason Core Security