home

lollipop_05211600.exe

The application lollipop_05211600.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘lollipop_05211600’. While running, it connects to the Internet address w01.lopn.eu on port 80 using the HTTP protocol.
MD5:
f48ad2fbfc84178d2de532309cfe3094

SHA-1:
0431dd4649627282594d8413310a2bd32fd35a78

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/8/2024 8:51:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.140101
967

avast!
Win32:Adware-BQJ [Adw]
2014.9-140612

AVG
Win32/Cryptor
2015.0.3445

Baidu Antivirus
Trojan.Win32.Skintrim
4.0.3.14612

Bitdefender
Gen:Variant.Adware.Graftor.140101
1.0.20.815

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.140101
8.14.06.12.07

ESET NOD32
Win32/Skintrim.MK (variant)
8.9877

Fortinet FortiGate
Riskware/Lollipop
6/12/2014

F-Secure
Gen:Variant.Adware.Graftor.140101
11.2014-12-06_5

G Data
Gen:Variant.Adware.Graftor.140101
14.6.24

IKARUS anti.virus
AdWare.Win32.Lollipop
t3scan.1.6.1.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Lollipop
14.0.0.3721

McAfee
Artemis!F48AD2FBFC84
5600.7101

Microsoft Security Essentials
Adware:Win32/Lollipop
1.10600

MicroWorld eScan
Gen:Variant.Adware.Graftor.140101
15.0.0.489

Norman
Skintrim.PCK
11.20140612

Panda Antivirus
Trj/CI.A
14.06.12.07

Sophos
Generic PUA AE
4.98

Trend Micro House Call
TROJ_GEN.R0C1C0DES14
7.2.163

Trend Micro
TROJ_GEN.R0C1C0DES14
10.465.12

File size:
2.9 MB (3,013,632 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\lollipop\lollipop_05211600.exe

File PE Metadata
Compilation timestamp:
1/7/2014 6:03:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:mHAAAAApQ/rZ+r7iM/mOR7gqOibxEN7qd1ndu64oCDrHYMfLitp1D4ic44n/EHat:2AAAAAqYDcQiiudoPYMWbe2fHa

Entry address:
0x3A7A

Entry point:
E8, 2D, 32, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 53, FC, FF, FF, C7, 06, 40, B3, 40, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 40, B3, 40, 00, E9, 08, FD, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 40, B3, 40, 00, E8, F5, FC, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 0A, F7, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Code size:
38.5 KB (39,424 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
lollipop_05211600

Command:
"C:\Documents and Settings\{user}\Application data\lollipop\lollipop_05211600.exe" lollipop_05211600


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to w01.lopn.eu  (5.39.47.211:80)

Remove lollipop_05211600.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.