home

lollipopinstaller.exe

-L-o-l-l-i-p-o-p-I-n-s-t-a-l-l-e-r-

Lollipop Network, S.L.

The application lollipopinstaller.exe by Lollipop Network, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3c91y686yuead.cloudfront.net.
Publisher:
-L-o-l-l-i-p-o-p---N-e-t-w-o-r-k-  (signed by Lollipop Network, S.L.)

Product:
-L-o-l-l-i-p-o-p-I-n-s-t-a-l-l-e-r-

Version:
1, 0, 1, 3

MD5:
1c609c528f4d1bc37c2c628732caab84

SHA-1:
bb5cec38c5b97fbbc397a1cad8d256fc97831fe4

SHA-256:
96c6d202c9572abf0d1073a878e9023a3cf25db306236ff011511ac2d242aeef

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/8/2024 5:56:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Lollipop.LollipopNetwork.Installer (M)
16.2.2.3

File size:
276.1 KB (282,704 bytes)

Product version:
1, 0, 1, 3

Copyright:
Copyright (C) 2012

Original file name:
-L-o-l-l-i-p-o-p-I-n-s-t-a-l-l-e-r-

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\lollipopinstaller.exe

Digital Signature
Signed by:
Lollipop Network, S.L.

Authority:
Thawte, Inc.

Valid from:
8/6/2012 2:00:00 AM

Valid to:
8/7/2013 1:59:59 AM

Subject:
CN="Lollipop Network, S.L.", O="Lollipop Network, S.L.", L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4D8260FEA71CCA41ED835FE438CB259C

File PE Metadata
Compilation timestamp:
11/26/2012 12:29:18 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:PSqcusAxKwzyxgbOXidzp7Abnt+rQkC69spiW+3woODx1ZP5fe8X9mHn2A:PhrWg7Wn7i3woYxLP5fj9mHP

Entry address:
0x2F02D

Entry point:
E8, B9, 54, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, 14, 44, 00, 89, 0D, 14, 14, 44, 00, 89, 15, 10, 14, 44, 00, 89, 1D, 0C, 14, 44, 00, 89, 35, 08, 14, 44, 00, 89, 3D, 04, 14, 44, 00, 66, 8C, 15, 30, 14, 44, 00, 66, 8C, 0D, 24, 14, 44, 00, 66, 8C, 1D, 00, 14, 44, 00, 66, 8C, 05, FC, 13, 44, 00, 66, 8C, 25, F8, 13, 44, 00, 66, 8C, 2D, F4, 13, 44, 00, 9C, 8F, 05, 28, 14, 44, 00, 8B, 45, 00, A3, 1C, 14, 44, 00, 8B, 45, 04, A3, 20, 14, 44, 00, 8D, 45, 08, A3, 2C, 14, 44...
 
[+]

Code size:
233 KB (238,592 bytes)

The file lollipopinstaller.exe has been seen being distributed by the following URL.

http://d3c91y686yuead.cloudfront.net/xmlcdn/.../LollipopInstallerv3.exe

Remove lollipopinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.