lsdprn.exe

Acai Tech Ltd

The application lsdprn.exe by Acai Tech has been detected as adware by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “lsdprn”.
Publisher:
Acai Tech Ltd  (signed and verified)

MD5:
95751fbbe213bb28b5411e861ea0ffa9

SHA-1:
640344db89f0477a84e43c3923a72a6f0b931da4

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/27/2024 5:29:25 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.BitCocktail (variant)
8.10719

Reason Heuristics
PUP.Service.AcaiTech.G
14.11.21.23

File size:
251.8 KB (257,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\lsdprn.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/21/2014 9:00:00 PM

Valid to:
9/22/2015 8:59:59 PM

Subject:
CN=Acai Tech Ltd, O=Acai Tech Ltd, STREET=Rakefet 19, L=Hod Hasharon, S=Sharon, PostalCode=4520634, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
189E85B982528243713729AC8244D22C

File PE Metadata
Compilation timestamp:
11/2/2014 6:33:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:KY3LYHnt3japE3RUfhG++BGF677SMSbVz0tCFjKk:hbwjaGkhJC5Sh5zYwjn

Entry address:
0x10068

Entry point:
E8, CA, 56, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 02, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 4C, 02, 42, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 02, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 4C, 02, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Code size:
118 KB (120,832 bytes)

Service
Display name:
lsdprn

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-241-254-192.us-west-1.compute.amazonaws.com  (54.241.254.192:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (52.216.226.168:80)

Remove lsdprn.exe - Powered by Reason Core Security