» lsdprn.exe
Overview
Analysis
File Details
Behaviors (1)
Network (86)

lsdprn.exe

Acai Tech Ltd

The application lsdprn.exe by Acai Tech has been detected as adware by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “lsdprn”.

File name:

lsdprn.exe

Publisher:

Acai Tech Ltd (signed and verified)

MD5:

95751fbbe213bb28b5411e861ea0ffa9

SHA-1:

640344db89f0477a84e43c3923a72a6f0b931da4

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/16/2024 8:49:56 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.BitCocktail (variant)

8.10719

Reason Heuristics

PUP.Service.AcaiTech.G

14.11.21.23

File size:

251.8 KB (257,848 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\lsdprn.exe

Digital Signature

Signed by:

Acai Tech Ltd

Authority:

COMODO CA Limited

Valid from:

9/21/2014 9:00:00 PM

Valid to:

9/22/2015 8:59:59 PM

Subject:

CN=Acai Tech Ltd, O=Acai Tech Ltd, STREET=Rakefet 19, L=Hod Hasharon, S=Sharon, PostalCode=4520634, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

189E85B982528243713729AC8244D22C

File PE Metadata

Compilation timestamp:

11/2/2014 6:33:57 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:KY3LYHnt3japE3RUfhG++BGF677SMSbVz0tCFjKk:hbwjaGkhJC5Sh5zYwjn

Entry address:

0x10068

Entry point:

E8, CA, 56, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 02, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 4C, 02, 42, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 4C, 02, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 4C, 02, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08... 
[+]

Code size:

118 KB (120,832 bytes)

Service

Display name:

lsdprn

Type:

Win32OwnProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-241-254-192.us-west-1.compute.amazonaws.com (54.241.254.192:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (52.216.226.168:80)

Remove lsdprn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.