home

lsm.exe

TOLGA KAPLAN

The executable lsm.exe has been detected as malware by 6 anti-virus scanners.
Publisher:
TOLGA KAPLAN  (signed and verified)

Version:
1.0.0

MD5:
84241edc8f3fd8bc13efb0d35d4fec18

SHA-1:
33030d947c323ee3c25281a65e7a5945db29c82a

SHA-256:
2f5f759360cdb83dbe0ad27b49b5f86135645ab3dca12d05612e53526e733358

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/27/2024 12:00:21 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.FakeMS
2014.07.21

Avira AntiVirus
TR/ATRAPS.Gen
7.11.163.22

AVG
Generic
2015.0.3407

ESET NOD32
MSIL/Bamgadin (variant)
8.10126

IKARUS anti.virus
Trojan.MSIL.Bamgadin
t3scan.1.6.1.0

Malwarebytes
Trojan.Downloader
v2014.07.21.11

File size:
147.7 KB (151,280 bytes)

Product version:
1.0.0

Original file name:
lsmnew.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\ProgramData\lsm.exe

Digital Signature
Signed by:
TOLGA KAPLAN

Authority:
COMODO CA Limited

Valid from:
6/27/2014 3:00:00 AM

Valid to:
6/28/2015 2:59:59 AM

Subject:
CN=TOLGA KAPLAN, O=TOLGA KAPLAN, STREET=mecidiye mah. dereboyu cad. lozan sok., STREET=akgun apart. no:15/3, L=istanbul, S=besiktas, PostalCode=34347, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0166B65038D61E5435B48204CAE4795A

File PE Metadata
Compilation timestamp:
7/21/2014 3:34:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:E7RV/W6hbxAXgEHD9X+gBrcMm1GMpbkSUH0GwgQm47i4HNzp+:E7RV+6PE5OgBQ1qrZwgciGW

Entry address:
0x24EFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
140 KB (143,360 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to xx-fbcdn-shv-02-cdg1.fbcdn.net  (31.13.80.23:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.112.112:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP SSL):
Connects to server-54-230-95-84.fra2.r.cloudfront.net  (54.230.95.84:443)

TCP (HTTP SSL):
Connects to server-216-137-61-101.fra2.r.cloudfront.net  (216.137.61.101:443)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.1.145:80)

TCP (HTTP):
Connects to muc03s14-in-f15.1e100.net  (74.125.232.79:80)

TCP (HTTP):
Connects to muc03s13-in-f8.1e100.net  (74.125.232.8:80)

TCP (HTTP):
Connects to muc03s13-in-f28.1e100.net  (74.125.232.28:80)

TCP (HTTP):
Connects to muc03s13-in-f26.1e100.net  (74.125.232.26:80)

TCP (HTTP):
Connects to muc03s13-in-f13.1e100.net  (74.125.232.13:80)

TCP (HTTP SSL):
Connects to muc03s08-in-f5.1e100.net  (173.194.44.37:443)

TCP (HTTP):
Connects to muc03s08-in-f12.1e100.net  (173.194.44.44:80)

TCP (HTTP):
Connects to muc03s08-in-f0.1e100.net  (173.194.44.32:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to host-85.232.230.229.maxpi.pl  (85.232.230.229:80)

TCP (HTTP SSL):
Connects to fa-in-f95.1e100.net  (173.194.70.95:443)

TCP (HTTP):
Connects to fa-in-f156.1e100.net  (173.194.70.156:80)

TCP (HTTP):
Connects to edge-star-shv-04-vie1.facebook.com  (31.13.84.49:80)

TCP (HTTP):
Connects to ads2-f2.stickyadstv.com  (178.32.101.62:80)

Remove lsm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.