» lt_updater.dll
Overview
Analysis
File Details
Behaviors (1)

lt_updater.dll

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The module lt_updater.dll by Core Systems has been detected as adware by 4 anti-malware scanners. It is installed as a Winsock Layered Service Provider (LSP) named “NETCAPTLSP over [MSAFD Tcpip [TCP/IP]]” as a layered chain entry (32).

File name:

lt_updater.dll

Publisher:

Core Systems (signed and verified)

MD5:

57e9911f95f3be968a583c53413f95b3

SHA-1:

babfad6ba2adc1a940e7f56963e00f43af8133e4

SHA-256:

0ff4295112c0b44d2d4918d3f3bbf823fff7af13dd3db15f4541c5b98c63fd06

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

11/23/2024 7:47:01 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic_r

2016.0.3043

Reason Heuristics

PUP.Weather.CoreSystems (M)

15.7.20.8

Trend Micro House Call

Suspicious_GEN.F47V0328

7.2.201

VIPRE Antivirus

Bonzuna

39598

File size:

299.9 KB (307,112 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\localtemperature\lt_updater.dll

Digital Signature

Signed by:

Core Systems

Authority:

GoDaddy.com, Inc.

Valid from:

6/17/2014 3:26:02 PM

Valid to:

6/17/2015 3:26:02 PM

Subject:

CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B1F1B2C0AF57F

File PE Metadata

Compilation timestamp:

3/22/2015 7:52:45 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:lUHqEiD6hDHu7yFcVYZtWttXjMMiYalUazpR1Jyf1epA+PxFxhMJsS2kyH:Gn5HaLYZtgj1m1J+s6OMuA6

Entry address:

0x22DBF

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F9, BD, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 60, 12, 04, 10, E8, C2, 3B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 50, E7, 04, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, D8, 9F, 03, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.4284

Developed / compiled with:

Microsoft Visual C++

Code size:

214 KB (219,136 bytes)

Winsock2 LSP

Name:

NETCAPTLSP over [MSAFD Tcpip [TCP/IP]]

Type:

Layered Chain Entry (32)

Provider ID:

{92FBBDFD-4D61-4445-86AD-A92D54E42248}

Service flags:

0x66

Remove lt_updater.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.