lt_updater.dll

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The module lt_updater.dll by Core Systems has been detected as adware by 4 anti-malware scanners. It is installed as a Winsock Layered Service Provider (LSP) named “NETCAPTLSP over [MSAFD Tcpip [TCP/IP]]” as a layered chain entry (32).
Publisher:
Core Systems  (signed and verified)

MD5:
57e9911f95f3be968a583c53413f95b3

SHA-1:
babfad6ba2adc1a940e7f56963e00f43af8133e4

SHA-256:
0ff4295112c0b44d2d4918d3f3bbf823fff7af13dd3db15f4541c5b98c63fd06

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/24/2024 1:34:09 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic_r
2016.0.3043

Reason Heuristics
PUP.Weather.CoreSystems (M)
15.7.20.8

Trend Micro House Call
Suspicious_GEN.F47V0328
7.2.201

VIPRE Antivirus
Bonzuna
39598

File size:
299.9 KB (307,112 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\localtemperature\lt_updater.dll

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/17/2014 3:26:02 PM

Valid to:
6/17/2015 3:26:02 PM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
3/22/2015 7:52:45 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:lUHqEiD6hDHu7yFcVYZtWttXjMMiYalUazpR1Jyf1epA+PxFxhMJsS2kyH:Gn5HaLYZtgj1m1J+s6OMuA6

Entry address:
0x22DBF

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F9, BD, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 60, 12, 04, 10, E8, C2, 3B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 50, E7, 04, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, D8, 9F, 03, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.4284

Developed / compiled with:
Microsoft Visual C++

Code size:
214 KB (219,136 bytes)

Winsock2 LSP
Name:
NETCAPTLSP over [MSAFD Tcpip [TCP/IP]]

Type:
Layered Chain Entry (32)

Provider ID:
{92FBBDFD-4D61-4445-86AD-A92D54E42248}

Service flags:
0x66


Remove lt_updater.dll - Powered by Reason Core Security