ltvsrv.exe

LTVSrv.exe

Atom Security OOO

The application ltvsrv.exe by Atom Security OOO has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “LTVSrv”. While running, it connects to the Internet address xiva-daria.mail.yandex.net on port 443.
Publisher:
AtomPark  (signed by Atom Security OOO)

Product:
LTVSrv.exe

Version:
2.2.4.5

MD5:
dfd1ec95d7eeb39615633d9454a54404

SHA-1:
16e983b7f70a4cee7cf7ba6900444562cdadf1ff

SHA-256:
b292a26bc65235919c4db87f53e5d978f560bb1d462218b58847b3d95fc9a280

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:40:07 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
riskware program Program.Staffcop.13
9.0.1.05190

Reason Heuristics
PUP.Optional.Service
15.6.9.19

File size:
3.5 MB (3,641,944 bytes)

Product version:
2.2.4.5

Copyright:
Copyright © 2010

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Windows\System32\ltprx\ltvsrv.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/26/2014 5:00:00 PM

Valid to:
6/27/2015 4:59:59 PM

Subject:
CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET="Academician Koptyuga Prospect, 4,office 158", L=Novosibirsk, S=nso, PostalCode=630090, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008200A1D4B7C395979CA095ACAC936522

File PE Metadata
Compilation timestamp:
9/10/2014 3:20:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:kL5HNaSPwQPKr/TERjKkivzYDrCa2gUM6iCoXnzQMwnKpTZ0p/T1a:klXPs/8rivzsrCEUM6irXzQzT1

Entry address:
0x13F636

Entry point:
E8, B4, EE, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 74, D4, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, F5, D4, FF, FF, 59, 33, C0, EB, 4D, 57, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 48, 78, 76, 00, FF, 15, 78, CD, 76, 00, 8B, F8, 85, FF, 75, 5E, 39, 05, 4C, 78, 76, 00, 74, 40, 56, E8, 81, 16, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 71, 16, 00, 00, 59, E8, B5, ED, FF, FF, C7, 00, 0C, 00, 00, 00, 33...
 
[+]

Entropy:
5.9082

Code size:
2.8 MB (2,903,040 bytes)

Service
Display name:
LTVSrv

Description:
LTVSrv's Redirector service

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xiva-daria.mail.yandex.net  (213.180.193.179:443)

TCP:
Connects to xmpp.disk.yandex.net  (213.180.204.147:5222)

TCP:
Connects to lr-in-f188.1e100.net  (209.85.233.188:5228)

TCP:
Connects to ip50.155.odnoklassniki.ru  (217.20.155.50:5222)

TCP:
Connects to ip140.156.odnoklassniki.ru  (217.20.156.140:5222)

TCP:
Connects to ip228.152.odnoklassniki.ru  (217.20.152.228:5222)

TCP (HTTP SSL):
Connects to portal-xiva.yandex.net  (87.250.250.210:443)

TCP (HTTP SSL):
Connects to yandex.ru  (5.255.255.5:443)

TCP (HTTP SSL):
Connects to ec2-52-18-102-29.eu-west-1.compute.amazonaws.com  (52.18.102.29:443)

TCP (HTTP SSL):
Connects to ec2-34-249-169-137.eu-west-1.compute.amazonaws.com  (34.249.169.137:443)

TCP (HTTP SSL):
Connects to sync.disk.yandex.net  (93.158.134.148:443)

TCP (HTTP):
Connects to ip132.156.odnoklassniki.ru  (217.20.156.132:80)

TCP (HTTP SSL):
Connects to api.browser.yandex.ru  (93.158.134.82:443)

TCP (HTTP SSL):
Connects to static.180.96.76.144.clients.your-server.de  (144.76.96.180:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to ec2-52-18-90-130.eu-west-1.compute.amazonaws.com  (52.18.90.130:443)

TCP (HTTP SSL):
Connects to ec2-52-17-107-160.eu-west-1.compute.amazonaws.com  (52.17.107.160:443)

TCP (HTTP SSL):
Connects to amigo.mail.ru  (217.69.139.252:443)

TCP (HTTP SSL):
Connects to 16-36-203-37.ipay.ua  (37.203.36.16:443)

Remove ltvsrv.exe - Powered by Reason Core Security