ltvsrv.exe

LTVSrv.exe

Atom Security OOO

The application ltvsrv.exe by Atom Security OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “LTVSrv”. While running, it connects to the Internet address edge-star-shv-01-ort2.facebook.com on port 443.
Publisher:
AtomPark  (signed by Atom Security OOO)

Product:
LTVSrv.exe

Version:
2.2.3.4

MD5:
29cb964e381d5140270115bc30e1da74

SHA-1:
5d5e5ce47fbe26d5a308e242b4622bc118df27ad

SHA-256:
b349621aa5b3fdc5345f3c7f80182de92a8e9a39b55c41a08e811265b56a4be0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 10:34:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.AtomSecurity.Service
16.1.14.6

File size:
2.1 MB (2,161,752 bytes)

Product version:
2.2.3.4

Copyright:
Copyright © 2010

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\syswow64\ltprx\ltvsrv.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/27/2014 5:30:00 AM

Valid to:
6/28/2015 5:29:59 AM

Subject:
CN=Atom Security OOO, OU=development, O=Atom Security OOO, STREET="Academician Koptyuga Prospect, 4,office 158", L=Novosibirsk, S=nso, PostalCode=630090, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008200A1D4B7C395979CA095ACAC936522

File PE Metadata
Compilation timestamp:
3/24/2014 3:43:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:q0ByQOA5uyFOFZa4V0WCrXJhas5LxvoncpvaPVT8n:q0BxOA4QOFvCrXJZ5t/

Entry address:
0xB14A9

Entry point:
E8, 01, A4, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 0C, 5F, 00, E8, F1, 18, 00, 00, E8, 48, 12, 00, 00, 0F, B7, F0, 6A, 02, E8, 17, 44, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D1, 4E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4594

Code size:
1.5 MB (1,559,552 bytes)

Service
Display name:
LTVSrv

Description:
LTVSrv's Redirector service

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to host-156.198.202.220-static.tedata.net  (156.198.220.202:11337)

TCP (HTTP SSL):
Connects to edge-star-shv-01-ort2.facebook.com  (157.240.2.20:443)

TCP:
Connects to wtl.worldcall.net.pk  (111.88.158.20:6881)

TCP:
Connects to WHK-BR01-42-182-7-82.ipb.na  (41.182.7.82:53495)

TCP:
Connects to ppp-171-97-3-213.revip8.asianet.co.th  (171.97.3.213:50389)

TCP:
Connects to node-103-252-167-52.alliancebroadband.in  (103.252.167.52:51224)

TCP:
Connects to net-37-116-23-133.cust.vodafonedsl.it  (37.116.23.133:6881)

TCP:
Connects to ip188c37.banglalionwimax.com  (58.97.188.37:53038)

TCP:
Connects to host-93-92-56-046.comunique.hu  (93.92.56.46:53370)

TCP:
Connects to fm-dyn-111-94-184-39.fast.net.id  (111.94.184.39:47710)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mad1.facebook.com  (31.13.83.36:443)

TCP:
Connects to dynamic.ip.89.148.1.158.batelco.com.bh  (89.148.1.158:28419)

TCP:
Connects to default-rdns.vocus.co.nz  (101.98.112.94:42625)

TCP:
Connects to customer-ZIHU-55-137.megared.net.mx  (177.247.55.137:58870)

TCP:
Connects to cgn-nat-188-64-25-29.simobil.net  (188.64.25.29:51814)

TCP:
Connects to catv-89-135-67-187.catv.broadband.hu  (89.135.67.187:50139)

TCP:
Connects to c-74-114-79-229.netflash.net  (74.114.79.229:26481)

TCP:
Connects to btl-new-ip-99.btl.net  (190.197.8.99:24504)

TCP:
Connects to broadband.actcorp.in  (124.123.90.195:14193)

TCP:
Connects to b3ded1bb.virtua.com.br  (179.222.209.187:62207)

Remove ltvsrv.exe - Powered by Reason Core Security