home

luckyinstall.exe

yssoft

The application luckyinstall.exe by yssoft has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Scriptable Install System installer.
Publisher:
luckytool  (signed by yssoft)

Product:
luckytool

Version:
1.0.0.1

MD5:
7488b7b42ae347881ffbf121b9c4ae91

SHA-1:
39e01632d1ad1875990d50970cdeaf152ba15914

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 1:59:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.6.1

File size:
1.3 MB (1,368,344 bytes)

Product version:
1.0.0.1

Copyright:
Copyright luckytool

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\windows\luckyinstall.exe

Digital Signature
Signed by:
yssoft

Authority:
thawte, Inc.

Valid from:
3/24/2016 9:00:00 AM

Valid to:
5/24/2018 8:59:59 AM

Subject:
CN=yssoft, O=yssoft, L=Chilgok-gun, S=Gyeongsangbuk-do, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4FFD8833DCF52D25418DA64CD58D741A

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x30FA

Entry point:
55, 92, 46, 64, EA, 7F, 3E, 32, 41, 54, 2C, 0B, 99, 1E, 11, 84, A7, C8, 51, C9, 58, 81, D6, 24, 54, B5, 03, 0E, BB, 21, 69, D6, B4, F4, 24, D2, 07, AC, 47, F8, 7D, 1E, 63, 96, 70, D5, ED, AC, 23, 1C, 2F, 3A, 57, 85, 0B, 5E, 0A, DF, 9D, 03, BE, 8F, F7, EF, 0E, D0, 91, D2, 2A, 90, 5E, 75, A9, 47, 65, D1, FF, 3D, 54, 4F, B6, 09, 68, EC, 13, 0E, BC, 7D, 3C, C4, 7F, 07, 6E, 8F, 88, 7E, 55, 92, 46, 64, EA, 7F, 3E, 32, 41, 54, 2C, 0B, 99, 1E, 11, 84, A7, C8, 51, C9, 58, 81, D6, 24, 54, B5, 03, 0E, BB, 21, 69, D6...
 
[+]

Entropy:
7.8301  (probably packed)

Code size:
23.5 KB (24,064 bytes)

Remove luckyinstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.