» lvk2.exe
Overview
Analysis
File Details
Behaviors (1)
Network (49)

lvk2.exe

iTVA LLC

The application lvk2.exe by iTVA has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘LoviVkontakte2’. While running, it connects to the Internet address amigo.mail.ru on port 80 using the HTTP protocol.

File name:

lvk2.exe

Publisher:

iTVA LLC (signed and verified)

Version:

2.90.1.1

MD5:

495db359d61411f0688211c8dd473cb7

SHA-1:

cad7296f99733e209ce57422f348a8698245cbd5

SHA-256:

12ff1ae06ac3aca95969b2d338a24d47df80d7b70521bd7db801b715db629420

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/12/2024 7:04:29 PM UTC (today)

Scan engine

Detection

Engine version

AVG

iTVA

2015.0.3385

Reason Heuristics

PUP.Startup.iTVA.E

14.9.27.16

File size:

3.5 MB (3,702,320 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\lovivk\lvk2.exe

Digital Signature

Signed by:

iTVA LLC

Authority:

VeriSign, Inc.

Valid from:

11/23/2012 3:00:00 AM

Valid to:

11/24/2014 2:59:59 AM

Subject:

CN=iTVA LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iTVA LLC, L=St.Petersburg, S=Russian Federation, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

65EB772671D39CAF088B0D4A828C5E61

File PE Metadata

Compilation timestamp:

5/29/2014 1:33:32 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:7kHvTmkRcFKfA/GFjR2f8SboiWKajJuSeVQ87Ti4B3Xm8VE9jMrqTCYAQjHG9lYj:qviFeCGFjRa8SEisy5c9jMrvX1HktX

Entry address:

0x2DEF10

Entry point:

55, 8B, EC, B9, 07, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, 94, 45, 6D, 00, E8, FA, 02, D3, FF, 33, C0, 55, 68, 5D, F3, 6D, 00, 64, FF, 30, 64, 89, 20, A1, F8, CA, 6E, 00, 33, D2, 89, 10, E8, 06, 7C, D2, FF, 85, C0, 0F, 8E, 92, 00, 00, 00, 8D, 55, E8, B8, 01, 00, 00, 00, E8, 51, 7C, D2, FF, 8B, 45, E8, 8D, 55, EC, E8, D2, 00, D7, FF, 8B, 45, EC, BA, 78, F3, 6D, 00, E8, 0D, C2, D2, FF, 74, 2E, 8D, 55, E0, B8, 01, 00, 00, 00, E8, 2A, 7C, D2, FF, 8B, 45, E0, 8D, 55, E4, E8, AB, 00, D7, FF, 8B, 55, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.9 MB (3,007,488 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

LoviVkontakte2

Command:

C:\Program Files\lovivk\lvk2.exe -m

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to amigo.mail.ru (217.69.139.252:80)

TCP (HTTP):

Connects to spaces.ru (149.202.196.100:80)

TCP (HTTP SSL):

Connects to ec2-52-20-120-15.compute-1.amazonaws.com (52.20.120.15:443)

TCP (HTTP SSL):

Connects to ec2-52-73-109-231.compute-1.amazonaws.com (52.73.109.231:443)

TCP (HTTP):

Connects to ip-184-168-221-96.ip.secureserver.net (184.168.221.96:80)

TCP (HTTP):

Connects to bratok.mail.ru (217.69.135.163:80)

TCP (HTTP):

Connects to psyna3.zomro.com (185.154.12.212:80)

TCP (HTTP):

Connects to ts02.userfiles.me (148.251.75.167:80)

TCP (HTTP):

Connects to static.69.235.4.46.clients.your-server.de (46.4.235.69:80)

TCP (HTTP SSL):

Connects to portal-xiva.yandex.net (213.180.204.210:443)

TCP (HTTP):

Connects to ip248.152.odnoklassniki.ru (217.20.152.248:80)

TCP (HTTP):

Connects to ip132.156.odnoklassniki.ru (217.20.156.132:80)

TCP (HTTP):

Connects to yandex.ru (5.255.255.55:80)

TCP (HTTP):

Connects to top-fwz1.mail.ru (217.69.133.148:80)

TCP (HTTP):

Connects to softexport.yandex.net (87.250.250.33:80)

TCP (HTTP):

Connects to ev1s-75-125-29-229.theplanet.com (75.125.29.229:80)

TCP (HTTP):

Connects to cache-mskdataline09.cdn.yandex.net (5.45.221.19:80)

TCP (HTTP):

Connects to ts01.userfiles.me (148.251.54.179:80)

TCP (HTTP):

Connects to spdc.pbp.vip.ir2.yahoo.com (188.125.66.33:80)

TCP (HTTP):

Connects to sg2plpkivs-v01.any.prod.sin2.secureserver.net (182.50.136.237:80)

Remove lvk2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.