Lollipop

Category: Adware and PUAs Protection available since:21 Apr 2013 22:06:22 (GMT)
Type: Adware Last Updated:27 Sep 2014 06:12:53 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Lollipop include:

Example 1

File Information

Size
3.2M
SHA-1
00ab590eca864592e9888dc36f80a8345a1959bd
MD5
66a9fd5fcaf80f97ccc53780eb8ee505
CRC-32
9feb6449
File type
Windows executable
First seen
2013-12-31

Runtime Analysis

Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe

Example 2

File Information

Size
163K
SHA-1
00ac95ef328e9f6fbd55df3088dc46331fb65448
MD5
4b197c7d4289fefe6ba1b5e118dd10e3
CRC-32
3efa00a2
File type
Windows executable
First seen
2014-03-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\okitspace\protect\config.xml
  • c:\Documents and Settings\test user\Application Data\okitspace\protect\sqlite3.exe
  • c:\Documents and Settings\test user\Application Data\okitspace\protect\PluginProtect.exe
    Size
    53K
    SHA-1
    940153d4ace0213391fb22b5452a8f52a347a376
    MD5
    43f6d9732bd9bdb97d3de5317edfb792
    CRC-32
    c7b6dba8
    File type
    Windows executable
    First seen
    2012-01-27
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\headerleft.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\System.dll
  • c:\Documents and Settings\test user\Application Data\okitspace\protect\utilsDll.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\modern-header.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\ButtonEvent.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr9.tmp\inetc2.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_DE.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_EN.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\inetc2.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\nsDialogs.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_FR.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_ES.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_IT.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_NL.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\License_PT.rtf
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\modern-wizard.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\traktor-na-gospodarstwie.dl.exe
    Size
    899K
    SHA-1
    251807a4b3d26cf7541a01b5c7285359a25f4483
    MD5
    f95be481873be8c26084121a82241c92
    CRC-32
    89f754de
    File type
    Windows executable
    First seen
    2014-03-10
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr9.tmp\nsArray.dll
  • c:\Documents and Settings\test user\Application Data\okitspace\protect\Interop.Shell32.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsj6.tmp\Registry.dll
Processes Created
  • c:\docume~1\support\locals~1\temp\traktor-na-gospodarstwie.dl.exe
HTTP Requests
  • http://cdninst.com/offers/Okitspace/Okitspace.exe
  • http://cdninst.com/offers/SoftwareUpdater/SoftwareUpdater.exe
  • http://dld.oinst02.eu/installer/Files/740/a79/54ff3027ae246a2303ec247df943c/traktor-na-gospodarstwie.dl.exe
  • http://stats.oinst.com/report/
  • http://statso.okitspace.com/install/onekitaffiliates_740
DNS Requests
  • cdninst.com
  • dld.oinst02.eu
  • download.oneinstaller.com
  • staticsgame.com
  • stats.oinst.com
  • statso.okitspace.com

Example 3

File Information

Size
163K
SHA-1
00f51d18d3b9a0a2f322675b7426311fcdb5452f
MD5
fdb47d162df0fdc404d63303ffb2c84b
CRC-32
1792ed16
File type
Windows executable
First seen
2014-03-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\is2118366767\129713_stp.EXE.part
  • c:\Documents and Settings\test user\Local Settings\Temp\is2118366767\129713_stp.EXE
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Grey_Button_Hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\NO.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\FI.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\images\progress-bg-corner.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\FR.locale
  • c:\Documents and Settings\test user\Desktop\Continue AdobeReader Downloader Installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\20140310113405.149.exe
    Size
    672K
    SHA-1
    ee87b8b8c51506f28d2760563f128f7cb5bf57d5
    MD5
    025d89be10dbc457c29b94419fa4d55c
    CRC-32
    c2c3917a
    File type
    Windows executable
    First seen
    2014-03-10
  • c:\Documents and Settings\test user\Local Settings\Temp\ICReinstall_20140310113405.149.exe
    Size
    672K
    SHA-1
    ee87b8b8c51506f28d2760563f128f7cb5bf57d5
    MD5
    025d89be10dbc457c29b94419fa4d55c
    CRC-32
    c2c3917a
    File type
    Windows executable
    First seen
    2014-03-10
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Color_Button_Hover.png
  • c:\Documents and Settings\test user\My Documents\AdobeReader.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\ZH.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\ProgressBar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Grey_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\close.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\CS.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\images\progress-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\BG.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\PT.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\EL.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\ie6_main.css
    Size
    1.9K
    SHA-1
    e792ed3676746fe81b1b93ec6c11c7b27a121c96
    MD5
    5fa9587859aea5525ad5461d188c169a
    CRC-32
    1da8cd56
    File type
    Cascading Style Sheet
    First seen
    2013-10-25
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\SV.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\csshover3.htc
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\RU.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\DA.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\browse.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\images\progress-bg2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\close_hover.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\progress-bar.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\images\button-bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\default_wi.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Pause_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Color_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\button.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\TR.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\DE.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\css\sdk-ui\checkbox.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Quick_Specs.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\NL.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\IT.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\sponsored.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\icon_generic.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\progress.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\ES.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\AR.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\Resume_Button.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\JA.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\ID.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\default_tb.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\EN.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\KO.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\locale\PL.locale
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\form.bmp.Mask
  • c:\Documents and Settings\test user\Local Settings\Temp\ish123656\images\girl.swf
Registry Keys Created
  • HKCU\Software\OneKit
    AdobeReader.exe
    1394451267087,http://media.oneinstaller.com/oneinstaller/statics/software/AdobeReader.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    20140310113405.149.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\20140310113405.149.exe
HTTP Requests
  • http://img.nenininitok.com/img/Global/No_Button.png
  • http://img.nenininitok.com/img/Global/No_Button_Hover.png
  • http://img.nenininitok.com/img/Global/Yes_Button.png
  • http://img.nenininitok.com/img/Global/Yes_Button_Hover.png
  • http://img.nenininitok.com/img/Global/declineBG.png
  • http://media.oneinstaller.com/oneinstaller/statics/software/AdobeReader.exe
DNS Requests
  • download.oneinstaller.com
  • img.nenininitok.com
  • media.oneinstaller.com
  • os.nenininitok.com
  • rp.nenininitok.com

download Try Sophos products for free
Download now