Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Additional versions
Relationships
Parent process
Related files
 PE file structure
|
Show functions |
Import table
mscoree.dll
DllMain
updateluckyleap.exe
By lucky leap (Signed)
| Version: | 1.0.5023.28014 |
| MD5: | 2cc475da331298148acf59bc22e923f1 |
| SHA1: | 6ed486f65e6c7ab9b3cadcaae9a7f1200fde3b59 |
| SHA256: | 723c53133fd1b8109b9c68cb13b9add9960ea25e45918ae153f7b74542c4c894 |
Warning 8 antivirus scanners has detected malware.
Overview
updateluckyleap.exe is malware that runs as a service under the name Update lucky leap with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including lucky leap 3.0.0 published by Yontoo Technology, Inc., lucky leap 1.0.0 from Yontoo Technology, Inc. and lucky leap 1.0.0 by Yontoo Technology, Inc.. The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by lucky leap which was issued by the VeriSign certificate authority (CA).
Details
| File name: | updateluckyleap.exe |
| Publisher: | lucky leap |
| Description: | luckyleap |
| Typical file path: | C:\Program Files\lucky leap\updateluckyleap.exe |
| Original name: | luckyleap.exe |
| File version: | 1.0.5023.28014 |
| Size: | 63.78 KB (65,312 bytes) |
| Build date: | 10/2/2013 12:34 PM |
| Certificate |
| Issued to: | lucky leap |
| Authority (CA): | VeriSign |
| Effective date: | Monday, August 12, 2013 |
| Expiration date: | Thursday, August 13, 2015 |
| Digital DNA |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Programs
The following programs will install this file
From the privacy policy - "We use the information we collect from and receive about users to provide the Software to you, to measure and improve the Software, to personalize your experience by delivering relevant content, advertising, and marketing messages, and to provide you with customer support and respond to inquiries. We may use aggregated, anonymous data about use of and activity on the Software to assist us in this regard and su...
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 8 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| AhnLab V3 Internet Security |
2013.11.23 |
Adware/Win32.Downloader |
| Bkav Security |
1.3.0.4562 |
W32.Clod25f.Trojan.8351 |
| ESET NOD32 |
7.9085 |
a variant of Win32/BrowseFox.G |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.LuckyLeap.A |
| nProtect |
2013-11-22.02 |
Adware/W32.Agent.65312 |
| Trend Micro |
9.740.0.1012 |
ADW_LUCKYLEAP |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH07K213 |
| VIPRE Antivirus |
23638 |
Yontoo (fs) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00724196% | |
| Kernel CPU: | 0.00378689% | |
| User CPU: | 0.00345508% | |
| Kernel CPU time: | 334,250 ms/min | |
| CPU cycles: | 269,848/sec | |
| Context switches: | 3/sec | |
| Memory |
| Private memory: | 22.71 MB | |
| Private (maximum): | 22.45 MB | |
| Private (minimum): | 11.95 MB | |
| Non-paged memory: | 22.71 MB | |
| Virtual memory: | 158.12 MB | |
| Virtual memory (peak): | 168.15 MB | |
| Working set: | 17.59 MB | |
| Working set (peak): | 23.07 MB | |
| Page faults: | 19,692/min | |
| I/O |
| I/O read transfer: | 1.27 KB/sec | |
| I/O read operations: | 1/sec | |
| I/O write transfer: | 165 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 307 Bytes/sec | |
| I/O other operations: | 11/sec | |
| Resource allocations |
| Threads: | 11 | |
| Handles: | 479 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 2 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command lines: |
- "C:\Program Files\lucky leap\updateluckyleap.exe"
- "C:\Program Files\lucky leap\bin\utilluckyleap.exe"
|
| Owner: | SYSTEM |
| Windows Service |
| Service name: | Update lucky leap |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| mscorwks.dll |
| Total CPU: | 0.07597222% | |
| Kernel CPU: | 0.00637241% | |
| User CPU: | 0.06959981% | |
| CPU cycles: | 1,983,249/sec | |
| Memory: | 5.66 MB | |
| updateluckyleap.exe (main module) |
| Total CPU: | 0.00409747% | |
| Kernel CPU: | 0.00126952% | |
| User CPU: | 0.00282795% | |
| CPU cycles: | 111,827/sec | |
| Memory: | 80 KB | |
| ntdll.dll |
| Total CPU: | 0.00317633% | |
| Kernel CPU: | 0.00122144% | |
| User CPU: | 0.00195489% | |
| CPU cycles: | 78,611/sec | |
| Context switches: | 1/sec | |
| Memory: | 1.23 MB | |
| mscoree.dll (Microsoft .NET Framework by Microsoft) |
| Total CPU: | 0.00294718% | |
| Kernel CPU: | 0.00109459% | |
| User CPU: | 0.00185259% | |
| Memory: | 296 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
32.43% |
|
| Windows 7 Home Premium |
27.03% |
|
| Windows 7 Professional |
21.62% |
|
| Microsoft Windows XP |
10.81% |
|
| Windows 8 Enterprise |
5.41% |
|
| Windows 8.1 Pro |
2.70% |
|
Distribution by country
United States installs about 28.57% of updateluckyleap.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
27.66% |
|
| Dell |
21.28% |
|
| Compaq |
17.02% |
|
| ASUS |
17.02% |
|
| Acer |
8.51% |
|
| Sony |
4.26% |
|
| American Megatrends |
4.26% |
|
