home

dblaunch.exe

The application dblaunch.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named RSPro triggered to execute each time a user logs in. This file is typically installed with the program SearchModule by Goobzo LTD. While running, it connects to the Internet address server-54-192-98-59.arn1.r.cloudfront.net on port 80 using the HTTP protocol.
Version:
1.0.4.1

MD5:
88a9542d6cb00952384c77eb1e433e19

SHA-1:
483a28772a5a9a9b3e22174a10546e33f83486fb

SHA-256:
89bd722abf312a483cf6dfa8e53b7805624621767b055883efd6fec09dde32e6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/15/2025 9:12:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo.Search.Meta (M)
16.2.24.14

File size:
324.5 KB (332,288 bytes)

Product version:
1.0.4.1

Copyright:
Copyright (C) 2016

Original file name:
DeskBar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\searchmodule\dblaunch.exe

File PE Metadata
Compilation timestamp:
2/24/2016 2:45:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:/oK4avCU/zN7TVX/LCDaMiWXbfp55KgPZ7bPEYYUf:/oK4avCUZp/L2ptXN5jZf5YUf

Entry address:
0x176C0

Entry point:
E8, 56, 08, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, 90, C1, 43, 00, FF, 75, 08, FF, 15, 8C, C1, 43, 00, 68, 09, 04, 00, C0, FF, 15, CC, C0, 43, 00, 50, FF, 15, 94, C1, 43, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 42, 10, 02, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, D8, E8, 44, 00, 89, 0D, D4, E8, 44, 00, 89, 15, D0, E8, 44, 00, 89, 1D, CC, E8, 44, 00, 89, 35, C8, E8, 44, 00, 89, 3D, C4, E8, 44, 00, 66, 8C, 15, F0, E8, 44, 00, 66, 8C, 0D, E4, E8, 44, 00, 66, 8C, 1D, C0...
 
[+]

Code size:
234.5 KB (240,128 bytes)

Scheduled Task
Task name:
RSPro

Trigger:
Logon (Runs on logon)


The file dblaunch.exe has been discovered within the following program.

SearchModule  by Goobzo LTD
www.deskbar.net
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-141-83.sfo5.r.cloudfront.net  (54.230.141.83:80)

TCP (HTTP):
Connects to server-54-230-163-238.jax1.r.cloudfront.net  (54.230.163.238:80)

TCP (HTTP):
Connects to server-54-192-98-59.arn1.r.cloudfront.net  (54.192.98.59:80)

TCP (HTTP):
Connects to server-54-230-163-242.jax1.r.cloudfront.net  (54.230.163.242:80)

Remove dblaunch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.