home

launcher.exe

Launcher

The executable launcher.exe has been detected as malware by 4 anti-virus scanners. While running, it connects to the Internet address hosted-by.reliablesite.net on port 8080.
Publisher:
Launcher

Description:
Powered by LaBaK

Version:
1.0.0.0

MD5:
bde24dfa36fa35adb53757a6d88b78ad

SHA-1:
154323fae5c795ef5e2357ec8c2dadf8c84a2a06

SHA-256:
c8f24e97d772e8be24339b075187f58ae9d13925c3785e5b3a4acac1940efca3

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/23/2024 5:20:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.PWS.Banker
7.1.1

Avira AntiVirus
TR/Agent.1523712.132
8.3.2.2

Dr.Web
Trojan.PWS.Banker1.16879
9.0.1.0343

McAfee
Artemis!BDE24DFA36FA
5600.6557

File size:
1.5 MB (1,523,712 bytes)

Product version:
1.0.0.0

Copyright:
Todos os direitos reservados - Powered by LaBaK

File type:
Executable application (Win32 EXE)

Language:
Portugués (Brasil)

Common path:
C:\users\{user}\downloads\cliente muchile season 2\cliente muchile season 2\launcher.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:X2uJAh1WDAJNuySVuoOMCnNmmGsglivm36pPU4F3a5bZQTTssW:mAqNnNmR3YK65ggTssW

Entry address:
0x13A554

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, 9F, 53, 00, E8, B0, C8, EC, FF, A1, 9C, 0F, 54, 00, 8B, 00, E8, 04, 0C, F3, FF, 8B, 0D, 7C, 11, 54, 00, A1, 9C, 0F, 54, 00, 8B, 00, 8B, 15, 00, 82, 53, 00, E8, 04, 0C, F3, FF, 8B, 0D, C4, 0C, 54, 00, A1, 9C, 0F, 54, 00, 8B, 00, 8B, 15, 28, 79, 53, 00, E8, EC, 0B, F3, FF, A1, 9C, 0F, 54, 00, 8B, 00, E8, 60, 0C, F3, FF, E8, DB, A3, EC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.2 MB (1,283,584 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.reliablesite.net  (45.126.209.47:8080)

TCP (HTTP):
Connects to ip100.ip-144-217-47.net  (144.217.47.100:80)

TCP (HTTP):
Connects to anientryvant.com  (167.114.135.145:80)

TCP (HTTP):
Connects to server-54-230-51-208.jfk5.r.cloudfront.net  (54.230.51.208:80)

TCP (HTTP):
Connects to server-54-230-51-171.jfk5.r.cloudfront.net  (54.230.51.171:80)

TCP (HTTP):
Connects to server-54-230-51-33.jfk5.r.cloudfront.net  (54.230.51.33:80)

TCP (HTTP):
Connects to server-54-230-51-147.jfk5.r.cloudfront.net  (54.230.51.147:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to server-54-230-51-222.jfk5.r.cloudfront.net  (54.230.51.222:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-eze1.fbcdn.net  (31.13.94.24:443)

TCP (HTTP):
Connects to server-54-230-51-53.jfk5.r.cloudfront.net  (54.230.51.53:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-mia1.facebook.com  (157.240.0.35:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-mia1.fbcdn.net  (31.13.73.7:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:80)

TCP (HTTP):
Connects to server-54-230-51-8.jfk5.r.cloudfront.net  (54.230.51.8:80)

TCP (HTTP):
Connects to server-54-230-51-212.jfk5.r.cloudfront.net  (54.230.51.212:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-gru2.facebook.com  (157.240.12.35:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-eze1.facebook.com  (31.13.94.35:443)

Remove launcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.