home

launcher.exe

Kreapixel

The application launcher.exe, “Service client webplayer” by Kreapixel has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from softs.illyx.com.
Publisher:
Kreapixel  (signed and verified)

Description:
Service client webplayer

Version:
1.0.0.0

MD5:
e7fd552520d1daccb995ab9e80c30cad

SHA-1:
d45f1ba6065beee3d4bc4ee124f4903b640394f4

SHA-256:
0344964143c74c563427a15180862f89b1903722ac4de1bfc4efbd9aa38e08f5

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/23/2024 5:38:45 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.9
9.0.1.0358

F-Prot
W32/Undefined.Threat
v6.4.7.1.166

Reason Heuristics
PUP.Kreapixel.I
14.2.16.5

Sophos
Kreapixel
4.96

File size:
466.6 KB (477,784 bytes)

Copyright:
Kreapixel inc.

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\launcher.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
4/28/2013 1:00:00 AM

Valid to:
4/29/2014 12:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:z6Wq4aaE6KwyF5L0Y2D1PqLLFI1LV82gnom:ZthEVaPqLLFmW2Y

Entry address:
0xE2ED0

Entry point:
60, BE, 00, 10, 4A, 00, 8D, BE, 00, 00, F6, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file launcher.exe has been seen being distributed by the following URL.

http://softs.illyx.com/task/.../launcher.exe

Remove launcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.