launchgtaiv.exe

SecuROM Launcher

Sony DADC Austria AG

This is a setup program which is used to install the application. The file has been seen being downloaded from download933.mediafire.com and multiple other hosts.
Publisher:
Sony DADC Austria AG  (signed and verified)

Product:
SecuROM Launcher

Version:
0.1.0.5

MD5:
72a0931c379ba637d15ef1a9379954e8

SHA-1:
d9d05b0d0f308f8e82266ecde6dc570df9c0abea

SHA-256:
a7cf769ae16820cd8577be9f8217fd4dc80260b928416e3b91064441e9317bd5

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/25/2024 4:53:56 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAutoA
1.3.0.4959

Dr.Web
Trojan.MulDrop5.15605
9.0.1.0134

File size:
5.6 MB (5,908,424 bytes)

Product version:
0.1.0.5

Copyright:
(c) 2008 Sony DADC Austria AG

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\launchgtaiv.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/16/2008 2:00:00 AM

Valid to:
10/13/2011 1:59:59 AM

Subject:
CN=Sony DADC Austria AG, OU=Virtual Factory, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sony DADC Austria AG, L=Salzburg, S=Salzburg, C=AT

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4BE2BE3FDD8463E4838F72B82732B8EC

File PE Metadata
Compilation timestamp:
2/17/2009 12:54:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
98304:yrMs5KKHNNwc2uXzarzqn3boZc7QON3hDu1sWi79NCKSf+7Gvlf5P8sOp2:85tixujfLz7QOxhi1Xi7DxU5Oc

Entry address:
0x72C590

Entry point:
9C, 68, F8, 2B, 00, 00, 7E, 19, 81, 04, 24, 0F, 99, B2, 39, EB, 00, 81, 04, 24, C2, 00, 00, C7, A9, E6, CB, 04, 00, EB, F5, 7D, CE, 81, 04, 24, 7F, 96, B2, 35, 90, 81, 04, 24, C2, 04, 00, CB, FF, 74, 24, 04, 9D, EB, F5, 28, B2, 9D, B8, D5, FE, FF, FF, C1, E7, 00, 8B, 84, 04, 2B, 01, 00, 00, A3, A8, FD, E1, 00, 89, 25, AC, FD, E1, 00, E8, 08, 00, 00, 00, 1E, 05, 58, 95, B2, 00, 19, D6, 81, 04, 24, 3D, 00, 00, 00, 56, 8B, 74, 24, 04, 87, 34, 24, 81, 2C, 24, 3B, 00, 00, 00, FF, 34, 24, 87, 34, 24, 8B, 36, 83...
 
[+]

Code size:
8 MB (8,364,032 bytes)

The file launchgtaiv.exe has been seen being distributed by the following 7 URLs.

http://download933.mediafire.com/dp82xop99esg/.../LaunchGTAIV.exe

http://download2161.mediafire.com/ttpmqsza3sag/.../LaunchGTAIV.exe

http://download27.mediafire.com/dgb7c6sqvzig/.../LaunchGTAIV.exe

http://s10615.chomikuj.pl/File.aspx?e=X4hDzFOpBGOJJyHOrJE-uT-4I-fH2rsAyTaW3spNziS3ct-J6oR86Jiln55PysBkyDMGLI-DyeTk5wqyoLK8YwT_861oYLQwp3VfxdQ6PJ7RQEuy4RFAhZAmhFLnkbME_kzjlSLYz8GkGltWaAQoPQ&pv=2

temp:LaunchGTAIV.exe

Scan launchgtaiv.exe - Powered by Reason Core Security