home

play globalmu.exe

Launcher.Premium

RabanSoft.

Publisher:
RabanSoft.

Product:
Launcher.Premium

Version:
1.8.8.0

MD5:
88a5b0de2dc74cdff3b317bff792e31f

SHA-1:
37beb0824a289fe9733f352951b5ca0b6d36c31d

SHA-256:
8ec4209096979d42ebd1c68ca670f125e275e80edf6b48440939108b9a5a1ab3

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/5/2024 9:50:06 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.7383

VIPRE Antivirus
Trojan.Win32.Generic
45390

File size:
3.9 MB (4,138,496 bytes)

Product version:
1.8.8.0

Copyright:
RabanSoft. © 2012 - 2015

Trademarks:
RabanSoft.

Original file name:
IGC.Launcher.Premium.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
8/28/2015 1:08:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:9YIDOCbwRq6iKd2qDDK/jAQB7hvKN7uqHGHT2x:+yKTnPiB7JKN7ueGzA

Entry address:
0x760000

Entry point:
EB, 08, 0F, 04, 3F, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 1A, 1B, 00, 00, 01, 00, 30, 82, 1B, 16, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, 07, 30, 82, 1B, 03, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 20, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 11, 04, 82, 0F, 0D, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 07, 00, 00, 00, 26, 00, 00, 00, 01, 00, 05, 16, B2, A2, 55, F5, B2, B5, 87, BE, 22, A4, EC, 91, CF, 65, 06...
 
[+]

Entropy:
7.9499  (probably packed)

Code size:
3.1 MB (3,256,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cluster013.ovh.net  (213.186.33.24:80)

TCP (HTTP):
Connects to m3499.contabo.net  (193.34.145.202:80)

TCP:
Connects to ns516876.ip-158-69-26.net  (158.69.26.45:44406)

TCP:
Connects to m2514.contabo.host  (213.136.70.62:44406)

TCP:
Connects to ns531200.ip-149-56-28.net  (149.56.28.59:44406)

TCP (HTTP):
Connects to cluster006.ovh.net  (213.186.33.17:80)

TCP (HTTP):
Connects to WIN-MGIB0IP4L15  (123.31.39.52:80)

TCP (HTTP):
Connects to i0-h0-s1044.p0-mia.cdngp.net  (174.35.36.77:80)

TCP (HTTP):
Connects to i0-h0-s1036.p0-mia.cdngp.net  (174.35.36.44:80)

TCP:
Connects to m2482.contabo.host  (213.136.71.102:44406)

TCP (HTTP):
Connects to i0-h0-s4.p0-gig.cdngp.net  (174.35.87.69:80)

TCP (HTTP):
Connects to i0-h0-s3.p0-gig.cdngp.net  (174.35.87.68:80)

TCP (HTTP):
Connects to i0-h0-s1043.p0-mia.cdngp.net  (174.35.36.76:80)

TCP (HTTP):
Connects to i0-h0-s1033.p0-mia.cdngp.net  (174.35.36.41:80)

TCP (HTTP):
Connects to i0-h0-s1009.p0-mia.cdngp.net  (174.35.36.14:80)

TCP (HTTP):
Connects to i0-h0-s5.p0-gig.cdngp.net  (174.35.87.70:80)

TCP (HTTP):
Connects to i0-h0-s1010.p0-mia.cdngp.net  (174.35.36.15:80)

Scan play globalmu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.