rslaunch.exe

Roboscan

Roboscan Inc.

The executable rslaunch.exe, “Launch Application” has been detected as malware by 12 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Roboscan’.
Publisher:
Roboscan Inc  (signed by Roboscan Inc.)

Product:
Roboscan

Description:
Launch Application

Version:
11, 8, 30, 1

MD5:
473eb20cbd8bf96aa2bf2cdf004fe660

SHA-1:
064a20e091249ff8fde396bc50092b0625e4ccbf

SHA-256:
16dc768f27029262dc0429f7f4dda1439094ce96e870283c7887837a0e6786e2

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/27/2024 9:03:57 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
150717-0

AVG
Win32/Parite
2015.0.4355

Dr.Web
Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

F-Secure
Win32.Parite.B
5.15.96

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.2234.0

Norman
Win32.Parite.B
10.04.2016 15:29:17

Sophos
Virus 'W32/Parite-B'
5.23

File size:
394 KB (403,410 bytes)

Product version:
2, 5, 0, 21

Copyright:
Copyright (c) 2011 - present Roboscan Inc. All rights reserved

File type:
Executable application (Win32 EXE)

Language:
Korean

Common path:
C:\Program Files\roboscan\roboscan\rslaunch.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/7/2013 7:00:00 AM

Valid to:
1/7/2016 6:59:59 AM

Subject:
CN=Roboscan Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Roboscan Inc., L=Santa Clara, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57550E3DACBF2AF4CBA0AB443B6373E0

File PE Metadata
Compilation timestamp:
11/19/2013 10:00:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:pytxGGzaOdUsCHO1SPXP+8O6+h5wogFO782SGr0YNCYUDz+L88pSHSoFRBRd/92:UzFdUP+8a5wogFQSG4YE+t/mDd/92

Entry address:
0x38000

Entry point:
B9, 38, E3, 81, 00, 68, 18, 80, 43, 00, 5F, 90, 68, 98, 05, 00, 00, 5A, 90, 90, 31, 0C, 3A, 83, EA, 04, 75, F8, D0, 9E, 80, 00, 38, E3, 81, 00, 38, E3, C1, 00, 30, 3C, 81, 00, 78, 92, 82, 00, EA, 94, 82, 00, 38, 53, 83, 00, 39, E3, 81, 00, BC, E3, C0, 00, E6, D6, C0, 00, CC, D6, C0, 00, 38, C3, 80, 00, E4, D6, 80, 00, CA, D6, 80, 00, BC, 0D, 81, 00, E4, D6, 80, 00, CA, D6, 80, 00, 38, E3, 81, 00, 38, E3, 81, 00, 38, E3, 81, 00, 90, E3, C0, 00, 38, E3, 81, 00, 38, E3, 81, 00, 38, E3, 81, 00, 38, E3, 81, 00...
 
[+]

Entropy:
7.6185

Code size:
58.5 KB (59,904 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Roboscan

Command:
"C:\Program Files\roboscan\roboscan\rslaunch.exe" \run


Remove rslaunch.exe - Powered by Reason Core Security