» rslaunch.exe
Overview
Analysis
File Details
Behaviors (1)

rslaunch.exe

Roboscan

Roboscan Inc.

The executable rslaunch.exe, “Launch Application” has been detected as malware by 12 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Roboscan’.

File name:

rslaunch.exe

Publisher:

Roboscan Inc (signed by Roboscan Inc.)

Product:

Roboscan

Description:

Launch Application

Version:

11, 8, 30, 1

MD5:

473eb20cbd8bf96aa2bf2cdf004fe660

SHA-1:

064a20e091249ff8fde396bc50092b0625e4ccbf

SHA-256:

16dc768f27029262dc0429f7f4dda1439094ce96e870283c7887837a0e6786e2

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

11/15/2024 6:37:25 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

150717-0

AVG

Win32/Parite

2015.0.4355

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.96

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.2234.0

Norman

Win32.Parite.B

10.04.2016 15:29:17

Sophos

Virus 'W32/Parite-B'

5.23

File size:

394 KB (403,410 bytes)

Product version:

2, 5, 0, 21

File type:

Executable application (Win32 EXE)

Language:

Korean

Common path:

C:\Program Files\roboscan\roboscan\rslaunch.exe

Digital Signature

Signed by:

Roboscan Inc.

Authority:

VeriSign, Inc.

Valid from:

11/7/2013 7:00:00 AM

Valid to:

1/7/2016 6:59:59 AM

Subject:

CN=Roboscan Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Roboscan Inc., L=Santa Clara, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

57550E3DACBF2AF4CBA0AB443B6373E0

File PE Metadata

Compilation timestamp:

11/19/2013 10:00:33 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:pytxGGzaOdUsCHO1SPXP+8O6+h5wogFO782SGr0YNCYUDz+L88pSHSoFRBRd/92:UzFdUP+8a5wogFQSG4YE+t/mDd/92

Entry address:

0x38000

Entry point:

B9, 38, E3, 81, 00, 68, 18, 80, 43, 00, 5F, 90, 68, 98, 05, 00, 00, 5A, 90, 90, 31, 0C, 3A, 83, EA, 04, 75, F8, D0, 9E, 80, 00, 38, E3, 81, 00, 38, E3, C1, 00, 30, 3C, 81, 00, 78, 92, 82, 00, EA, 94, 82, 00, 38, 53, 83, 00, 39, E3, 81, 00, BC, E3, C0, 00, E6, D6, C0, 00, CC, D6, C0, 00, 38, C3, 80, 00, E4, D6, 80, 00, CA, D6, 80, 00, BC, 0D, 81, 00, E4, D6, 80, 00, CA, D6, 80, 00, 38, E3, 81, 00, 38, E3, 81, 00, 38, E3, 81, 00, 90, E3, C0, 00, 38, E3, 81, 00, 38, E3, 81, 00, 38, E3, 81, 00, 38, E3, 81, 00... 
[+]

Entropy:

7.6185

Code size:

58.5 KB (59,904 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Roboscan

Command:

"C:\Program Files\roboscan\roboscan\rslaunch.exe" \run

Remove rslaunch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.