rslaunch.exe

Roboscan

Roboscan Inc.

The executable rslaunch.exe, “Launch Application” has been detected as malware by 12 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Roboscan’.
Publisher:
Roboscan Inc  (signed by Roboscan Inc.)

Product:
Roboscan

Description:
Launch Application

Version:
11, 8, 30, 1

MD5:
6655f70f1ec698537b32ab3301949689

SHA-1:
ec8405586e695c9b4bc50f8038064e1648310582

SHA-256:
c1c342ccb87b390990be0b6209cb8643c0a7bd930f9ac19fc2b9c71ac69dcd5e

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/27/2024 9:27:54 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
150717-0

AVG
Win32/Parite
2015.0.4355

Dr.Web
Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

F-Secure
Win32.Parite.B
5.15.96

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.2080.0

Norman
Win32.Parite.B
02.04.2016 17:35:19

VIPRE Antivirus
Threat.46249
29708

File size:
394 KB (403,422 bytes)

Product version:
2, 5, 0, 21

Copyright:
Copyright (c) 2011 - present Roboscan Inc. All rights reserved

File type:
Executable application (Win32 EXE)

Language:
Korean

Common path:
C:\Program Files\roboscan\roboscan\rslaunch.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/7/2013 7:00:00 AM

Valid to:
1/7/2016 6:59:59 AM

Subject:
CN=Roboscan Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Roboscan Inc., L=Santa Clara, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
57550E3DACBF2AF4CBA0AB443B6373E0

File PE Metadata
Compilation timestamp:
11/19/2013 10:00:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:1ytxGGzauFUsCHO1SPXP+8O6+h5wogFO782SEmmevtuuz9LfY8oDPe7sXXPlyj/:4zFFUP+8a5wogFQSEmRvMU5hoD2Ctyj/

Entry address:
0x38000

Entry point:
90, 68, 05, C5, 45, 00, 58, 90, 90, BA, 24, 80, 43, 00, 68, 98, 05, 00, 00, 5F, 90, FF, 34, 3A, 31, 04, 24, 8F, 04, 3A, 83, EF, 03, 4F, 90, 90, 75, EF, 90, 90, ED, B8, 44, 00, 05, C5, 45, 00, 05, C5, 05, 00, 0D, 1A, 45, 00, 45, B4, 46, 00, DB, B2, 46, 00, 05, 75, 47, 00, 04, C5, 45, 00, 81, C5, 04, 00, DB, F0, 04, 00, F1, F0, 04, 00, 05, E5, 44, 00, D9, F0, 44, 00, F7, F0, 44, 00, 81, 2B, 45, 00, D9, F0, 44, 00, F7, F0, 44, 00, 05, C5, 45, 00, 05, C5, 45, 00, 05, C5, 45, 00, AD, C5, 04, 00, 05, C5, 45, 00...
 
[+]

Entropy:
7.6042

Code size:
58.5 KB (59,904 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Roboscan

Command:
"C:\Program Files\roboscan\roboscan\rslaunch.exe" \run


Remove rslaunch.exe - Powered by Reason Core Security