» s4launcher.exe
Overview
Analysis
File Details
Downloads (4)

s4launcher.exe

Launcher by [Beatrice]

The executable s4launcher.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-10-c4-docs.googleusercontent.com and multiple other hosts.

File name:

s4launcher.exe

Product:

Launcher by [Beatrice]

Version:

1.0.0.0

MD5:

8950eea1ffe6a20c239692c47a623b44

SHA-1:

2db8a9f538bf52491c86584d85e0193b1527f3d8

SHA-256:

be4f53269f9297a6459b0710ffc78dcd351e8b7f0c015408ce899cda75168106

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

11/16/2024 12:55:46 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Malware/Win32.Generic

2015.11.16

Avira AntiVirus

TR/Dropper.MSIL.211057

8.3.2.2

Arcabit

Trojan.Generic.D2ABD65

1.0.0.593

avast!

Win32:Malware-gen

2014.9-160129

AVG

Pakes2_c

2017.0.2850

Baidu Antivirus

Trojan.Win32.Generik

4.0.3.16129

Bitdefender

Trojan.GenericKD.2800997

1.0.20.145

Bkav FE

HW32.Packed

1.3.0.7383

Emsisoft Anti-Malware

Trojan.GenericKD.2800997

8.16.01.29.10

ESET NOD32

MSIL/Injector.MIW (variant)

10.12571

Fortinet FortiGate

Generik.DNPGKMQ!tr

1/29/2016

F-Secure

Trojan.GenericKD.2800997

11.2016-29-01_6

G Data

Trojan.GenericKD.2800997

16.1.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.17858

Kaspersky

Trojan-Dropper.Win32.Injector

14.0.0.743

Malwarebytes

Trojan.Crypt.MSIL

v2016.01.29.10

McAfee

Fareit-FCA!8950EEA1FFE6

5600.6506

MicroWorld eScan

Trojan.GenericKD.2800997

17.0.0.87

NANO AntiVirus

Trojan.Win32.Injector.dxzdnd

0.30.26.4437

nProtect

Trojan.GenericKD.2800997

15.11.13.01

Panda Antivirus

Trj/CI.A

16.01.29.10

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Quick Heal

TrojanDropper.Injector.r5

1.16.14.00

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16127

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R00JC0PJM15

10.465.29

Vba32 AntiVirus

TScope.Trojan.MSIL

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

45228

File size:

592 KB (606,208 bytes)

Product version:

1.0.0.0

[Beatrice]

Original file name:

Launcher by Beatrice.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\s4launcher.exe

File PE Metadata

Compilation timestamp:

10/15/2015 8:32:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:JqVNdKhzbedEZlLrkPQBCI+DQhk4eO+EcJ2QAUoQvRyB:6Kcdcl0HEK4eO+5MORy

Entry address:

0x9C00A

Entry point:

FF, 25, 00, C0, 49, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

545.5 KB (558,592 bytes)

The file s4launcher.exe has been seen being distributed by the following 4 URLs.

https://doc-10-c4-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/1bqs28ap7r3gti6paoc9ig2badelton3/1459584000000/11454281257721874862/.../0B_bvKgEhg3O1VmZDWHgzNHloeVk?e=download

https://doc-10-c4-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ffblvrsore2gnp6on5ou9maa6uccpj59/1458669600000/11454281257721874862/.../0B_bvKgEhg3O1VmZDWHgzNHloeVk?e=download

https://doc-10-c4-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/nd08v26taalbfasiumlbk9l4vfuhsrqm/1456833600000/11454281257721874862/.../0B_bvKgEhg3O1VmZDWHgzNHloeVk?e=download

https://doc-10-c4-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/akrjpftvbaj2g14ds98d977ni47irjld/1453838400000/11454281257721874862/.../0B_bvKgEhg3O1VmZDWHgzNHloeVk?e=download

Remove s4launcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.