× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ce0a7fb85f97373b83ca46a0bfced0bb386a948f30721d8940f47f63e561e8a
File name: launchdrive.exe
Detection ratio: 44 / 56
Analysis date: 2015-05-18 16:17:38 UTC ( 3 years, 11 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.5821 20150518
Yandex Trojan.Graftor!BLAe09Q6LAM 20150518
AhnLab-V3 Worm/Win32.AutoRun 20150518
ALYac Gen:Variant.Zusy.5821 20150518
Antiy-AVL Trojan/Win32.Scar 20150518
Avast Win32:AutoRun-CKA [Trj] 20150518
AVG Luhe.Fiha.A 20150518
AVware Trojan.Win32.Generic!BT 20150518
Baidu-International Trojan.Win32.Scar.gbjx 20150518
BitDefender Gen:Variant.Zusy.5821 20150518
Bkav W32.TaskhostLnrA.Worm 20150518
CAT-QuickHeal Worm.Colowned.A 20150518
Comodo UnclassifiedMalware 20150518
Cyren W32/A-e6044b83!Eldorado 20150518
DrWeb Win32.HLLW.Autoruner2.17331 20150518
Emsisoft Gen:Variant.Zusy.5821 (B) 20150518
ESET-NOD32 Win32/AutoRun.Agent.ABJ 20150518
F-Prot W32/A-e6044b83!Eldorado 20150517
F-Secure Gen:Variant.Zusy.5821 20150518
Fortinet W32/AutoRun!tr 20150518
GData Gen:Variant.Zusy.5821 20150518
Ikarus possible-Threat.Hacktool.KMS 20150518
K7AntiVirus Riskware ( 0040eff71 ) 20150518
K7GW Riskware ( 0040eff71 ) 20150518
Kaspersky UDS:DangerousObject.Multi.Generic 20150518
Kingsoft Worm.Autorun.(kcloud) 20150518
Malwarebytes Worm.AutoRun 20150518
McAfee W32/Autorun.worm.ho 20150518
McAfee-GW-Edition W32/Autorun.worm.ho 20150517
Microsoft Worm:Win32/Colowned.A 20150518
eScan Gen:Variant.Zusy.5821 20150518
NANO-Antivirus Trojan.Win32.Scar.rvypq 20150518
Norman AutoRun.BTCG 20150518
nProtect Trojan/W32.Agent.3254789 20150518
Panda Generic Malware 20150518
Qihoo-360 Malware.Radar01.Gen 20150518
Sophos AV Windows 7 Loader 20150518
SUPERAntiSpyware Trojan.Agent/Gen-Dapato 20150516
Symantec W32.Colowned.A 20150518
Tencent Win32.Trojan.Scar.Wkvv 20150518
TrendMicro WORM_COLOWNED.AO 20150518
TrendMicro-HouseCall WORM_COLOWNED.AO 20150518
VBA32 Trojan.Scar 20150517
VIPRE Trojan.Win32.Generic!BT 20150518
AegisLab 20150518
Alibaba 20150518
ByteHero 20150518
ClamAV 20150518
CMC 20150518
Jiangmin 20150516
Rising 20150518
TheHacker 20150518
TotalDefense 20150518
ViRobot 20150518
Zillya 20150515
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-31 16:53:19
Entry Point 0x00167C1A
Number of sections 4
PE sections
Overlays
MD5 87c406774172394148d24d2fee7c8de3
File type data
Offset 2064384
Size 1190405
Entropy 6.06
PE imports
RegDeleteKeyA
SetServiceStatus
RegCloseKey
StartServiceCtrlDispatcherA
RegSetValueExW
RegQueryValueExA
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExW
ImageList_Create
Ord(17)
InitCommonControlsEx
ImageList_Destroy
ImageList_Add
GetEnhMetaFileA
GetTextMetricsW
Polygon
GetSystemPaletteEntries
CreateMetaFileA
GetTextExtentPoint32W
EnumFontsW
SetMapMode
CreateFontIndirectA
GetTextMetricsA
CombineRgn
SetStretchBltMode
StretchBlt
DeleteEnhMetaFile
EnumFontsA
GetPixel
CreateDCA
Rectangle
CreateMetaFileW
GetObjectA
EnumEnhMetaFile
TranslateCharsetInfo
EnumFontFamiliesExA
DeleteDC
SetBkMode
CreateBitmap
CreateFontW
EndDoc
GetMetaFileA
SelectObject
StartPage
DeleteObject
SetDIBitsToDevice
CreateDIBSection
RealizePalette
SetTextColor
CreatePatternBrush
StartDocA
CreateEnhMetaFileW
BitBlt
SetAbortProc
ExcludeClipRect
CreatePen
CreateICA
MoveToEx
CreatePalette
EnumFontFamiliesExW
CreateDIBitmap
SetViewportOrgEx
SelectPalette
LineTo
GetDIBits
CreateEnhMetaFileA
SetTextAlign
SelectClipRgn
RoundRect
GetFontLanguageInfo
StretchDIBits
CreateCompatibleDC
CloseEnhMetaFile
SetBrushOrgEx
EndPage
CreateRectRgn
GetClipRgn
GetTextExtentPoint32A
GetDeviceCaps
CreateCompatibleBitmap
CloseMetaFile
GetEnhMetaFileHeader
CreateBrushIndirect
CreateSolidBrush
SetViewportExtEx
GetStockObject
SetPixelV
SetWindowExtEx
CreateFontA
Ellipse
DeleteMetaFile
GetStdHandle
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
CompareFileTime
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
_llseek
GetLogicalDrives
FreeEnvironmentStringsW
SetCommTimeouts
GetLocaleInfoW
SetStdHandle
GetCommModemStatus
IsDBCSLeadByteEx
GetTempPathA
GetCPInfo
GetOverlappedResult
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
MoveFileA
GetLogicalDriveStringsA
GetEnvironmentVariableA
LoadResource
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
GetStringTypeExA
OutputDebugStringA
GetEnvironmentVariableW
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
CopyFileA
ExitProcess
GetVersionExA
RemoveDirectoryA
QueryPerformanceFrequency
GetUserDefaultLCID
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
GetModuleHandleA
_lclose
SetEnvironmentVariableW
GetSystemDirectoryW
SetUnhandledExceptionFilter
MulDiv
ClearCommError
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
GetCommState
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
WriteConsoleW
CloseHandle
HeapFree
EnterCriticalSection
SetCommBreak
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GlobalSize
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCommProperties
CreateDirectoryW
DeleteFileW
GlobalLock
_lread
GetProcessHeap
GetTempFileNameW
CompareStringW
GlobalReAlloc
GetModuleFileNameW
ExpandEnvironmentStringsW
FindFirstFileA
GlobalFree
lstrcpyA
ResetEvent
GetTempFileNameA
FindNextFileA
GetProcAddress
EscapeCommFunction
GetTimeZoneInformation
SetCommState
CreateFileW
CreateEventA
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
GetFileTime
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
GetShortPathNameA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
ClearCommBreak
HeapSize
GetCommandLineA
RaiseException
CompareStringA
TlsFree
SetFilePointer
ReadFile
FindNextFileW
GetACP
GetModuleHandleW
GetVersion
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
GetTimeFormatA
SysFreeString
OleLoadPicturePath
OleCreatePictureIndirect
SysAllocString
DragQueryFileW
ShellExecuteW
SHBrowseForFolderA
DragFinish
DragAcceptFiles
Shell_NotifyIconW
DragQueryFileA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
Shell_NotifyIconA
RedrawWindow
GetForegroundWindow
CharLowerBuffA
DestroyMenu
GetMessagePos
SetWindowPos
SetTimer
DispatchMessageA
EndPaint
VkKeyScanA
CharUpperBuffA
WindowFromPoint
DrawIcon
GetMessageTime
SetMenuItemInfoW
DispatchMessageW
GetCursorPos
DrawTextA
GetMenuStringW
GetClassInfoA
GetMenu
IsClipboardFormatAvailable
DefFrameProcA
GetClassInfoW
DefWindowProcW
DrawTextW
SetScrollPos
GetWindowTextLengthA
GetSysColor
ClientToScreen
GetActiveWindow
ShowCursor
OpenClipboard
GetWindowTextW
LoadImageA
GetTopWindow
GetWindowTextA
InvalidateRgn
GetMenuItemID
DestroyWindow
DrawEdge
GetParent
UpdateWindow
SetPropA
EnumWindows
GetMenuState
GetMessageW
ShowWindow
DrawFrameControl
CreateIconFromResourceEx
PeekMessageW
TranslateMDISysAccel
EnableWindow
PeekMessageA
TranslateMessage
GetAsyncKeyState
GetWindow
RegisterClassW
CreateCursor
GetIconInfo
SetParent
SetClipboardData
ScrollWindow
IsZoomed
SetWindowLongW
DrawMenuBar
IsIconic
RegisterClassA
WindowFromDC
DrawFocusRect
CreateMenu
FillRect
CopyRect
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetSubMenu
DragDetect
SetFocus
MapVirtualKeyA
GetMessageA
PostMessageA
BeginPaint
OffsetRect
DefMDIChildProcW
GetScrollPos
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetClipboardData
GetSystemMetrics
EnableMenuItem
SetScrollRange
GetWindowRect
InflateRect
InvertRect
SetCapture
ReleaseCapture
EnumChildWindows
SetWindowLongA
InvalidateRect
RemovePropA
CreatePopupMenu
CheckMenuItem
ChildWindowFromPointEx
GetWindowLongA
DrawIconEx
SetWindowTextW
CreateWindowExA
BringWindowToTop
FindWindowW
ScreenToClient
InsertMenuA
LoadCursorA
LoadIconA
TrackPopupMenu
SendMessageA
GetMenuItemCount
ValidateRect
CreateIconFromResource
GetSystemMenu
GetDC
InsertMenuW
SetForegroundWindow
GetMenuItemInfoW
EmptyClipboard
ReleaseDC
GetScrollRange
GetScrollInfo
CreateIconIndirect
FindWindowA
MessageBeep
MessageBoxW
SendMessageW
GetPropA
SetMenu
RegisterClipboardFormatA
MoveWindow
LoadCursorFromFileA
GetMenuStringA
MessageBoxA
GetWindowDC
DestroyCursor
MsgWaitForMultipleObjectsEx
SetScrollInfo
GetKeyState
SystemParametersInfoA
GetDoubleClickTime
DestroyIcon
CreateMDIWindowW
GetKeyNameTextA
DefFrameProcW
IsWindowVisible
DefMDIChildProcA
CreateMDIWindowA
FrameRect
SetRect
DeleteMenu
GetKeyNameTextW
wsprintfA
CallWindowProcW
SetWindowTextA
TranslateAcceleratorA
AdjustWindowRect
GetClientRect
CallWindowProcA
GetClassNameA
GetFocus
CloseClipboard
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
midiOutShortMsg
mciSendStringA
mciSendStringW
midiOutOpen
midiOutClose
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
PageSetupDlgA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetAdaptersInfo
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
RegisterDragDrop
CoCreateInstance
CLSIDFromProgID
DoDragDrop
RevokeDragDrop
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
Number of PE resources by type
RT_ICON 6
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_MANIFEST 1
PICKLE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.0.106

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
512000

FileOS
Win32

EntryPoint
0x167c1a

MIMEType
application/octet-stream

FileVersion
1.0.0.106

TimeStamp
2007:10:31 17:53:19+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

Release
Development

OSVersion
4.0

OriginalFilename
app.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1548288

FileSubtype
0

ProductVersionNumber
1.0.0.106

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 612fda8d24335a95bdded0213c4c6247
SHA1 dd8238d59d1ea8ac3fa0791d554c4c9ddc176e4f
SHA256 7ce0a7fb85f97373b83ca46a0bfced0bb386a948f30721d8940f47f63e561e8a
ssdeep
49152:ohPg95YC1yRr5R+jzA66ymAu1Rx48D9d5VGoemcCHa4kFhEv+09uum4uWV355FXh:8gXt1yRr8zA6POQkapFhEv+09uh

authentihash b62161e4fae9d156573797642df62fa8ccc1b6c899c58a7e26f2f6632b68012b
imphash 2f0c4c4e9ccdddc0a6945805c33623df
File size 3.1 MB ( 3254789 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.3%)
Win32 Executable MS Visual C++ (generic) (35.5%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-05-09 06:16:40 UTC ( 6 years, 11 months ago )
Last submission 2014-09-15 11:11:15 UTC ( 4 years, 7 months ago )
File names LSASVC.exe
52D04531A3772534_9e7fb74c_00000000_Silent.Run_svcath.exe.##
LaunchDrive.exe
file-3918124_##
launchdrive.exe
lsasvc.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications