× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af752ff6d39db86248401c394528ff837ff0525256391f3f9c616a9d90631709
File name: launcher_service
Detection ratio: 0 / 56
Analysis date: 2015-07-19 02:06:42 UTC ( 3 years ago )
Antivirus Result Update
Ad-Aware 20150719
AegisLab 20150718
Yandex 20150717
AhnLab-V3 20150718
Alibaba 20150717
ALYac 20150719
Antiy-AVL 20150719
Arcabit 20150719
Avast 20150719
AVG 20150719
Avira (no cloud) 20150717
AVware 20150719
Baidu-International 20150718
BitDefender 20150719
Bkav 20150718
ByteHero 20150719
CAT-QuickHeal 20150717
ClamAV 20150717
Comodo 20150718
Cyren 20150719
DrWeb 20150719
Emsisoft 20150719
ESET-NOD32 20150718
F-Prot 20150719
F-Secure 20150718
Fortinet 20150719
GData 20150719
Ikarus 20150718
Jiangmin 20150718
K7AntiVirus 20150718
K7GW 20150718
Kaspersky 20150718
Kingsoft 20150719
Malwarebytes 20150718
McAfee 20150719
McAfee-GW-Edition 20150718
Microsoft 20150719
eScan 20150719
NANO-Antivirus 20150718
nProtect 20150717
Panda 20150718
Qihoo-360 20150719
Rising 20150718
Sophos AV 20150719
SUPERAntiSpyware 20150718
Symantec 20150719
Tencent 20150719
TheHacker 20150717
TotalDefense 20150718
TrendMicro 20150719
TrendMicro-HouseCall 20150719
VBA32 20150718
VIPRE 20150719
ViRobot 20150719
Zillya 20150718
Zoner 20150719
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2013 Comodo Security Solutions Inc.

Publisher Comodo Security Solutions
Product livePCsupport
Original name launcher_service.exe
Internal name launcher_service
File version 4.0
Description livePCsupport launcher system service
Signature verification Signed file, verified signature
Signing date 11:47 AM 1/30/2013
Signers
[+] Comodo Security Solutions
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 4/5/2012
Valid to 12:59 AM 4/6/2013
Valid usage Code Signing
Algorithm SHA1
Thumbprint E83EBEE4D57E514A34DC5E9F03C9FDA9FB30AAD5
Serial number 00 8C FA 72 2D 49 D8 E5 4E CC 8D 5F 5A 04 AC E9 A1
[+] COMODO Code Signing CA 2
Status Valid
Issuer None
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm SHA1
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] COMODO Time Stamping Signer
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/10/2010
Valid to 12:59 AM 5/11/2015
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 3DBB6DB5085C6DD5A1CA7F9CF84ECB1A3910CAC8
Serial number 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
[+] UTN-USERFirst-Object
Status Valid
Issuer None
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm SHA1
Thumbrint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] USERTrust
Status Valid
Issuer None
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-30 10:33:43
Entry Point 0x00002941
Number of sections 5
PE sections
Overlays
MD5 7b643bf11dd12f6302914c319aa4b352
File type data
Offset 64000
Size 6352
Entropy 7.39
PE imports
SetSecurityDescriptorDacl
DuplicateTokenEx
StartServiceW
OpenProcessToken
SetServiceStatus
EnumDependentServicesW
OpenServiceW
RegisterServiceCtrlHandlerW
OpenSCManagerW
InitializeSecurityDescriptor
QueryServiceStatusEx
AdjustTokenPrivileges
ControlService
StartServiceCtrlDispatcherW
SetTokenInformation
CloseServiceHandle
DeleteService
LookupPrivilegeValueW
CreateProcessAsUserW
CreateServiceW
CertFreeCertificateContext
CertCompareIntegerBlob
CryptVerifyMessageSignature
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
UnmapViewOfFile
LoadLibraryA
GetModuleFileNameW
VirtualAlloc
WaitForSingleObject
SetEvent
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetModuleFileNameA
Process32NextW
DeleteCriticalSection
GetCurrentProcess
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
OpenProcess
ProcessIdToSessionId
GetCommandLineW
LCMapStringA
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetProcAddress
GetStringTypeA
Process32FirstW
GetProcessHeap
CreateFileMappingW
GetCPInfo
MapViewOfFile
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
SetStdHandle
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
GetConsoleCP
CreateEventW
WriteConsoleA
SetHandleCount
IsValidCodePage
OutputDebugStringW
CreateFileW
VirtualFree
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
HeapCreate
WriteConsoleW
LeaveCriticalSection
CreateEnvironmentBlock
WinVerifyTrust
ImageEnumerateCertificates
ImageGetCertificateData
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ROMANIAN 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
22016

ImageVersion
0.0

ProductName
livePCsupport

FileVersionNumber
4.0.0.0

UninitializedDataSize
0

LanguageCode
Unknown (0009)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
9.0

FileTypeExtension
exe

OriginalFileName
launcher_service.exe

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
4.0

TimeStamp
2013:01:30 11:33:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
launcher_service

ProductVersion
4.0

FileDescription
livePCsupport launcher system service

OSVersion
5.0

FileOS
Win32

LegalCopyright
Copyright (C) 2013 Comodo Security Solutions Inc.

MachineType
Intel 386 or later, and compatibles

CompanyName
Comodo Security Solutions Inc.

CodeSize
40960

FileSubtype
0

ProductVersionNumber
4.0.0.0

EntryPoint
0x2941

ObjectFileType
Executable application

File identification
MD5 3a7c27f5880ce978487c5ff42a5d9080
SHA1 9afea6812fafbdbe96c2fb3b0bb8e556ddea2449
SHA256 af752ff6d39db86248401c394528ff837ff0525256391f3f9c616a9d90631709
ssdeep
1536:r/klb/6KL4fyEOraH0fUeICmu5568IhoHu:rklb/ZLzIRu55pTu

authentihash 58b06172e18100e427da79cb873d538ff025aeb19ff47820150edda926a188ce
imphash a97ac3c73692d32abc5852f0d486711c
File size 68.7 KB ( 70352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2015-06-19 08:42:34 UTC ( 3 years, 1 month ago )
Last submission 2015-06-19 08:42:34 UTC ( 3 years, 1 month ago )
File names launcher_service.exe
launcher_service.exe
launcher_service
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files