CMLauncher.exe Adware Agent Analysis
Technical Analysis
| File Name | CMLauncher.exe |
| File Type |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Scanner Version | 1.0.193.174 |
| Database Version | 2024-10-19 15:00:33 UTC |
Adware.Win32.Agent.cl
Malware family: Agent
Scan Another File
File Identification
| Hash Type | Value | Action |
|---|---|---|
| MD5 |
6eb5bd5c5c219d80cf35268b21141b7d
|
|
| SHA1 |
eb9eab739f70258c1c5078740836749f86d0433a
|
|
| SHA256 |
507bb3c962c233257999cb65352cec684b7dd611f689eca43c8db4452c84f596
|
|
| SHA512 |
9ede414f6bf8937065c44b75bf3139aac76bab3ba3e1006d25703d3469c07a87112e59c1b277adb1214790c61bdc93f566429b0de0653400d077834d46a3ae94
|
|
| ImpHash |
79fd65f332ce716896a6cf17170e092e
|
PE Analysis
Basic Information
▼| Icon |
Hash: 1fad46a22d2214ac75ed19f037a71821
Fuzzy: 6869e21d0cbc201e6acc930042b6135e dHash: e89c9ad5e5baccc8 |
| Image Base | 0x00400000 |
| Entry Point | 0x00914edd |
| Compilation Time | 2024-01-28 12:11:15 |
| Checksum | 0x00ec6db1 (Actual: 0x00ecbc06) |
| OS Version | 6.0 |
| PEiD Signatures |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| PDB Path | Z:\_SOURCE_CODE\ClientModLauncher\Launcher\Release\CMLauncher.pdb |
| Digital Signature | Chain verification from CN=ClientModGame (serial:126250232860106813693179804450808953640, sha1:b0ed53cd87f9e2bc51c6d202b7f6cfe2acdf953e) failed: The X.509 certificate provided is self-signed - "Common Name: ClientModGame" |
| Imports | 26 libraries |
| Exports | 3 functions |
| Resources | 16 Resources |
| Sections | 7 Sections |
Version Information
▼| LegalCopyright | ClientMod (C) 2024 |
| ProductName | ClientMod Launcher |
| ProductVersion | 1.4.5 |
| FileVersion | 1.4.5 |
| Translation | 0x0409 0x04b0 |
PE Sections
▼| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00010000 |
10,670,208 bytes | 10,670,592 bytes | 6.67 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
5D061AC4F369A0556A22E433135166C4 |
.rdata |
0x00a40000 |
3,509,638 bytes | 3,509,760 bytes | 6.67 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
419E91BE79539E03F4E007A3DEA276B4 |
.data |
0x00da0000 |
724,092 bytes | 590,848 bytes | 7.48 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
083BFA053CB765FCD5560DB05DFE93E2 |
.cdata |
0x00e60000 |
516 bytes | 1,024 bytes | 2.53 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
DCDA1710F7666849EBC25103CCEE15B5 |
_RDATA |
0x00e70000 |
9,736 bytes | 10,240 bytes | 6.08 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
5C2D75C9D32C819A368EE0E85FC4C392 |
.rsrc |
0x00e80000 |
206,712 bytes | 206,848 bytes | 5.37 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
2BB690F2BF7B5456D4BF2A81A92E92E9 |
.reloc |
0x00ec0000 |
482,356 bytes | 482,816 bytes | 6.59 (Compressed) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
72F8E3D9F4C449091EE5CFAA681B8AF7 |
Entropy Analysis Alert
4 section(s) with elevated entropy (≥6.5) - possible compression
Resource Analysis
▼| Resource Type | Count | Total Size | Percentage |
|---|---|---|---|
| RT_ICON | 12 | 204,064 bytes | |
| RT_GROUP_ICON | 2 | 180 bytes | |
| RT_VERSION | 1 | 460 bytes | |
| RT_MANIFEST | 1 | 1,079 bytes |
Certificate Chain Analysis
▼No Digital Signatures
This file is not digitally signed.
Security Implications:
- Cannot verify the publisher's identity
- Increased security risk when running this file
- May trigger security warnings on some systems
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
Certificate Verification Status
Chain verification from CN=ClientModGame (serial:126250232860106813693179804450808953640, sha1:b0ed53cd87f9e2bc51c6d202b7f6cfe2acdf953e) failed: The X.509 certificate provided is self-signed - "Common Name: ClientModGame"
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Adware.Win32.Agent.cl Removal
Gridinsoft has the capability to identify and eliminate Adware.Win32.Agent.cl without requiring further user intervention.
Download Anti-MalwareRemoval Instructions
Follow these steps to completely remove the threat from your system
-
1
Get Gridinsoft Anti-Malware — it's a quick 2 MB download that won't slow down your PC.
-
2
Run the installer gsam-en-install.exe. The setup takes about 2 minutes and doesn't require a restart.
-
3
The app launches right after installation. You'll see the main dashboard with the scan button front and center.
-
4
Hit "Standard Scan" — this checks all the spots where malware typically hides: temp folders, browser data, startup programs, and system directories.
-
5
Once the scan finds this threat, click "Clean Now". The removal usually happens instantly, though some stubborn infections may need a reboot.
-
6
If you see a restart prompt, go ahead and reboot. This clears any malware that was running in memory and ensures your system starts fresh.
Leave a Comment
Gridinsoft Anti-Malware
Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware
Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!
