Gridinsoft Logo
File Icon

The kLauncher.exe (kLauncher) File Analysis

Updated 1 month ago
Checked by Malaware Check
kLauncher.exe

Technical Analysis

File Name kLauncher.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
98304:QiKWLf5Y/wC71hWXGV77cCAdo3g2N1g5GX2vy4g/7L+eEdeAs:/Lf5y1hkGh7cvgg2NwJqb7L+bdLs
Scanner Version 1.0.214.174
Database Version 2025-04-18 19:00:20 UTC

Suspicious File Detected

Detected by 14 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
19%
Detection Rate
11,756,872
File Size (bytes)
14/72
Engines Detected
2025-04-18
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
097d3ccb4e37677d4c68db6b89bad17e
SHA1
e39d6817a264c744d679c673e4bbcc49c69d3c8b
SHA256
882f793980a90e1c1a85e174d55a9e659479a95749ded6cbe81bc2b5b7560040
SHA512
981fcd51c25d3b345055adc231cb2b13a840ea6e66d2e8b1570aeaea23fb3e91ae5eeb00e6376bac7ea481f535c812161c5e9fb635be947512b6b8ee45bb349d
ImpHash
1aae8bf580c846f39c71c05898e57e88

Security Engines with Detections (14 of 72)

AVG
Win32:MalwareX-gen [Drp] Malicious
Cylance
Unsafe Malicious
K7AntiVirus
Trojan ( 005720591 ) Malicious
K7GW
Trojan ( 005720591 ) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Avast
Win32:MalwareX-gen [Drp] Malicious
McAfeeD
ti!882F793980A9 Malicious
Ikarus
Trojan-Dropper.WinGo.Agent Malicious
GData
Win32.Trojan.Agent.LQ7RJN Malicious
Google
Detected Malicious
McAfee
Artemis!097D3CCB4E37 Malicious
Fortinet
W32/Agent_AGen.AD!tr Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
Trojan[dropper]:Multi/Agent_AGen.AF Malicious
58 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 08d61819889ad8875a214514af129d55
Fuzzy: c4dea4e93258f2170b51a9c4015ab0a9
dHash: 31f8cce0c08cf071
Image Base 0x00400000
Entry Point 0x0047db40
Compilation Time 1970-01-01 00:00:00
Checksum 0x00b3ea91 (Actual: 0x00b3ea91)
OS Version 6.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {'time_stamping'} are not present
Imports 1 libraries
kernel32
Exports 0 functions
Resources 4 Resources
Sections 7 Sections

Version Information

CompanyName kLauncher, Inc.
FileDescription kLauncher
FileVersion 4.1.0
InternalName kLauncher
LegalCopyright Copyright (C) kLauncher
OriginalFilename kLauncher.exe
ProductName kLauncher
ProductVersion 4.1.0
Translation 0x0412 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 4,923,717 bytes 4,923,904 bytes 6.05 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 01FBCE9DA13DB94E1A59CF0CA55FAC47
.rdata 0x004b4000 5,982,292 bytes 5,982,720 bytes 6.21 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2F8C90393E2B704A9ACE8FC3E05D16FD
.data 0x00a69000 564,172 bytes 363,520 bytes 6.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE ED0FAA207E70F86A2F500F8C9050F008
.idata 0x00af3000 1,100 bytes 1,536 bytes 3.87 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4F3BD27A41D1BCE08F07BBB22FA2B2A7
.reloc 0x00af4000 249,808 bytes 249,856 bytes 6.62 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 02BC00069F4E0C677235F6DF1DB9EC74
.symtab 0x00b31000 4 bytes 512 bytes 0.02 (Normal) IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 07B5472D347D42780469FB2654B7FC54
.rsrc 0x00b32000 222,768 bytes 223,232 bytes 4.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3456F09CD0C50C4CAC2EAB0DA531A8E1
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 4 (222,453 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 221,224 bytes
99.4%
RT_GROUP_ICON 1 20 bytes
0%
RT_VERSION 1 692 bytes
0.3%
RT_MANIFEST 1 517 bytes
0.2%

Certificate Chain Analysis

Certificate Information
Product kLauncher
Description kLauncher
File Version 4.1.0
Original Name kLauncher.exe
Signing Date 11:08 AM 04/07/2025 (61 days ago)
Verification Status Signed
Signers KI HWAN HAN; Certum Code Signing 2021 CA; Certum Trusted Network CA 2; Certum Trusted Network CA
Counter Signers Certum Timestamp 2025; Certum Timestamping 2021 CA; Certum Trusted Network CA 2; Certum Trusted Network CA
Internal Name kLauncher
Copyright Copyright (C) kLauncher
Certificate Chain Summary
Certum Code Signing 2021 CA #1 Primary
Validity Period: 2021-05-19 05:32:18 → 2036-05-18 05:32:18
Signature Algorithm: sha384RSA
Serial Number: 99 A3 80 0A 26 55 3B 65 AB DC 6E 84 A6 B3 EA 39
KI HWAN HAN #2 Chain
Validity Period: 2024-05-28 10:47:39 → 2025-05-28 10:47:38
Signature Algorithm: sha256RSA
Serial Number: 76 2D 20 0A 62 CB 23 C4 4E 09 DE 01 94 4F 16 47
Certum Timestamp 2025 #3 Chain
Validity Period: 2025-01-09 08:40:43 → 2036-01-07 08:40:43
Signature Algorithm: sha384RSA
Serial Number: 9E 9C 04 F6 55 A8 B4 A7 02 6D 49 8C 6C 78 8D AA
Certum Timestamping 2021 CA #4 Chain
Validity Period: 2021-05-19 05:32:07 → 2036-05-18 05:32:07
Signature Algorithm: sha384RSA
Serial Number: E7 FF 69 C7 3B 35 CE 4B 91 26 D8 74 7C 68 A5 87
Certum Trusted Network CA 2 #5 Chain
Validity Period: 2021-05-31 06:43:06 → 2029-09-17 06:43:06
Signature Algorithm: sha384RSA
Serial Number: 1B B5 8F 25 2A DF 23 00 49 28 C9 AE 3D 7E ED 27

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

An error occurred while validating the countersignature: The root Certum Trusted Network CA 2 lists its extended key usages, but {'time_stamping'} are not present

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
14 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware