RGDayZ.Launcher.exe Trojan Heuristic Analysis

Updated 1 year ago

Checked by Malware Check

RGDayZ.Launcher.exe

Technical Analysis

File Name	RGDayZ.Launcher.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version	1.0.170.174
Database Version	2024-03-22 18:00:16 UTC

⚠

Trojan.Heur!.02252423

Malware family: Heuristic

Heuristic detection uses behavioral analysis and pattern recognition to identify potential threats without specific signatures. This proactive approach detects suspicious code behavior that may indicate malware presence. Detection may occasionally produce false positives when legitimate software exhibits similar behavioral patterns.

N/A

Detection Rate

72,138,752

File Size (bytes)

2024-03-22

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	17af6fa3ee8cd718188874a45d8631bd
SHA1	1dd3084723a2d88e5ca3ae1559c32c1e5f439e5c
SHA256	8f7c67189cee513352a1659774ed943e313eaf685bdbeb9b1b5df0ca3ed6e915
SHA512	a017e2a121c4b11870ff35e2934b189d14845d17f65d662cd78f4c50fdf30fbe78c9f05f732b0f3b029f172e15af2d1b04b8d74c219d89a6cb0713a646d747ec
ImpHash	ea953ca16b27673d66e2e92c07d8a1f3

PE Analysis

Basic Information

▼

Icon	Hash: 75d3c4724114ec2f5cc49ed6ac8cb66a Fuzzy: 2a2407e89da5af87f510742cbe4e6515 dHash: a20d96929696b2cc
Image Base	`0x140000000`
Entry Point	`0x1411ca774`
Compilation Time	2024-02-11 23:26:35
Checksum	0x00000000 (Actual: 0x044d520a)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	23 libraries
Exports	1133 functions
Resources	9 Resources
Sections	9 Sections

Version Information

▼

Translation	0x0000 0x04b0
CompanyName	RGDayZ
FileDescription	RGDayZ.Launcher
FileVersion	4.1.1.0
InternalName	RGDayZ.Launcher.dll
LegalCopyright
OriginalFilename	RGDayZ.Launcher.dll
ProductName	RGDayZ.Launcher
ProductVersion	4.1.1-release+1c4bde3d98c54debedc30d9c23978483ab973369
Assembly Version	4.1.1.0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	18,931,256 bytes	18,931,712 bytes	6.14 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`00B8264475AFCED7B849689540166130`
`.managed`	`0x0120f000`	23,263,960 bytes	23,264,256 bytes	6.54 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`CED82F268B7AC56BC2091EFC88F500B5`
`hydrated`	`0x0283f000`	13,713,192 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x03553000`	26,235,130 bytes	26,235,392 bytes	6.99 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`29A81ED8A37EE928FC3F43EFD53FAB35`
`.data`	`0x04e59000`	1,397,936 bytes	628,736 bytes	4.60 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`8FB19D971088EC96D0BD1F10347E752C`
`.pdata`	`0x04faf000`	2,853,324 bytes	2,853,376 bytes	7.11 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`A02BBD080776AFD070FFF64E0770F1FD`
`_RDATA`	`0x05268000`	500 bytes	512 bytes	4.48 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`49FB07C1324EEFE39D0E9825C7F6A15D`
`.rsrc`	`0x05269000`	107,846 bytes	108,032 bytes	3.88 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`A8B830AE08129FCDDCFF9AB8E5F0C508`
`.reloc`	`0x05284000`	115,616 bytes	115,712 bytes	5.49 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`7D88CDD852249218AC097DC43F83964E`

Entropy Analysis Alert

3 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 9 (107,298 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	6	105,054 bytes	97.9%
RT_GROUP_ICON	1	90 bytes	0.1%
RT_VERSION	1	848 bytes	0.8%
RT_MANIFEST	1	1,306 bytes	1.2%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Trojan.Heur!.02252423 Removal

Gridinsoft has the capability to identify and eliminate Trojan.Heur!.02252423 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

Start by downloading Gridinsoft Anti-Malware to your computer.
Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
Click on the "Standard Scan" button to begin scanning your computer for threats.
After the scanning process is finished, click on "Clean Now" to remove any detected threats.
If prompted, restart your system to complete the removal process and ensure all threats are eliminated.

Important: Before You Start

Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Community Comments (1)

Nikita Paramonov

Feb 19, 2024

I'm developer of this file, and it contains absolutely no malware functions. It's launcher for game, it uses access to files for installing game client and deletes old files, also it has access to Documents folder for some save settings. Also it can kill proccess of game

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1