Gridinsoft Logo
File Icon

The RO-exec_Launcher.exe (RO-exec) File Analysis

Updated 1 year ago
Checked by Malware Check
RO-exec_Launcher.exe

Technical Analysis

File Name RO-exec_Launcher.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows
SSDEEP Hash
49152:uIYdMYohOojDmYf2r3klp0S++a3t99BDwlrFevdd39BRIbD8M:u2POo72b1SBw9crF6n3ZI
Scanner Version 1.0.171.174
Database Version 2024-04-06 17:00:23 UTC

Suspicious File Detected

Detected by 49 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
69%
Detection Rate
2,456,624
File Size (bytes)
49/71
Engines Detected
2024-04-06
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
ee091b0aff43b9506fbc384642f44275
SHA1
1f0328c27b1dcbc3bc726ab5a2fa7cafc89c0ac5
SHA256
b1b4c0259825fa79fe6176502cd6900ec7411687981f8e5d9738edbd83fd9dca
SHA512
06ca311ea0db212ffeb834bd703a5e545ff69e196f7973f108248361f253d91342b431fa895b516bf54fd15c91eebcd2a4a4132560bfd2ec05310cd8217c2e00
ImpHash
2e5467cba76f44a088d39f78c5e807b6

Security Engines with Detections (49 of 71)

Bkav
W32.AIDetectMalware Malicious
Lionic
Trojan.Win32.Redcap.4!c Malicious
AVG
Win32:TrojanX-gen [Trj] Malicious
Elastic
malicious (high confidence) Malicious
MicroWorld-eScan
Trojan.GenericKD.71865562 Malicious
FireEye
Generic.mg.ee091b0aff43b950 Malicious
CAT-QuickHeal
Trojan.Agent Malicious
Skyhigh
Artemis!Trojan Malicious
McAfee
Artemis!EE091B0AFF43 Malicious
Cylance
unsafe Malicious
Zillya
Trojan.Agent.Win32.3905627 Malicious
Sangfor
Trojan.Win32.Agent.V8h0 Malicious
K7AntiVirus
Trojan ( 0055efd41 ) Malicious
Alibaba
Trojan:Win32/Redcap.b10c848b Malicious
K7GW
Trojan ( 0055efd41 ) Malicious
BitDefenderTheta
Gen:NN.ZexaE.36802.vA2@aebkXQd Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
a variant of Generik.FCTDOSN Malicious
APEX
Malicious Malicious
Kaspersky
HEUR:Trojan.Win32.Agent.gen Malicious
BitDefender
Trojan.GenericKD.71865562 Malicious
Avast
Win32:TrojanX-gen [Trj] Malicious
Sophos
Mal/Generic-S Malicious
F-Secure
Trojan.TR/Redcap.rgtjr Malicious
VIPRE
Trojan.GenericKD.71865562 Malicious
TrendMicro
TROJ_GEN.R014C0DCC24 Malicious
Trapmine
malicious.high.ml.score Malicious
Emsisoft
Trojan.GenericKD.71865562 (B) Malicious
Ikarus
Win32.Infector Malicious
GData
Trojan.GenericKD.71865562 Malicious
Varist
W32/ABRisk.VOTK-6751 Malicious
Avira
TR/Redcap.rgtjr Malicious
Antiy-AVL
Trojan/Win32.Agent Malicious
Arcabit
Trojan.Generic.D44894DA Malicious
ZoneAlarm
HEUR:Trojan.Win32.Agent.gen Malicious
Microsoft
Trojan:Win32/Acll Malicious
Google
Detected Malicious
VBA32
BScope.Trojan.DOTHETUK Malicious
ALYac
Trojan.GenericKD.71865562 Malicious
MAX
malware (ai score=87) Malicious
Malwarebytes
Trojan.Packed Malicious
Panda
Trj/Chgt.AD Malicious
TrendMicro-HouseCall
TROJ_GEN.R014C0DCC24 Malicious
Rising
Trojan.Agent!8.B1E (CLOUD) Malicious
SentinelOne
Static AI - Suspicious PE Malicious
Fortinet
W32/PossibleThreat Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/malicious_confidence_100% (W) Malicious
alibabacloud
Trojan:Win/Acll Malicious
22 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 0760a0b3f4e7182ee8f84047b35d50c1
Fuzzy: 3b5d3c7d207e37dceeedd301e35e2e58
dHash: 0000000000000000
Image Base 0x00400000
Entry Point 0x00da7390
Compilation Time 2024-03-05 13:16:39
Checksum 0x00000000 (Actual: 0x0026769b)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The expected hash does not match the digest in SpcInfo
Imports 8 libraries
kernel32, user32, advapi32, oleaut32, gdi32, shell32, version, mscoree
Exports 0 functions
Resources 4 Resources
Sections 6 Sections

Version Information

Translation 0x0000 0x04b0
Comments RO-exec
FileDescription RO-exec
FileVersion 2,0,0,0
InternalName RO-exec_Launcher.exe
LegalCopyright
OriginalFilename RO-exec_Launcher.exe
ProductName RO-exec
ProductVersion 2,0,0,0
Assembly Version 0.0.0.0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00002000 8,192 bytes 2,048 bytes 7.87 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 03C8AE776F575923710E9A7B548153F6
0x00004000 8,192 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
0x00006000 8,192 bytes 512 bytes 0.33 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE B561A46F697645787215821C379A93A9
.rsrc 0x00008000 8,192 bytes 4,608 bytes 6.79 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 86D3F0BFF3B67918C8DBDCAB4979EDD1
0x0000a000 7,872,512 bytes 206,848 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5C38682F216629568E61E915E65878C7
.data 0x0078c000 2,220,032 bytes 2,214,912 bytes 7.98 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 21EC03367EAFEFC46D4A7F2A3A2AFC62
Entropy Analysis Alert

3 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 4 (4,119 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 2,703 bytes
65.6%
RT_GROUP_ICON 1 20 bytes
0.5%
RT_VERSION 1 720 bytes
17.5%
RT_MANIFEST 1 676 bytes
16.4%

Certificate Chain Analysis

Certificate Information
Product RO-exec
Description RO-exec
File Version 2,0,0,0
Original Name RO-exec_Launcher.exe
Signing Date 02:10 AM 01/10/2024 (523 days ago)
Verification Status The digital signature of the object did not verify.
Signers Google LLC; DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1; DigiCert Trusted Root G4; DigiCert
Counter Signers DigiCert Timestamp 2023; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Internal Name RO-exec_Launcher.exe
Certificate Chain Summary
tg167AB64 #1 Primary
Validity Period: 2023-08-16 14:02:02 → 2033-08-15 14:02:02
Signature Algorithm: sha256RSA
Serial Number: 59 16 35 67 44 C1 33 24 B4 C7 33 6E 62 D2 15 F7 A9 7B CC A2
Enigma Protector CA #2 Chain
Validity Period: 2019-02-05 16:34:15 → 2039-02-05 16:34:15
Signature Algorithm: sha256RSA
Serial Number: 2C ED 5C 2C 5D B4 B7 06 CF DF 0F 49 77 45 62 80 4F DC 00 C7
DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 #3 Chain
Validity Period: 2021-04-29 00:00:00 → 2036-04-28 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 08 AD 40 B2 60 D2 9C 4C 9F 5E CD A9 BD 93 AE D9
Google LLC #4 Chain
Validity Period: 2021-07-02 00:00:00 → 2024-07-10 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0E 44 18 E2 DE DE 36 DD 29 74 C3 44 3A FB 5C E5
Dummy certificate #5 Chain
Validity Period: 2013-01-01 10:00:00 → 2013-04-01 10:00:00
Signature Algorithm: sha1RSA
Serial Number: 01
DigiCert Timestamp 2023 #6 Chain
Validity Period: 2023-07-14 00:00:00 → 2034-10-13 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 05 44 AF F3 94 9D 08 39 A6 BF DB 3F 5F E5 61 16
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #7 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Trusted Root G4 #8 Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

The expected hash does not match the digest in SpcInfo

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
49 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware