Gridinsoft Logo
File Icon

The EZLauncher(V2).exe File Analysis

Updated 2 months ago
Checked by Malaware Check
EZLauncher(V2).exe

Technical Analysis

File Name EZLauncher(V2).exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (console) x86-64, for MS Windows
SSDEEP Hash
196608:wROav3q3KRZu80eHnGa6d805XW+tW3EL+Er3j7tJHiVbPbNZ5rscmkkBS6sudNtM:Wv3qlReHnqPVW6W0L+UpIVnNgcbuB0T
Scanner Version 1.0.212.174
Database Version 2025-04-07 23:00:56 UTC

Suspicious File Detected

Detected by 12 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
17%
Detection Rate
15,063,744
File Size (bytes)
12/72
Engines Detected
2025-04-07
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
28a805c5a9f48d582c3d9c23ce22c6b8
SHA1
289ac4e0af3a0555046f31df163ccc5f43e8329c
SHA256
bb9c1a4fdb10cb63d4d4ab09298d2b0f42d47b577e4143a06223678172f7ce10
SHA512
505a945037baf25e48a5dd97983a66f30210e301b50e25929784094048783a218f49ca9ed9aea27cafa20a5cf96a3f8d6950331fd4fa288ba7d3b339434536e8
ImpHash
047bdd5ddba177ef2061fbd55fc2f22e

Security Engines with Detections (12 of 72)

Bkav
W64.AIDetectMalware Malicious
Elastic
malicious (high confidence) Malicious
Cylance
Unsafe Malicious
Sangfor
Trojan.Win32.Save.a Malicious
CrowdStrike
win/malicious_confidence_60% (W) Malicious
Symantec
ML.Attribute.HighConfidence Malicious
Antiy-AVL
RiskWare[Packed]/Win32.VMProtect.a Malicious
Microsoft
PUA:Win32/GameHack Malicious
McAfee
Artemis!28A805C5A9F4 Malicious
Malwarebytes
Trojan.MalPack.PES.Generic Malicious
MaxSecure
Trojan.Malware.328790061.susgen Malicious
DeepInstinct
MALICIOUS Malicious
60 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 4c18fb5744b4f5ddebf8bf09e448da39
Fuzzy: d74ea62985cc8a9514cb5859357ec55e
dHash: 6198cab2f8db9c8e
Image Base 0x140000000
Entry Point 0x140f57423
Compilation Time 2024-10-26 12:50:27
Checksum 0x00e64e36 (Actual: 0x00e64e36)
OS Version 6.0
PEiD Signatures PE32+ executable (console) x86-64, for MS Windows
Digital Signature Chain verification from EMAIL=ezteam.net, CN=EzTeam, OU=EzTeam, O=EzTeam, L=Brasil, ST=UF, C=BR (serial:538581287307250560057892318485206757197957949386, sha1:43caa99fd91dd0d2ee28b6ccf48aaff912b7f914) failed: The X.509 certificate provided is self-signed - "Email Address: ezteam.net, Common Name: EzTeam, Organizational Unit: EzTeam, Organization: EzTeam, Locality: Brasil, State/Province: UF, Country: BR"
Imports 23 libraries
Exports 0 functions
Resources 3 Resources
Sections 10 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 4,438,566 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.rdata 0x0043d000 1,538,428 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.data 0x005b5000 460,648 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.pdata 0x00626000 159,300 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.00cfg 0x0064d000 56 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.tls 0x0064e000 41 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.i}B 0x0064f000 8,090,150 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ D41D8CD98F00B204E9800998ECF8427E
.-FD 0x00e07000 5,448 bytes 5,632 bytes 0.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 304C6F149B4BA73CA577D21690A02D88
.aqF 0x00e09000 15,007,588 bytes 15,007,744 bytes 7.89 (Packed/Encrypted) IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5FBC4CD24EA466C9F5F68C4A4132FC87
.rsrc 0x01c59000 42,254 bytes 42,496 bytes 5.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 93851AEE2A5B43726689834BDA343C2C
Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 3 (41,994 bytes)
Resource Type Count Total Size Percentage
RT_ICON 1 41,640 bytes
99.2%
RT_GROUP_ICON 1 20 bytes
0%
RT_MANIFEST 1 334 bytes
0.8%

Certificate Chain Analysis

Certificate Information
Signing Date 07:03 PM 10/26/2024 (223 days ago)
Verification Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers EzTeam
Certificate Chain Summary
EzTeam #1 Primary
Validity Period: 2024-10-26 11:37:53 → 2025-10-26 11:37:53
Signature Algorithm: sha256RSA
Serial Number: 5E 56 D1 F7 B8 7D E5 88 9A B9 0A 05 5F 4A EA 26 CA 3D E7 CA
DigiCert Trusted Root G4 #2 Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #3 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Timestamp 2024 #4 Chain
Validity Period: 2024-09-26 00:00:00 → 2035-11-25 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 0B AE 66 BC 5A BA 7F 95 87 C6 F9 E9 04 E3 33 04

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from EMAIL=ezteam.net, CN=EzTeam, OU=EzTeam, O=EzTeam, L=Brasil, ST=UF, C=BR (serial:538581287307250560057892318485206757197957949386, sha1:43caa99fd91dd0d2ee28b6ccf48aaff912b7f914) failed: The X.509 certificate provided is self-signed - "Email Address: ezteam.net, Common Name: EzTeam, Organizational Unit: EzTeam, Organization: EzTeam, Locality: Brasil, State/Province: UF, Country: BR"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
12 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware