home

CrewWorksLauncher.exe

CrewWorksLauncher

Dazone Tech Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CrewWorksMessenger’.
Publisher:
Dazone Tech Inc.  (signed and verified)

Product:
CrewWorksLauncher

Version:
1.0.0.0

MD5:
70f0c16c169ed0e7a286e150e006fc9a

SHA-1:
4e75eeecbc1084b518be7394a6f0c1f64b622382

SHA-256:
2185ad0a5af11e6f02b0bc5a170d959c11864768d0e0f25a6dbb888f13175656

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 7:36:18 AM UTC  (today)

File size:
75.1 KB (76,864 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2010

Original file name:
CrewWorksLauncher.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\crewmessenger8\crewworkslauncher.exe

Digital Signature
Signed by:
Dazone Tech Inc.

Authority:
Thawte, Inc.

Valid from:
12/24/2012 9:00:00 AM

Valid to:
2/23/2015 8:59:59 AM

Subject:
CN=Dazone Tech Inc., OU=EP Team, O=Dazone Tech Inc., L=Seocho-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
53C3F89C9C9B2C2E8E7909234622FDBC

File PE Metadata
Compilation timestamp:
5/16/2014 10:46:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:07FNqI6S1uJPtz5OvORu55Zm86pl5iBgNqI6S1uJPtz5H:O/QS1uhTR0Zm86j5iB8QS1uhH

Entry address:
0xE41E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4040

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
49.5 KB (50,688 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CrewWorksMessenger

Command:
"C:\Program Files\crewmessenger8\crewworkslauncher.exe" -boot


Scan CrewWorksLauncher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.