home

myroom_f5so-fcfpsl1.exe

Launch35

Hewlett-Packard Company

Publisher:
Hewlett-Packard Company  (signed and verified)

Product:
Launch35

Version:
10.3.0.9015

MD5:
bf62835b4bc945b20a6c11b70e062e0e

SHA-1:
614493134ed914f5c800d46f4ceb6c1517e4035c

SHA-256:
15a13df5f95c2d235a0ff34bb2a778855e8c55a44cb71f18a5f2a0436d1aeb5c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 1:44:06 PM UTC  (today)

File size:
40.9 KB (41,920 bytes)

Product version:
10.3.0.9015

Copyright:
Copyright © 2012

Original file name:
Launch.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\myroom_f5so-fcfpsl1.exe

Digital Signature
Signed by:
Hewlett-Packard Company

Authority:
COMODO CA Limited

Valid from:
4/29/2015 7:00:00 PM

Valid to:
4/29/2016 6:59:59 PM

Subject:
CN=Hewlett-Packard Company, OU=HP Cyber Security, O=Hewlett-Packard Company, STREET=3000 Hanover Street, L=Palo Alto, S=CA, PostalCode=94304, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
50F7DCBC28D3D606376CA95DF9523B3B

File PE Metadata
Compilation timestamp:
9/2/2015 7:03:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:FfX66i8nZBeVBm69XflyWzOAsEBFrixgTsg:Fy6i8nZUVBjl8WiVELriusg

Entry address:
0x99BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1656

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
30.5 KB (31,232 bytes)

The file myroom_f5so-fcfpsl1.exe has been seen being distributed by the following 19 URLs.

https://www.myroom.hp.com/attend/.../v36klfm35z9r

https://www.myroom.hp.com/attend/.../zgb48h7xa3ov

https://www.myroom.hp.com/Attend/.../2fy54biy9y15

https://www.myroom.hp.com/attend/.../debfqdf3r1ul

https://www.myroom.hp.com/attend/.../suraxtbzm5k5

https://www.myroom.hp.com/Attend/.../b5oxprjwbh4t

https://www.myroom.hp.com/attend/.../mo74o4vkm-0f

https://www.myroom.hp.com/Attend/.../rrz5mbt2ecyi

https://www.myroom.hp.com/attend/.../4fdpl7ug9ria

https://www.myroom.hp.com/attend/.../erqp31pi5yom

https://www.myroom.hp.com/attend/.../grudbtwivdpr

https://www.myroom.hp.com/Attend/.../ilpkc46o-kbf

https://www.myroom.hp.com/attend/.../e0a1xtx8el8p

https://www.myroom.hp.com/Attend/.../z1ry040r48-4

https://www.myroom.hp.com/attend/.../4p1u4p54l-3u

https://myroom.hp.com/Attend/.../df2j6zh2z-ab

https://myroom.hp.com/Attend/.../ydmjlcfjzl7a

https://www.myroom.hp.com/attend/.../fbg3-648cihd

https://www.myroom.hp.com/Attend/.../k02q65hps08t

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.