» vsweblaunch.exe
Overview
Analysis
File Details
Behaviors (1)

vsweblaunch.exe

Visage Imaging GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VisageAutoLaunch’.

File name:

vsweblaunch.exe

Publisher:

Visage Imaging GmbH (signed and verified)

MD5:

5d2a42dafafd3edfd170db458e7c2aa9

SHA-1:

e9e3b5140969631fa5a905d7a03a64c134d6e6a8

SHA-256:

36a4310086257f9d1823a1e7c8710c86fcea577fbb7ea2b88b7a88312a8baade

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 12:31:16 AM UTC (today)

File size:

101.5 KB (103,944 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\visage imaging\visagecs-7.0\bin\arch-win32vc8-optimize\vsweblaunch.exe

Digital Signature

Signed by:

Visage Imaging GmbH

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

10/8/2009 7:00:00 PM

Valid to:

10/9/2011 6:59:59 PM

Subject:

CN=Visage Imaging GmbH, OU=Secure Application Development, O=Visage Imaging GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

25D08528F2CC31A75C5A368B1654BA01

File PE Metadata

Compilation timestamp:

7/7/2011 4:37:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:VqdnZxjsLAN+NLnLNQFlHPnvOF9a8c4iqvjawaROTcaoPnJ:VUNEQFlHPnvOF9a8ShROAaoR

Entry address:

0x80D3

Entry point:

E8, 3C, 04, 00, 00, E9, 9E, FD, FF, FF, CC, FF, 25, F0, A0, 40, 00, FF, 25, EC, A0, 40, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, E2, 85, 40, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 9A, 00, 00, 00, F6, C3, 01, 74, 07, 57, E8, 1F, 00, 00, 00, 59, 8B, C7, 5F, EB, 13, E8, C2, 04, 00, 00, F6, C3, 01, 74, 07, 56, E8, 09, 00, 00, 00, 59, 8B, C6, 5E, 5B, C2, 04, 00, CC, FF, 25, E8, A0, 40, 00, FF, 25, E4, A0, 40, 00, FF, 25, E0, A0, 40, 00, 6A, 14, 68, B8, 1B, 41, 00, E8, 1A, 03, 00, 00, 83... 
[+]

Entropy:

6.2384

Code size:

36 KB (36,864 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

VisageAutoLaunch

Command:

"C:\Program Files\visage imaging\visagecs-7.0\bin\arch-win32vc8-optimize\vsweblaunch.exe"

Scan vsweblaunch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.