home

wkvbgqc.exe

GameLaunch.exe

Suzhen Zhou

It runs as a windows Service named “Cdqokg govweseu”.
Publisher:
Sunward Information Technology Co.Ltd  (signed by Suzhen Zhou)

Product:
GameLaunch.exe

Description:
GameLaunch 应用程序

Version:
2014,07,15,01

MD5:
307580fa4faf0604debcb6ae21bdab96

SHA-1:
54e4bfffce4bd1bd4249fac3efc6ebace35400c1

SHA-256:
168f475ab00fb0a71c2245ec1dc1f5b0686b768c06a2487a758e20323b972214

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 10:04:57 PM UTC  (today)

File size:
100.1 MB (104,994,496 bytes)

Product version:
1, 0, 0, 2

Copyright:
Sunward Information Technology Co.Ltd

Original file name:
GameLaunch.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\windows bojqmi\wkvbgqc.exe

Digital Signature
Signed by:
Suzhen Zhou

Authority:
VeriSign, Inc.

Valid from:
10/18/2012 7:00:00 AM

Valid to:
10/19/2015 6:59:59 AM

Subject:
CN=Suzhen Zhou, OU=Individual Developer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=No Organization Affiliation, L=Wuhan, S=Hubei, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
13A691B148E6D8D0891F888E6605E0DD

File PE Metadata
Compilation timestamp:
11/21/2013 12:13:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:7vOeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeen:e

Entry address:
0x37BD3

Entry point:
E8, 00, 00, 00, 00, 60, E8, 4F, 00, 00, 00, AA, 78, 36, 5B, 20, 8E, 16, 8B, 63, 01, 1B, 25, A9, 0F, 1E, DA, C4, 02, ED, 51, 42, 94, 84, BF, CA, 8F, 75, 8A, E7, 10, 49, 2A, 95, E7, 3A, 9F, 8C, AC, 4F, A0, 8F, 2E, 8C, B7, A1, 69, DD, 95, CF, A8, 94, 16, F2, F2, 2D, 12, CF, A8, 94, 16, F2, F2, 2D, 12, E9, 2A, 6E, 00, 00, E9, 3E, 6E, 00, 00, E9, 39, 6E, 00, 00, E8, 6E, FB, FF, FF, CE, 01, 01, 00, 60, 9A, 00, 00, 51, 18, C7, B3, 45, AD, 01, E2, 9C, 5F, 54, 8B, C6, C4, F1, 22, F8, F6, F0, F7, 11, 71, C9, 62, 6D...
 
[+]

Entropy:
7.9980

Packer / compiler:
MoleBox v2.0

Service
Display name:
Cdqokg govweseu

Service name:
Aijpcg mwkisc

Description:
Ukispc sqskysok jaapmmrrcro

Type:
Win32OwnProcess, InteractiveProcess


Scan wkvbgqc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.