» App24x7Help.exe
Overview
Analysis
File Details
Behaviors (1)

App24x7Help.exe

24x7Help

Crawler, LLC

The application App24x7Help.exe by Crawler has been detected as a potentially unwanted program by 9 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘24x7HELP’.

File name:

App24x7Help.exe

Publisher:

Crawler, LLC (signed and verified)

Product:

24x7Help

Version:

2.1.0.39

MD5:

b14370ac22ed35942b153d367aed9658

SHA-1:

a682a0f85b69590e420782fb2697944684a26c11

SHA-256:

5a4676eee96d504e9032498cfd1fedb0d0512d55dd622bf7c6a0ef77eab80f47

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:08:00 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2017.0.2833

Baidu Antivirus

Trojan.Win32.24x7Help

4.0.3.16214

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Program.Unwanted.340

9.0.1.045

ESET NOD32

Win32/24x7Help (variant)

10.9056

Fortinet FortiGate

Riskware/24x7Help

2/14/2016

Reason Heuristics

PUP.Crawler (M)

16.2.14.23

SUPERAntiSpyware

Adware.24x7Help/Variant

9323

Trend Micro House Call

Suspicious_GEN.F47V1107

7.2.45

File size:

1.8 MB (1,887,824 bytes)

Product version:

2.1.0.0

Original file name:

App24x7Help.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\24x7help\app24x7help.exe

Digital Signature

Signed by:

Crawler, LLC

Authority:

VeriSign, Inc.

Valid from:

12/10/2010 1:00:00 AM

Valid to:

12/12/2013 12:59:59 AM

Subject:

CN="Crawler, LLC", OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1535EDA3C8F2FED30D4497572760F240

File PE Metadata

Compilation timestamp:

10/30/2013 3:05:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:Y6EaDhwfssElf+OAjTXeh7guNCW/fDAhwPXQhYJP0AJZTRJh07zfUjyfUjgFVZyu:Y6kgoSTCVh0gCJckTRJkzwywpGj

Entry address:

0x111FC0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 70, FC, 50, 00, E8, 8C, 50, EF, FF, E8, FF, D5, FF, FF, E8, 8E, 2A, EF, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 02, 00, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.1 MB (1,115,136 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

24x7HELP

Command:

"C:\Program Files\24x7help\app24x7help.exe" \startup

Remove App24x7Help.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.