App24x7Help.exe

24x7Help

Crawler, LLC

The application App24x7Help.exe by Crawler has been detected as a potentially unwanted program by 6 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘24x7HELP’. While running, it connects to the Internet address 5373-colo-cust.host.net on port 80 using the HTTP protocol.
Publisher:
Crawler, LLC  (signed and verified)

Product:
24x7Help

Version:
2.2.0.17

MD5:
0b303dc64034255f1ed7a07c985d5c75

SHA-1:
ee3dd3e8f472f92db548713a5cda5dee1a9e0da8

SHA-256:
cf6e23bfb933d6898234e566610c4ffd7f077cd75ff33ad8511d635b6d7fcfc9

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/15/2017 1:47:55 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.24x7Help
4.0.3.14105

Dr.Web
riskware program Program.Unwanted.45
9.0.1.0278

ESET NOD32
Win32/24x7Help (variant)
8.9653

Reason Heuristics
PUP.Startup.Crawler.L
14.10.5.15

SUPERAntiSpyware
Adware.24x7Help/Variant
10318

Trend Micro House Call
TROJ_GEN.F47V0324
7.2.278

File size:
1.8 MB (1,924,960 bytes)

Product version:
2.2.0.0

Copyright:
© Crawler, LLC

Original file name:
App24x7Help.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\24x7help\app24x7help.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/27/2013 3:30:00 AM

Valid to:
1/26/2017 3:29:59 AM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
2/11/2014 4:32:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:w8G2QfT79+axZl9KwWJ+2j0Z0/J3Dq6t/shv6keeZT+h0Ed4E664wdjVbh9s:wyY+oOVM0c6idNT+xdz66hdbC

Entry address:
0x115070

Entry point:
55, 8B, EC, 83, C4, F0, B8, D8, 35, 51, 00, E8, 0C, 20, EF, FF, E8, B7, DE, FF, FF, E8, 0E, FA, EE, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2064

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,130,496 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
24x7HELP

Command:
"C:\Program Files\24x7help\app24x7help.exe" \startup


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 5373-colo-cust.host.net  (66.115.32.20:80)

Remove App24x7Help.exe - Powered by Reason Core Security