home

pc_health_check.exe

Sutherland Global Services, Inc.

The executable pc_health_check.exe has been detected as malware by 12 anti-virus scanners.
Publisher:
Sutherland Global Services, Inc.  (signed and verified)

MD5:
17bfcc8b065e9b6a02c79b5974391566

SHA-1:
2d4cd0ab55bf835597c024881b339e04b97c9a20

SHA-256:
e3be3e8824a996fde2005309845b1f71b8518349edd3db20e693f820e25e9d58

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/23/2024 8:02:02 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/VB.Downloader.Gen
7.11.59.80

Comodo Security
UnclassifiedMalware
15112

Dr.Web
BACKDOOR.Trojan
9.0.1.01

Fortinet FortiGate
W32/VB.F
1/1/2016

F-Secure
Gen:Trojan.Heur.vm1@fX5NN4di
11.2016-01-01_6

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.3.5.0

McAfee
Artemis!34FBC9ADD443
5600.6534

NANO AntiVirus
Trojan.MLW.dzayw
0.22.8.49711

Norman
Suspicious_Gen2.JNQTT
11.20160101

Sophos
Mal/VB-F
4.85

Trend Micro House Call
TROJ_GEN.RFFH1G5
7.2.1

Trend Micro
TROJ_GEN.RCBC8H8
10.465.01

File size:
19.5 MB (20,397,928 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pc_health_check.exe

Digital Signature
Signed by:
Sutherland Global Services, Inc.

Authority:
VeriSign, Inc.

Valid from:
7/8/2012 5:00:00 PM

Valid to:
7/16/2013 4:59:59 PM

Subject:
CN="Sutherland Global Services, Inc.", OU=GSI, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sutherland Global Services, Inc.", L=Rochester, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AAE416B675B257B53FBF7D8D239FD3B

File PE Metadata
Compilation timestamp:
9/20/2007 5:34:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
393216:NuJ5mUNGHnoabqd4PKme4mrVTDrD0l41t++aZHrd1lYirv/OlHkxaNOq6zyqX1Oy:NiAygeRTDrD0l41tzaZ5N78suOqYeWmq

Entry address:
0x1000

Entry point:
E8, F3, 2A, 00, 00, 50, E8, 3B, 33, 01, 00, 00, 00, 00, 00, 90, 55, 8B, EC, 53, 56, 57, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, D3, FF, 75, 14, 68, E1, 50, 41, 00, 6A, 00, 6A, 00, 8B, C6, 8B, CF, E8, A2, 47, 00, 00, 81, EB, 10, 01, 00, 00, 74, 05, 4B, 74, 14, EB, 57, FF, 75, 14, 6A, 66, 56, E8, 9A, 35, 01, 00, B8, 01, 00, 00, 00, EB, 47, 66, 81, E7, FF, FF, 66, FF, CF, 74, 07, 66, FF, CF, 74, 23, EB, 30, 68, 80, 00, 00, 00, 68, A4, 69, 41, 00, 6A, 65, 56, E8, E0, 34, 01, 00, 6A, 01, 56, E8, BA, 34, 01, 00...
 
[+]

Entropy:
7.9996  (probably packed)

Code size:
78 KB (79,872 bytes)

Remove pc_health_check.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.