home

PCHCstart.exe

PCHCstart

Sutherland Global Services, Inc.

The executable PCHCstart.exe has been detected as malware by 12 anti-virus scanners.
Publisher:
Sutherland  (signed by Sutherland Global Services, Inc.)

Product:
PCHCstart

Version:
1.00.0243

MD5:
fc5b02d8eb42b64f1888d49655d17ab0

SHA-1:
038b42a6995af7c549a9b314ecf98fd630059e35

SHA-256:
2605573c46f0a1313a9064e69bdbca903d000019ac2d2da35f661ae1e043b432

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/24/2024 11:38:04 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.ADH
2011.10.09

Avira AntiVirus
TR/VB.Downloader.Gen
7.11.15.203

Bitdefender
Gen:Trojan.Heur.xm1@fP6Wroei
1.0.20.1035

Emsisoft Anti-Malware
Trojan.Win32.Spy!IK
8.16.07.25.07

F-Secure
Gen:Trojan.Heur.xm1@fP6Wroei
11.2016-25-07_2

G Data
Gen:Trojan.Heur.xm1@fP6Wroei
16.7.22

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.1.1.107.0

McAfee
Artemis!FC5B02D8EB42
5600.6327

Quick Heal
(Suspicious) - DNAScan
7.16.11.00

Rising Antivirus
Trojan.Win32.Generic.129B6131
23.00.65.16723

Sophos
Mal/VB-F
4.70

VIPRE Antivirus
Trojan.Win32.Generic
10722

File size:
369.9 KB (378,744 bytes)

Product version:
1.00.0243

Original file name:
PCHCstart.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pchcstart.exe

Digital Signature
Signed by:
Sutherland Global Services, Inc.

Authority:
VeriSign, Inc.

Valid from:
7/14/2011 7:00:00 PM

Valid to:
7/16/2012 6:59:59 PM

Subject:
CN="Sutherland Global Services, Inc.", OU=GSI, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sutherland Global Services, Inc.", L=Rochester, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71BD5EE90423A21C34BE1C90D95BBF46

File PE Metadata
Compilation timestamp:
9/30/2011 3:57:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:FiIhBrgrmCBawN9bHn6gMM5Uv4wDrRaLuSXeN8HmLET:FiIDrgrScHMM5UvJP4hiLE

Entry address:
0x4E4C

Entry point:
68, D4, AB, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D6, A6, A3, 01, E3, B5, 86, 42, 94, 33, EF, CD, 91, 95, 38, ED, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 50, 43, 48, 43, 73, 74, 61, 72, 74, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, FF, CC, 31, 00, 0B, F3, 42, 64, B3, 10, 4E, EA, 4D, A1, 17, 89, 93, 2A, A9, 81, 79, 0E, 3F, 3D, 6B, B8, 27, A6, 46, 99, 9C, B0, A1, 4B, E6, 26, 5D, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
5.8203

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
348 KB (356,352 bytes)

Remove PCHCstart.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.