PCTechHotline.exe

PCTechHotline

Crawler, LLC

The application PCTechHotline.exe by Crawler has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PCTechHotline’. This file is typically installed with the program PC Tech Hotline by Crawler, LLC which is a potentially unwanted software program. While running, it connects to the Internet address 5373-colo-cust.host.net on port 80 using the HTTP protocol.
Publisher:
Crawler, LLC  (signed and verified)

Product:
PCTechHotline

Version:
3.0.0.4

MD5:
a696d347e734d2ef7dd6909de96a8f96

SHA-1:
80de1fabbf960efb9a03e04e43bdb9cc47098d47

SHA-256:
1e8be9a2c4727de7ea729b016601e2546e1c80a6ee14d3316a79ad747e8f5db0

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
10/21/2017 11:27:56 AM UTC  (today)

Scan engine
Detection
Engine version

CMC Antivirus
Packed.Win32.Obfuscated.10!O
1.1.0.977

Reason Heuristics
PUP.Startup.Crawler.N
14.8.8.2

File size:
1.8 MB (1,905,000 bytes)

Product version:
3.0.0.0

Copyright:
© Crawler, LLC

Original file name:
PCTechHotline.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pctechhotline\pctechhotline.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/27/2013 1:00:00 AM

Valid to:
1/26/2017 12:59:59 AM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
2/11/2014 9:55:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:S8G2QfT79+axZl9KwWJ+2j0Z0/9GDtsiwFSQiSbZTp/kGL1iiHdHVbhKwn:SyY+oOVM0cX4SQicTp/tIkdv/n

Entry address:
0x115070

Entry point:
55, 8B, EC, 83, C4, F0, B8, 74, 37, 51, 00, E8, 0C, 20, EF, FF, E8, 3B, E0, FF, FF, E8, 0E, FA, EE, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,131,008 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PCTechHotline

Command:
"C:\Program Files\pctechhotline\pctechhotline.exe" \startup


The file PCTechHotline.exe has been discovered within the following program.

PC Tech Hotline  by Crawler, LLC
Publisher's description - “You may order the Service by submitting a service plan order through the PC Tech Hotline website or by calling PC Tech Hotline.”
www.PCTechHotline.com
74% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 5373-colo-cust.host.net  (66.115.32.20:80)

Remove PCTechHotline.exe - Powered by Reason Core Security