PCTechHotline.exe

PCTechHotline

Crawler, LLC

The application PCTechHotline.exe by Crawler has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PCTechHotline’. This file is typically installed with the program PC Tech Hotline by Crawler, LLC which is a potentially unwanted software program. While running, it connects to the Internet address 5373-colo-cust.host.net on port 80 using the HTTP protocol.
Publisher:
Crawler, LLC  (signed and verified)

Product:
PCTechHotline

Version:
3.0.0.4

MD5:
2996430a04e8633d40b27782f96a2a02

SHA-1:
8b087d459c2a6d3ff698562a46850f7f53a48e9e

SHA-256:
d3ea94055818030f7f9a79f861a59cc42fa780e33bb15a7d260272e5d069e9ea

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
10/24/2017 3:47:13 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

CMC Antivirus
Packed.Win32.Obfuscated.10!O
1.1.0.977

Reason Heuristics
PUP.Startup.Crawler.N
14.8.8.2

File size:
1.8 MB (1,905,000 bytes)

Product version:
3.0.0.0

Copyright:
© Crawler, LLC

Original file name:
PCTechHotline.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pctechhotline\pctechhotline.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 4:00:00 PM

Valid to:
1/25/2017 3:59:59 PM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
2/11/2014 12:55:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:H8G2QfT79+axZl9KwWJ+2j0Z0/9GDtsiwFSQiSbZTIMkGL1iiHdHVbhKw5:HyY+oOVM0cX4SQicTIMtIkdv/5

Entry address:
0x115070

Entry point:
55, 8B, EC, 83, C4, F0, B8, 74, 37, 51, 00, E8, 0C, 20, EF, FF, E8, 3B, E0, FF, FF, E8, 0E, FA, EE, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1009

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,131,008 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PCTechHotline

Command:
"C:\Program Files\pctechhotline\pctechhotline.exe" \startup


The file PCTechHotline.exe has been discovered within the following program.

PC Tech Hotline  by Crawler, LLC
Publisher's description - “You may order the Service by submitting a service plan order through the PC Tech Hotline website or by calling PC Tech Hotline.”
www.PCTechHotline.com
74% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 5373-colo-cust.host.net  (66.115.32.20:80)

Remove PCTechHotline.exe - Powered by Reason Core Security