» rchelper.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

rchelper.exe

Registry Repair Wizard

CleanMyPC Technology Limited

The application rchelper.exe, “Registry Repair Wizard Scheduler” by CleanMyPC Technology Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Registry Repair Wizard Scheduler’. This file is typically installed with the program Registry Repair Wizard by SmartPCTools.

File name:

rchelper.exe

Publisher:

SmartPCTools (signed by CleanMyPC Technology Limited)

Product:

Registry Repair Wizard

Description:

Registry Repair Wizard Scheduler

Version:

2011, 6, 6, 2

MD5:

0adc2a25a43474587d1843a067f838cc

SHA-1:

2851aed28ac995f83e638fe02e1acd6022fe3538

SHA-256:

2c8785b479373dc805a8b13b6567d910f636e612568baa0e8a2a14e084294ceb

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/7/2024 7:29:18 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.12.9.0

File size:

1.5 MB (1,540,480 bytes)

Product version:

2011, 6, 6, 2

Original file name:

RCScheduler.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\smartpctools\registry repair wizard\rchelper.exe

Digital Signature

Signed by:

CleanMyPC Technology Limited

Authority:

The USERTRUST Network

Valid from:

3/21/2010 8:00:00 PM

Valid to:

3/21/2012 7:59:59 PM

Subject:

CN=CleanMyPC Technology Limited, O=CleanMyPC Technology Limited, STREET="ROOM C1D 6/F, WING HING INDUSTRIAL BUILDING", STREET=14 HING YIP STREET, STREET="KWUN TONG, KOWLOON, HONG KONG", L=HONG KONG, S=NA, PostalCode=NA, C=HK

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

253A6CD8243978CADEED6FF2D0C2F4E1

File PE Metadata

Compilation timestamp:

10/8/2011 5:19:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

83.82

CTPH (ssdeep):

24576:ES8Y21FqZlcHPCzoR2K8qTrdU85n2gxEmVw1EnKw7Zq0uX+l79IHyVwyShviRS3I:NauqTJpnf61EnKw7Zq0uX+l79IHyVwyz

Entry address:

0xB0000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB, 0F, B8, EB, 07, B9, EB, 0F, 90, EB, 08, FD, EB, 0B, F2, EB, F5, EB, F6, F2, EB, 08, FD, EB, E9, F3, EB, E4, FC, E9, 9D, 0F, C9, 8B, CA, F7, D1, 59, 58, 50, 51, 0F, CA, F7, D2, 9C, F7, D2, 0F, CA, EB, 0F, B9, EB... 
[+]

Entropy:

7.7265

Packer / compiler:

ASPack v1.08.04

Code size:

444 KB (454,656 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Registry Repair Wizard Scheduler

Command:

"C:\Program Files\smartpctools\registry repair wizard\rchelper.exe" \startup

The file rchelper.exe has been discovered within the following program.

Registry Repair Wizard by SmartPCTools

SmartPCTools Registry Repair Wizard is registry utility whose purported purpose is to remove redundant items from the Windows registry.

www.registryrepair.net

51% remove it

Remove rchelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.