home

RecordCheckerService.exe

Record Checker

Long Mile Solutions, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application RecordCheckerService.exe, “RecordChecker Service” by Long Mile Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “RecordChecker”.
Publisher:
Long Mile Solutions, LLC  (signed and verified)

Product:
Record Checker

Description:
RecordChecker Service

Version:
1.0.0.0

MD5:
d6a08f2779e3511cb2d484d9209a6fae

SHA-1:
b36b27c4faa6f3db72c47e3d1a8c55c4885593f5

SHA-256:
ae66838899b7062cf8e70ae6dd9d4297821c0ad8ceeac71bac741d54c18675b2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
5/3/2024 6:32:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.Injekt
15.2.27.2

File size:
2.2 MB (2,320,208 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Long Mile Solutions, LLC 2014

Original file name:
RecordCheckerService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\recordchecker\recordcheckerservice.exe

Digital Signature
Signed by:
Long Mile Solutions, LLC

Authority:
VeriSign, Inc.

Valid from:
5/19/2014 5:00:00 PM

Valid to:
5/20/2015 4:59:59 PM

Subject:
CN="Long Mile Solutions, LLC", O="Long Mile Solutions, LLC", L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6015F7C4F3F065B548DA2303F218785D

File PE Metadata
Compilation timestamp:
8/29/2014 2:58:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:yxOzNtVEzw9l+iS4wENlQobf+rICI7ChWjtQWbUuAF8zUWUfLEfJztzKJfu:ZVew3+HEXFbfeIfy+PQhawCdKJfu

Entry address:
0x2360EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9993

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,310,656 bytes)

Service
Display name:
RecordChecker

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove RecordCheckerService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.