» schedhlp.exe
Overview
Analysis
File Details
Behaviors (1)

schedhlp.exe

Acronis Scheduler Helper

Acronis International GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Acronis Scheduler2 Service’.

File name:

schedhlp.exe

Publisher:

Acronis (signed by Acronis International GmbH)

Product:

Acronis Scheduler Helper

Version:

8,0,0,8204

MD5:

3ebc024e260c56d040cf82d69c54be08

SHA-1:

3c9b93e030a4bc8900130dc47c014e5b76307c0e

SHA-256:

dc43ec34550b91c56523b114c17281c23bc01430149734b9173d005cc840eccb

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 4:25:23 AM UTC (today)

File size:

398.4 KB (407,992 bytes)

Product version:

8,0,0,8204

Trademarks:

Acronis

Original file name:

schedhlp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States d'America)

Common path:

C:\Program Files\common files\acronis\schedule2\schedhlp.exe

Digital Signature

Signed by:

Acronis International GmbH

Authority:

VeriSign, Inc.

Valid from:

8/28/2012 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Acronis International GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Acronis International GmbH, L=Schaffhausen, S=Schaffhausen, C=CH

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

16437AAA13F5543F67E10E03893EA315

File PE Metadata

Compilation timestamp:

7/20/2015 10:15:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:McfITh2Irt5g/ymZfAihp3aF/C3V4CLtFSfTBqSHZ0fKkE:M4ot5g7ZfAFQFHYfTsSHZ0ykE

Entry address:

0x855D

Entry point:

E8, 93, 3B, 00, 00, E9, 40, FE, FF, FF, 8B, 44, 24, 04, A3, A8, 73, 45, 00, C3, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, 24, 52, 45, 00, 33, C5, 89, 85, A4, 02, 00, 00, 56, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66, 8C, 95, A0, 00, 00, 00, 66, 8C, 8D, 94, 00, 00, 00, 66, 8C, 5D, 70, 66, 8C, 45, 6C, 66, 8C, 65, 68, 66, 8C, 6D, 64, 9C, 8F, 85, 98, 00, 00, 00, 8B, B5, AC, 02, 00, 00, 8D, 85, AC, 02, 00, 00, 89, 85, 9C, 00... 
[+]

Code size:

272 KB (278,528 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Acronis Scheduler2 Service

Command:

"C:\Program Files\common files\acronis\schedule2\schedhlp.exe"

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.