» loshChat-operator.exe
Overview
Analysis
File Details
Behaviors (1)

loshChat-operator.exe

chatAssist

ConnectWise

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ChatAssist’.

File name:

Publisher:

ConnectWise, Inc. (signed by ConnectWise)

Product:

chatAssist

Description:

a ChatAssist product

Version:

0.3.0.0

MD5:

186b72fa8d1694b62292787b5aec04c0

SHA-1:

017fa9e135ed899a410daf6959672df2cc66d214

SHA-256:

bfdf2f8626dfbb00befa5bcdc64b71aecb4395572850ffdc797e66307f3086fd

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/16/2024 4:29:27 AM UTC (today)

File size:

42.3 MB (44,383,280 bytes)

Product version:

3.0.0.0

Original file name:

loshChat-operator.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\chatassist\loshchat-operator.exe

Digital Signature

Signed by:

ConnectWise

Authority:

COMODO CA Limited

Valid from:

7/28/2014 7:00:00 PM

Valid to:

7/28/2017 6:59:59 PM

Subject:

CN=ConnectWise, O=ConnectWise, STREET="4110 George Rd., Ste. 200", L=Tampa, S=FL, PostalCode=33634, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0084EA08942D639F4687B2F6B2209FFEF0

File PE Metadata

Compilation timestamp:

2/19/2014 3:06:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

786432:fqoAkEy88PjBHvaQy/yBtn/RbRZb2QI6LqMQ05tnVBXL8Xvu2ae85ko9w0xyaWui:qkEy88Pj5vaQyM/R7b2F6LqUjVBXL8Xh

Entry address:

0x1863FD6

Entry point:

E8, 5A, DC, 00, 00, E9, 89, FE, FF, FF, B8, 7A, 27, C7, 01, A3, 88, 80, 9C, 02, C7, 05, 8C, 80, 9C, 02, 70, 1E, C7, 01, C7, 05, 90, 80, 9C, 02, 24, 1E, C7, 01, C7, 05, 94, 80, 9C, 02, 5D, 1E, C7, 01, C7, 05, 98, 80, 9C, 02, C6, 1D, C7, 01, A3, 9C, 80, 9C, 02, C7, 05, A0, 80, 9C, 02, F2, 26, C7, 01, C7, 05, A4, 80, 9C, 02, E2, 1D, C7, 01, C7, 05, A8, 80, 9C, 02, 44, 1D, C7, 01, C7, 05, AC, 80, 9C, 02, D0, 1C, C7, 01, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 48, E7, 00, 00, DB... 
[+]

Entropy:

6.9999

Code size:

31 MB (32,465,408 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ChatAssist

Command:

C:\Program Files\chatassist\loshchat-operator.exe tray

Scan loshChat-operator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.