PCHA.exe

PC Health Advisor

Paretologic Inc

The executable PCHA.exe has been detected as malware by 3 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
ParetoLogic  (signed by Paretologic Inc)

Product:
PC Health Advisor

Version:
3.2.8.0

MD5:
60683a97b0611996dcf634ba8187d3a4

SHA-1:
122841b26c5bbdc71de0a654cc573e619e466847

SHA-256:
028535d7cb459e313d6d2056f678636bb409320f32b25aec31f4dddb94094ad3

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/5/2024 3:30:20 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.16.24

File size:
4.5 MB (4,731,327 bytes)

Product version:
3.2.8.0

Copyright:
Copyright © 2016 ParetoLogic

Original file name:
PCHA.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\paretologic\pcha\pcha.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/10/2016 4:00:00 PM

Valid to:
3/16/2017 5:00:00 AM

Subject:
CN=Paretologic Inc, O=Paretologic Inc, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0DD79F4603AABAFD56508DA8E27A3C82

File PE Metadata
Compilation timestamp:
1/18/2017 9:50:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2959FB

Entry point:
E9, 26, 39, E7, FF, E9, 7F, FE, FF, FF, 3B, 0D, 80, 03, 7F, 00, 75, 02, F3, C3, E9, E7, 1D, 00, 00, 51, C7, 01, DC, 2C, 76, 00, E8, 9C, 46, 01, 00, 59, C3, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, FB, 45, 01, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC, 56, 8B, F1, E8, C9, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, A9, 3D, ED, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, FF, 75, 18, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 05, 00, 00, 00, 83, C4, 18...
 
[+]

Entropy:
6.6663

Packer / compiler:
Xtreme-Protector v1.05

Code size:
3.2 MB (3,328,000 bytes)

Scheduled Task
Task name:
PC Health Advisor

Trigger:
Weekly (Runs weekly on Tuesdays at 4:57 AM)

Description:
PC Health Advisor


Remove PCHA.exe - Powered by Reason Core Security