home

pgchk.exe

ProxyGate

GOLD CLICK LIMITED

The application pgchk.exe, “PG Helper Process” by GOLD CLICK LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Gold Click Ltd  (signed by GOLD CLICK LIMITED)

Product:
ProxyGate

Description:
PG Helper Process

Version:
3.0.0.65

MD5:
da2bf21131756bc91885e19a6c45f8cd

SHA-1:
4e0f8402eeb3b4076d4e38298af702104432e444

SHA-256:
322754f43d3b9407e295cf9f952b5203c7a81cbea9d96ae72bbbef63b870a62a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 12:36:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GOLDCLICK (M)
16.1.6.5

File size:
1006.1 KB (1,030,208 bytes)

Product version:
3.0.0.65

Copyright:
Gold Click Ltd

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\proxygate\pgchk.exe

Digital Signature
Signed by:
GOLD CLICK LIMITED

Authority:
GlobalSign nv-sa

Valid from:
3/26/2015 11:17:01 PM

Valid to:
3/26/2016 11:17:01 PM

Subject:
CN=GOLD CLICK LIMITED, O=GOLD CLICK LIMITED, L=Birmingham, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121EB61871B3A6BD9AD6F5CED626E0A4574

File PE Metadata
Compilation timestamp:
12/22/2015 10:25:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:2RbGw601BgyNyFgW4/aphUZN00oqetDYNgPF9/7R9bVSRnF:eD64BzNyFa/aphAN0YetD8SVHUnF

Entry address:
0xDEB60

Entry point:
55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, BC, A3, 4D, 00, E8, B0, EC, F2, FF, BB, 34, 84, 4E, 00, BE, 0C, 84, 4E, 00, 33, C0, 55, 68, 60, ED, 4D, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, B8, 01, 00, 00, 00, E8, 33, 7F, F2, FF, 8B, 45, E8, 8D, 55, EC, E8, B4, DB, F3, FF, 8B, 45, EC, BA, 7C, ED, 4D, 00, E8, D7, B1, F2, FF, 74, 1C, 6A, 10, 68, 90, ED, 4D, 00, 68, E0, ED, 4D, 00, E8, 08, F6, F2, FF, 50, E8, 2A, F6, F2, FF, E9, 6E, 01, 00, 00, 68, F8, EE, 4D, 00, 6A, FF, 6A, 00...
 
[+]

Entropy:
6.6059

Developed / compiled with:
Microsoft Visual C++

Code size:
885 KB (906,240 bytes)

Remove pgchk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.