home

SystemHealth.exe

System Health Tool

Schlumberger

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SystemHealth’.
Publisher:
Schlumberger  (signed and verified)

Product:
System Health Tool

Version:
2.3.12

MD5:
066e82e8d3c31122c1c0027c31e9c351

SHA-1:
bcd53f024a9b07afaf8827dea90b3c79e630c75b

SHA-256:
060e0fc79ed3c1841a076e80065afae678199d630a762ee0930f81c432f5f02e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 5:48:44 AM UTC  (today)

File size:
1 MB (1,050,088 bytes)

Product version:
2.3.12

Copyright:
Copyright © Schlumberger - 2015

Original file name:
SystemHealth.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\schlumberger\system health tool\systemhealth.exe

Digital Signature
Signed by:
Schlumberger

Authority:
slb.com

Valid from:
2/17/2014 7:11:59 PM

Valid to:
2/16/2018 7:11:59 PM

Subject:
E=rgadeev@slb.com, CN=SCCM Code Signing Certificate, OU=IT, O=Schlumberger, L=Houston, S=TX, C=US

Issuer:
CN=Schlumberger Corporate Issuing CA2, OU=Schlumberger, O=slb.com, L=Houston, S=Texas, C=US

Serial number:
32A3E3B300000010E166

File PE Metadata
Compilation timestamp:
8/18/2015 3:16:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:8Bh2PsD3BNdGjRPskW7/6aghxX5/avp3LcfOYSqcilnIfN/vR2RT/iDrHNn0xPJP:8j2PXRE2Lvw+fOWci5I1/pNDbNn0xPRz

Entry address:
0x10600A

Entry point:
FF, 25, 00, 60, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8627  (probably packed)

Code size:
188 KB (192,512 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SystemHealth

Command:
"C:\Program Files\schlumberger\system health tool\systemhealth.exe"


Scan SystemHealth.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.