Should I block it?

No, this file is 100% safe to run.

Relationships

PE file structure

Show functions

Import table

advapi32.dll

RegOpenKeyExW

kernel32.dll

GetCommandLineW, FindResourceExW, FindResourceW, FreeLibrary, LoadResource, LoadLibraryExW, VerSetConditionMask, GetModuleHandleW, SizeofResource, GetModuleFileNameW, lstrlenW, RaiseException, VerifyVersionInfoW, GetLastError, GetProcAddress, LockResource, GetFileAttributesExW, SetLastError, LocalAlloc, CloseHandle, SetStdHandle, InterlockedExchange, LoadLibraryA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStartupInfoW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, InterlockedDecrement, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, VirtualAlloc, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetFilePointer, CreateFileA

ole32.dll

CoCreateGuid

catalinacrashhandler.exe

CatalinaGroup Update by Catalina Group Limited (Signed)

Remove catalinacrashhandler.exe

Version:	1.3.25.205
MD5:	6ea1029029e05b6ab3922f107fd87943
SHA1:	207f5728613eae7a0045a34e829f5925a8ab540e

Overview

catalinacrashhandler.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). The file is digitally signed by Catalina Group Limited which was issued by the GoDaddy.com certificate authority (CA). This particular version is usually found on Windows 7 Ultimate (6.1.7601.65536).

Details

File name:	catalinacrashhandler.exe
Publisher:	Catalina Group Ltd.
Product name:	CatalinaGroup Update
Typical file path:	C:\users\user\appdata\local\catalinagroup\update\1.3.25.205\catalinacrashhandler.exe
Original name:	CatalinaUpdate.exe
File version:	1.3.25.205
Size:	143.98 KB (147,440 bytes)
Build date:	10/31/2013 4:53 PM
Certificate
Issued to:	Catalina Group Limited
Authority (CA):	GoDaddy.com
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Startup files (user) run

Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'CatalinaGroup Update' → "C:\users\user\appdata\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00732374%	0.028634%
Kernel CPU:	0.00614249%	0.013761%
User CPU:	0.00118125%	0.014873%
Kernel CPU time:	78 ms/min	100,923,805ms/min
Memory
Private memory:	3.32 MB	21.59 MB
Private (maximum):	1.39 MB
Private (minimum):	368 KB
Non-paged memory:	3.32 MB	21.59 MB
Virtual memory:	81.28 MB	140.96 MB
Virtual memory (peak):	83.28 MB	169.69 MB
Working set:	1.29 MB	18.61 MB
Working set (peak):	7.28 MB	37.95 MB
Resource allocations
Threads:	5	12
Handles:	193	600
GUI GDI count:	4	103
GUI GDI peak:	4	142
GUI USER count:	1	49
GUI USER peak:	1	71

Process properties

Integrety level:	High
Platform:	32-bit
Command line:	"C:\users\user\appdata\local\catalinagroup\update\1.3.25.205\catalinacrashhandler.exe" /crashhandler
Owner:	User

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	100.00%

Distribution by PC manufacturer

PC Manufacturer	distribution
Hewlett-Packard	100.00%

Remove Adware and Spyware Programs, FREE Download!