» browser-helper.exe
Overview
Analysis
File Details

browser-helper.exe

Dudu Communications

The executable browser-helper.exe has been detected as malware by 15 anti-virus scanners.

File name:

browser-helper.exe

Publisher:

Dudu Communications (signed and verified)

MD5:

d0dfab0c8976869ecc4ae5d52a0e6af7

SHA-1:

165eaacad9e85ac48bc284f18dd8dda5cbe1933d

SHA-256:

590c26d35bd1e97472f1723b62c5e949106b8ec7edf98b9110d1b2eebeddf6f0

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

5/10/2024 4:57:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11431815

204

Arcabit

Trojan.Generic.DAE6F87

1.0.0.567

AVG

Win32/DH{gRKBEyAiJU1SEw}

2017.0.2682

Bitdefender

Trojan.Generic.11431815

1.0.20.985

Dr.Web

Trojan.StartPage.55602

9.0.1.0197

Emsisoft Anti-Malware

Trojan.Generic.11431815

8.16.07.15.02

F-Secure

Trojan.Generic.11431815

11.2016-15-07_6

G Data

Trojan.Generic.11431815

16.7.25

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.9.5.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-95

McAfee

Artemis!D0DFAB0C8976

5600.6338

MicroWorld eScan

Trojan.Generic.11431815

17.0.0.591

nProtect

Trojan.Generic.11431815

15.09.24.01

Qihoo 360 Security

Win32/Trojan.e6d

1.0.0.1015

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

196.1 KB (200,832 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\syswow64\browser-helper.exe

Digital Signature

Signed by:

Dudu Communications

Authority:

VeriSign, Inc.

Valid from:

11/6/2012 3:00:00 AM

Valid to:

11/7/2013 2:59:59 AM

Subject:

CN=Dudu Communications, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Dudu Communications, L=Dubai, S=Dubai, C=AE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

13ACCBCB6D0D262DE877EBA39DFE6BAA

File PE Metadata

Compilation timestamp:

5/2/2013 9:31:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:DybeGCYqZl2aigD6Hhtfh8YQPYgecLg90F3ByCZqPlxkFqZv:Dyb5CeaigDshtK3PFc9Daqp

Entry address:

0xFAE7

Entry point:

E8, 44, 61, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 8B, 55, 08, 57, 8B, F8, 3B, FA, 76, 6C, 8B, 4D, 0C, 8D, 04, 0A, 53, 89, 45, FC, 56, EB, 03, 8D, 49, 00, 8B, 75, FC, 8B, DA, 3B, F7, 77, 22, 8D, A4, 24, 00, 00, 00, 00, 53, 56, FF, 55, 10, 83, C4, 08, 85, C0, 7E, 02, 8B, DE, 03, 75, 0C, 3B, F7, 76, EB, 8B, 4D, 0C, 8B, 55, 08, 8B, F1, 8B, C7, 3B, DF, 74, 21, 85, C9, 74, 1D, 8B, CB, 2B, CF, EB, 03, 8D, 49, 00, 8A, 18, 8A, 14, 01, 88, 1C... 
[+]

Entropy:

6.5035

Code size:

143 KB (146,432 bytes)

Remove browser-helper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.