» browser-helper.exe
Overview
Analysis
File Details
Behaviors (1)

browser-helper.exe

Dudu Communications

The executable browser-helper.exe has been detected as malware by 4 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DuduBrowser’.

File name:

browser-helper.exe

Publisher:

Dudu Communications (signed and verified)

MD5:

4739b9b7fe1c3517243a98f12d0203f2

SHA-1:

38f36c17ddc7c1e7f09051f95bd8ff56e511e3f1

SHA-256:

03039b7cdefd25291b59dfbd8652b2b335ca8d032fe0cc20da1444f18234df49

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

5/3/2024 7:17:43 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Troxa.A

7.11.30.172

AVG

Win32/DH{Uk0T?}

2017.0.2867

Dr.Web

Trojan.StartPage.59658

9.0.1.05190

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.828

File size:

195.6 KB (200,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\chromium\application\helper\browser-helper.exe

Digital Signature

Signed by:

Dudu Communications

Authority:

VeriSign, Inc.

Valid from:

11/11/2013 5:30:00 AM

Valid to:

12/12/2014 5:29:59 AM

Subject:

CN=Dudu Communications, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Dudu Communications, L=Dubai, S=Dubai, C=AE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3B936965DB7F38280D311AB60E0F1119

File PE Metadata

Compilation timestamp:

12/12/2013 4:56:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:fddjTbrtiq2gMgc5CulCWaBY4+Ao/BTgD8a1RU0FQHGfV4kpiJEzg:fdd/bSgMgc5plgFFoZu8a1V22Cj

Entry address:

0xFD25

Entry point:

E8, E8, 53, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 57, 33, DB, 6A, 07, 33, C0, 59, 8D, 7D, E4, 89, 5D, E0, F3, AB, 39, 5D, 0C, 75, 15, E8, FF, 09, 00, 00, C7, 00, 16, 00, 00, 00, E8, 44, 14, 00, 00, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, E4, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, B3, 54, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0, 88, 18, EB, 0C, 8D, 45, E0, 50, 53... 
[+]

Entropy:

6.4979

Code size:

140 KB (143,360 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DuduBrowser

Command:

C:\users\{user}\appdata\local\chromium\application\helper\browser-helper.exe

Remove browser-helper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.