home

chromehelper.exe

WebAppTech Coding LLC

This adware background process is controlled and started by the Updater.exe executable (if the process is stopped the updater will restart it) and is desigend to install the extension within the Chrome borwser and inject and popup various types of ad formats including pop-ups, inline text links and banners. ChromeHelper is packaged with one of many a branded adware applications, from Injekt. The application chromehelper.exe by WebAppTech Coding has been detected as adware by 11 anti-malware scanners.
Publisher:
WatchDog  (signed by WebAppTech Coding LLC)

Product:
WatchDog

Version:
3, 0, 0, 1

MD5:
592b06e131e10cb174bd9961a775e437

SHA-1:
178152b2a5c51581daccdc920bad57cc0cb2c6a3

SHA-256:
3438fcd708326003a81cb1185f8931f5b46260092382f26d4f6b44c284cd0b53

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
5/7/2024 7:10:21 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3145

Dr.Web
Adware.Plugin.128
9.0.1.099

ESET NOD32
Win32/ExFriendAlert (variant)
9.10682

IKARUS anti.virus
PUA.ExFriendAlert
t3scan.1.8.3.0

Malwarebytes
PUP.Optional.SearchDonkey.A
v2013.12.27.12

McAfee
Artemis!592B06E131E1
5600.7268

NANO AntiVirus
Riskware.Win32.Plugin.dbxktm
0.28.6.62995

Reason Heuristics
PUP.WebAppTechCoding.M
14.8.7.17

Sophos
Search Donkey
4.96

Trend Micro House Call
TROJ_GEN.F47V1030
7.2.361

VIPRE Antivirus
SearchDonkey
24390

File size:
246.6 KB (252,552 bytes)

Product version:
3, 0, 0, 1

Original file name:
dog.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\rhelpers\chromehelper\chromehelper.exe

Digital Signature
Signed by:
WebAppTech Coding LLC

Authority:
COMODO CA Limited

Valid from:
1/16/2013 12:00:00 AM

Valid to:
1/16/2014 11:59:59 PM

Subject:
CN=WebAppTech Coding LLC, O=WebAppTech Coding LLC, STREET="2885 Sanford Ave SW #18716", L=Grandville, S=MI, PostalCode=49418, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ED976277604B937F55FA8DF427C5B534

File PE Metadata
Compilation timestamp:
10/3/2013 5:06:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:4lBzqIELQlmnWN/68zIyrjSHoWT0Cp2kL93YabMtfxYCZYzVnr69n+/Vgw3PMYbo:4llk5c3sZ1sHYZ2ogQkGjzsThSC5b

Entry address:
0x160EB

Entry point:
E8, 68, 96, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, F8, D4, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 29, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, CC, 90, 42, 00...
 
[+]

Code size:
159.5 KB (163,328 bytes)

Remove chromehelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.