» DBGHELP.DLL
Overview
Analysis
File Details

DBGHELP.DLL

Debugging Tools for Windows

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library DBGHELP.DLL, “Windows Image Helper” has been detected as malware by 10 anti-virus scanners.

File name:

DBGHELP.DLL

Publisher:

Microsoft Corporation (signed and verified)

Product:

Debugging Tools for Windows(R)

Description:

Windows Image Helper

Version:

6.9.0003.113 (debuggers(dbg).080320-1813)

MD5:

b78c6f269b195364f8f6d37a6b5441bd

SHA-1:

298afb9d31be77e2ddcb9b5e6c2e01ba235fc1ec

SHA-256:

4f401ef7c0c9b145c2cc5f292f2d953038de5dbef23be20917b90d2c935c4671

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/25/2024 4:52:48 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:GenMalicious-BFP [Trj]

160518-2

AVG

Win32/Floxif

2015.0.4604

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.96

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.606.0

Norman

Win32.Floxif.A

28.05.2016 13:03:37

File size:

1.1 MB (1,144,325 bytes)

Product version:

6.9.0003.113

Original file name:

DBGHELP.DLL

File type:

Dynamic link library (Win32 DLL)

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

10/18/2007 10:09:04 PM

Valid to:

12/18/2008 10:19:04 PM

Subject:

CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Windows Verification PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

61052123000000000006

File PE Metadata

Compilation timestamp:

3/21/2008 9:28:43 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

24576:sY8MO8xbMDU5yzCmMRY81cHKUZpFWSUlwVEEyvE1Pp09jvbIQMRGJ/qofpu:txYDU5yzCmMR3GHHulw48dp09L1q6u

Entry address:

0x67D44

Entry point:

E9, 16, 49, FF, FF, 83, 7D, 0C, 01, 75, 05, E8, 0E, 16, 00, 00, 5D, E9, 96, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 68, 39, 0F, 03, 75, 02, F3, C3, E9, 7E, 16, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 48, 11, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, 80, 12, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 03, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, CC, CC, CC, CC... 
[+]

Entropy:

6.6265

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

957.5 KB (980,480 bytes)

Remove DBGHELP.DLL - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.