» DBGHELP.DLL
Overview
Analysis
File Details

DBGHELP.DLL

Debugging Tools for Windows

HANcommunication

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The module DBGHELP.DLL, “Windows Image Helper” by HANcommunication has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

DBGHELP.DLL

Publisher:

Microsoft Corporation (signed by HANcommunication)

Product:

Debugging Tools for Windows(R)

Description:

Windows Image Helper

Version:

6.9.0003.113 (debuggers(dbg).080320-1813)

MD5:

ca674f2b3670ad910ce853401c7dc204

SHA-1:

406e941bdd9b5a024cd1c680e4dee83f04990603

SHA-256:

d2d21af953943a973ecc6b9e51085c66a96e0948e2e0b4994f497e358dfc802f

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 5:54:39 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.HANcommunication.H

14.11.30.23

File size:

1 MB (1,058,328 bytes)

Product version:

6.9.0003.113

Original file name:

DBGHELP.DLL

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\malwares\gcodec\dbghelp.dll

Digital Signature

Signed by:

HANcommunication

Authority:

Thawte, Inc.

Valid from:

5/12/2013 2:00:00 AM

Valid to:

6/12/2015 1:59:59 AM

Subject:

CN=HANcommunication, O=HANcommunication, L=seoul, S=Guro-gu, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3962DEF517F7534C2829A48F9A9454D4

File PE Metadata

Compilation timestamp:

3/21/2008 2:28:43 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

24576:qY8MO8xbMDU5yzlGmMRq81cHKUZpFWSUlwVEEyvE1Pp09jvby:/xYDU5yzlGmMRxGHHulw48dp09y

Entry address:

0x67D44

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 0E, 16, 00, 00, 5D, E9, 96, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 68, 39, 0F, 03, 75, 02, F3, C3, E9, 7E, 16, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 48, 11, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, 80, 12, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 12, 00, 03, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, CC, CC, CC, CC... 
[+]

Code size:

957.5 KB (980,480 bytes)

Remove DBGHELP.DLL - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.