home

DBGHELP.DLL

Windows Image Helper

Microsoft Corporation

This is installed with multiple programs including SDK Debuggers and WPTx86. The file has been seen being downloaded from download1584.mediafire.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Windows® Operating System

Description:
Windows Image Helper

Version:
6.3.9600.16384 (debuggers(dbg).130821-1623)

MD5:
0cb8f36326a9d5f2a4624cc08e436b6f

SHA-1:
90e1fb1874bd2dac9533ceaaf2e636b94775be4d

SHA-256:
e83e1e0c8e38e589260611069132e99e5864f762efb69772d537cf3a0138fbde

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/25/2024 1:17:24 PM UTC  (today)

File size:
1.2 MB (1,255,528 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
DBGHELP.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\windows kits\8.1\debuggers\x86\dbghelp.dll

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/25/2013 12:33:39 AM

Valid to:
4/25/2014 1:33:39 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata
Compilation timestamp:
8/22/2013 6:59:03 AM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
12288:2ZpiKmQHELQ0WcTfeGdJTG6CDbDqG3Q8rXEDtQD9iHDL8/mIwBBl2U3ipYgqRmyl:2ZpLHEicTfNTGxvm8rXLWmf70QyS4yEJ

Entry address:
0x7C98D

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 2A, FC, FF, FF, 5D, E9, 2A, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, B8, 63, 73, 6D, E0, 39, 45, 08, 75, 0D, FF, 75, 0C, 50, E8, E8, 15, 00, 00, 59, 59, 5D, C3, 33, C0, 5D, C3, CC, CC, CC, CC, CC, 6A, 2C, 68, 70, B9, 10, 03, E8, 4B, 17, 00, 00, C7, 45, E4, 01, 00, 00, 00, 33, F6, 89, 75, FC, 8B, 45, 0C, 83, F8, 01, 77, 05, A3, 00, E0, 10, 03, 83, 7D, 0C, 00, 75, 11, 83, 3D, B0, 29, 11, 03, 00, 75, 08, 89, 75, E4, E9, 1E, 02, 00, 00, 8B, 45, 0C, 83...
 
[+]

Entropy:
6.3062

Code size:
1 MB (1,099,264 bytes)

The file DBGHELP.DLL has been discovered within the following programs.

SDK Debuggers  by Microsoft Corporation
Publisher's description - “Use Debugging Tools for Windows to debug drivers, applications, and services on Windows systems. Debugging Tools for Windows includes a core debugging engine and several tools that provide interfaces to the debugging engine.”
5% remove it
WPTx86  by Microsoft Corporation
3% remove it
X86 Debuggers And Tools  by Microsoft Corporation
2% remove it
 
Powered by Should I Remove It?

The file DBGHELP.DLL has been seen being distributed by the following 3 URLs.

http://download1584.mediafire.com/p80asg6b3f4g/.../dbghelp.dll

http://download1584.mediafire.com/01601jcb9qvg/.../dbghelp.dll

http://download1584.mediafire.com/xveyvfsdrxjg/.../dbghelp.dll

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.