» DBGHELP.DLL
Overview
Analysis
File Details

DBGHELP.DLL

Debugging Tools for Windows

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library DBGHELP.DLL, “Windows Image Helper” has been detected as malware by 12 anti-virus scanners.

File name:

DBGHELP.DLL

Publisher:

Microsoft Corporation (signed and verified)

Product:

Debugging Tools for Windows(R)

Description:

Windows Image Helper

Version:

6.8.0004.0 (debuggers(dbg).070515-1751)

MD5:

6f0a37c64861fb4da6ed0b46f8fabffe

SHA-1:

bd51e82118244cf45aa3d8a0f8e766b16518b61a

SHA-256:

79b7c2da86fee5c1fb260b418d3a8475c8545a569e571a2fdee005ebe29c36b0

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/19/2024 5:41:19 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160326-0

AVG

Win32/Floxif

2015.0.4568

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.21

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!6F0A37C64861

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.219.1878.0

Norman

Win32.Floxif.A

02.04.2016 17:35:19

Sophos

Virus 'W32/Floxif-C'

5.23

File size:

1.1 MB (1,123,407 bytes)

Product version:

6.8.0004.0

Original file name:

DBGHELP.DLL

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\boinc\dbghelp.dll

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

6/22/2007 9:56:18 PM

Valid to:

9/22/2008 10:06:18 PM

Subject:

CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6106BFFE000000000014

File PE Metadata

Compilation timestamp:

9/28/2007 3:27:05 AM

OS version:

7.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

24576:6Lm4cpDFYD2aC0jH5yrJXlpWrCSyZC0wLHr298TG00g8EAB4WrEH7K:jpKD2aC0jH5yrVDWRyZlwH29vjDIM

Entry address:

0x67BC4

Entry point:

E9, 80, 90, FA, FF, 83, 7D, 0C, 01, 75, 05, E8, EE, 15, 00, 00, 5D, E9, 96, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 68, D9, 0E, 03, 75, 02, F3, C3, E9, 5E, 16, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, D4, 11, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, A8, 12, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, A4, 12, 00, 03, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, CC, CC, CC, CC... 
[+]

Entropy:

6.6576

Packer / compiler:

Xtreme-Protector v1.05

Code size:

936 KB (958,464 bytes)

Remove DBGHELP.DLL - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.