» helper.dll
Overview
Analysis
File Details

helper.dll

Small Island Development

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module helper.dll by Small Island Development has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.

File name:

helper.dll

Publisher:

Small Island Development (signed and verified)

MD5:

e3d89fb51098d279ddb51608f4e7a1f2

SHA-1:

17665b19a6d15ee38891793a0d2462dff64a1e1f

SHA-256:

3844c0169ae1b2c0a1b374c7102b74a834dd13f17f1641263d9842d27d32b820

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

5/21/2024 12:59:45 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt (M)

16.12.6.5

File size:

1.3 MB (1,382,776 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\helper.dll

Digital Signature

Signed by:

Small Island Development

Authority:

VeriSign, Inc.

Valid from:

2/6/2014 5:30:00 AM

Valid to:

2/7/2015 5:29:59 AM

Subject:

CN=Small Island Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Small Island Development, L=St. James, S=St. James, C=BB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

31A84249503E31798E91715167A83481

File PE Metadata

Compilation timestamp:

12/18/2014 7:05:03 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:dW3umoWR3vHQdjdM1nCJJXWALcD7IjK0+4m1MycOpj8rFlkQEsJI4BjX62K5:dWSWR/HwjdM1nCJJXmMh+NMCpAZlkQEn

Entry address:

0xE09D4

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 10, DF, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 60, C7, 12, 10, E8, 6D, 6A, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 98, E0, 13, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 2C, 14, 11, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.5854

Developed / compiled with:

Microsoft Visual C++

Code size:

1.1 MB (1,104,384 bytes)

Remove helper.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.